lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <431931B1.3030000@immunitysec.com>
Date: Sat Sep  3 06:16:38 2005
From: dave at immunitysec.com (Dave Aitel)
Subject: LSADump2 Crashing Windows

This is a bug in lsadump2 - there's a type mismatch in one of the 
functions, although I forget which one. Something is a pointer which 
shouldn't be, or vice versa. Once you fix that, it'll be good to go.

-dave



John McGuire wrote:

> I have also had this happen to me, but have not had any luck in 
> narrowing down the exact culprit. As you stated, it does not appear to 
> just be tied to MS patches. I have a series of virtual machines 
> running at various patch levels, and none of them will crash. Running 
> it on my fully patched laptop, however, will crash every time. If you 
> happen to find the answer off this list, please post it. I?d love to 
> know more about it. Thanks
>
> John
>
> -----Original Message-----
> *From:* full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] *On Behalf Of *oh face
> *Sent:* Friday, September 02, 2005 11:42 AM
> *To:* full-disclosure@...ts.grok.org.uk
> *Subject:* [Full-disclosure] LSADump2 Crashing Windows
>
> In my recent experience, LSADump2 has been crashing Windows boxes. I 
> was able to verify this on fully patched Windows XP and 2003. In 
> further examination, LSADump2, when executed, killed the "lsass" 
> process, and with the "winlogon" process still running, the system was 
> forced to reboot. As far as I know, LSADump2 is utilizing a DLL 
> injection technique to dump the contents of LSA secrets.
>
> Question:
> 1. Has anyone had this experience? If so, is there a safe method to 
> execute this tool?
> 2. When I tested LSADump2 on various Windows boxes, not all fully 
> patched boxes were affected by this issue. What configuration of 
> Windows is exactly causing "lsass" to fail?
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ