lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <19586294.120941156968240392.JavaMail.juha-matti.laurio@netti.fi>
Date: Wed, 30 Aug 2006 23:03:59 +0300 (EEST)
From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi>
To: H D Moore <fdlist@...italoffense.net>, full-disclosure@...ts.grok.org.uk
Cc: 
Subject: Re: NT4 worm

My point was to clarify if these reports are especially related to NT4 machines and the reply states they are.
I.e. when word 'NT4' was used in the title I made a conclusion that there was observations about infected NT4 machines.
Absolutely the exploit will work on W2K boxes.

BTW: Can someone confirm that Netapi32.dll (vulnerable component of MS06-040) is part of fully patched NT4.0 installation.
Thanks.

- Juha-Matti

H D Moore <fdlist@...italoffense.net> wrote: 
> 
> The exploit for NT 4.0 is *exactly* the same packet as the one you would 
> also use on Windows 2000. I am suprised that this is considered a "NT 4" 
> worm and not a "Windows 2000 (+NT 4.0)" worm. Is something specific about 
> the exploit they use that prevents it from working on Windows 2000?
> 
> -HD
> 
> On Wednesday 30 August 2006 10:11, Juha-Matti Laurio wrote:
> > Are the machines you have experience especially NT4.0 machines?
> > It appears that one of the PoC's (public on Monday 28th Aug) lists the
> > following information: "Systems Affected:
> > *  Microsoft Windows 2000 SP0-SP4
> > *  Microsoft Windows XP SP0-SP1
> > *  Microsoft Windows NT 4.0"
> >
> > but reportedly it is tested against XPSP1 and W2KSP4 systems.
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ