RE: [Full-disclosure] LSADump2 Crashing Windows

From: John McGuire (jmcguire81_at_cox.net)
Date: 09/03/05

  • Next message: Dave Aitel: "Re: [Full-disclosure] LSADump2 Crashing Windows"
    To: <full-disclosure@lists.grok.org.uk>
    Date: Fri, 2 Sep 2005 21:29:39 -0700
    
    
    

    I have also had this happen to me, but have not had any luck in narrowing
    down the exact culprit. As you stated, it does not appear to just be tied to
    MS patches. I have a series of virtual machines running at various patch
    levels, and none of them will crash. Running it on my fully patched laptop,
    however, will crash every time. If you happen to find the answer off this
    list, please post it. I'd love to know more about it. Thanks

     

    John

     

     

    -----Original Message-----
    From: full-disclosure-bounces@lists.grok.org.uk
    [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of oh face
    Sent: Friday, September 02, 2005 11:42 AM
    To: full-disclosure@lists.grok.org.uk
    Subject: [Full-disclosure] LSADump2 Crashing Windows

     

    In my recent experience, LSADump2 has been crashing Windows boxes. I was
    able to verify this on fully patched Windows XP and 2003. In further
    examination, LSADump2, when executed, killed the "lsass" process, and with
    the "winlogon" process still running, the system was forced to reboot. As
    far as I know, LSADump2 is utilizing a DLL injection technique to dump the
    contents of LSA secrets.

    Question:
    1. Has anyone had this experience? If so, is there a safe method to execute
    this tool?
    2. When I tested LSADump2 on various Windows boxes, not all fully patched
    boxes were affected by this issue. What configuration of Windows is exactly
    causing "lsass" to fail?

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Dave Aitel: "Re: [Full-disclosure] LSADump2 Crashing Windows"

    Relevant Pages

    • [Full-disclosure] LSADump2 Crashing Windows
      ... LSADump2 has been crashing Windows boxes. ... is there a safe method to execute ... causing "lsass" to fail? ...
      (Full-Disclosure)
    • LSADump2 Crashing Systems
      ... LSADump2 has been crashing Windows ... I was able to verify this on fully patched Windows XP and 2003. ... When I tested LSADump2 on various Windows boxes, ...
      (Pen-Test)
    • lsadump2 alternative?
      ... ('binary' encoding is not supported, ... Anyone know of an alternative to lsadump2 that works on windows 2003 and windows XP SP2? ...
      (Pen-Test)
    • Re: OpenVMS - When downtime is not an option
      ... Because it takes a lot of windows boxes to ... But you CIO doesn't care because he can buy 2 Windows boxes for the ... So if you need three VMS boxes to have a VMScluster that keeps quorum ... in this group dancing in the street show Windows systems recovering ...
      (comp.os.vms)
    • Re: Why Intel macs will lose the education market.
      ... You can set the Windows boxes up so they are locked down so tight>>> that nothing affects them. ... > Didn't do any good, because local policies don't allow you to do> anything until you log in, and you can't log in unless you are connected> to the server. ... > -- email to oshea dot j dot j at gmail dot com.. ...
      (comp.sys.mac.system)