Re: [Full-disclosure] LSADump2 Crashing Windows
From: Dave Aitel (dave_at_immunitysec.com)
Date: Sat, 03 Sep 2005 01:16:33 -0400 To: John McGuire <firstname.lastname@example.org>
This is a bug in lsadump2 - there's a type mismatch in one of the
functions, although I forget which one. Something is a pointer which
shouldn't be, or vice versa. Once you fix that, it'll be good to go.
John McGuire wrote:
> I have also had this happen to me, but have not had any luck in
> narrowing down the exact culprit. As you stated, it does not appear to
> just be tied to MS patches. I have a series of virtual machines
> running at various patch levels, and none of them will crash. Running
> it on my fully patched laptop, however, will crash every time. If you
> happen to find the answer off this list, please post it. I’d love to
> know more about it. Thanks
> -----Original Message-----
> *From:* email@example.com
> [mailto:firstname.lastname@example.org] *On Behalf Of *oh face
> *Sent:* Friday, September 02, 2005 11:42 AM
> *To:* email@example.com
> *Subject:* [Full-disclosure] LSADump2 Crashing Windows
> In my recent experience, LSADump2 has been crashing Windows boxes. I
> was able to verify this on fully patched Windows XP and 2003. In
> further examination, LSADump2, when executed, killed the "lsass"
> process, and with the "winlogon" process still running, the system was
> forced to reboot. As far as I know, LSADump2 is utilizing a DLL
> injection technique to dump the contents of LSA secrets.
> 1. Has anyone had this experience? If so, is there a safe method to
> execute this tool?
> 2. When I tested LSADump2 on various Windows boxes, not all fully
> patched boxes were affected by this issue. What configuration of
> Windows is exactly causing "lsass" to fail?
>Full-Disclosure - We believe in it.
>Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/