LSADump2 Crashing Systems

From: oh face (0h.fac3_at_gmail.com)
Date: 09/02/05

  • Next message: Jayson Anderson: "RE: Hacking to Xp box" 
    Date: Fri, 2 Sep 2005 17:31:09 -0400
To: pen-test@securityfocus.com, focus-ms@securityfocus.com

    In my recent pen-test experience, LSADump2 has been crashing Windows
    boxes. I was able to verify this on fully patched Windows XP and 2003.
    In further examination, LSADump2, when executed, killed the "lsass"
    process, and with the "winlogon" process still running, the system was
    forced to reboot. As far as I know, LSADump2 is utilizing a DLL
    injection technique to dump the contents of LSA secrets.

    Question:
    1. Has anyone had this experience? If so, is there a safe method to
    execute this tool?
    2. When I tested LSADump2 on various Windows boxes, not all fully
    patched boxes were affected by this issue. What configuration of
    Windows is exactly causing "lsass" to fail?

    Cheers.

    ------------------------------------------------------------------------------
    Audit your website security with Acunetix Web Vulnerability Scanner:

    Hackers are concentrating their efforts on attacking applications on your
    website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
    futile against web application hacking. Check your website for vulnerabilities
    to SQL injection, Cross site scripting and other web attacks before hackers do!
    Download Trial at:

    http://www.securityfocus.com/sponsor/pen-test_050831
    -------------------------------------------------------------------------------

  • Next message: Jayson Anderson: "RE: Hacking to Xp box"

    Relevant Pages

    • RE: Sinking combobox events for multiple documents
      ... I have couple of buttons and combos on my toolbar. ... > the rest of the windows got updated. ... >> I created an ATL COM addin for Microsoft Word. ... I create the combo boxes with the application first start and I ...
      (microsoft.public.office.developer.com.add_ins)
    • Re: Delayed Startup
      ... select the Hide All Microsoft Services check ... After Windows starts, determine whether the symptoms still occur. ... Note Look closely at the General tab to make sure that the check boxes ... clear the Load System Services check box on the General tab. ...
      (microsoft.public.windowsxp.general)
    • RE: [Full-disclosure] LSADump2 Crashing Windows
      ... LSADump2 has been crashing Windows boxes. ... causing "lsass" to fail? ...
      (Full-Disclosure)
    • Re: fedora as a gateway / server
      ... boxes and one Linux box. ... I would like to change this to have a Linux box ... Is Samba still what I should use to store Windows files? ... The SMEserver disro can do this too, all configured with a simple web interface, and on the same or a different box than the internet gateway although the canned appliance-like configs can make it difficult to add things it doesn't include. ...
      (Fedora)
    • Re: It is almost certain now, INTEL will have 64bit x86 !!
      ... For 32-bit Windows boxes it is a problem. ... Since Sun has sold very few Opteron boxes, to date, can I assume that ... the positive quarters and $4.58B in losses in the negative quarters ...
      (comp.os.vms)