Shutting down windows NT remotely (without winnt toolkit)?

From: Lincoln Yeoh (lyeoh@pop.jaring.my)
Date: 11/05/01


Message-Id: <3.0.5.32.20011105104251.00974100@192.228.128.13>
Date: Mon, 05 Nov 2001 10:42:51 +0800
To: "Robert Freeman" <freem100@chapman.edu>, <foob@return0.net>, <supergate@twlc.net>
From: Lincoln Yeoh <lyeoh@pop.jaring.my>
Subject: Shutting down windows NT remotely (without winnt toolkit)?

A reboot isn't helpful coz the machines come back up and start scanning the
whole internet again. And the clueless admins probably won't even notice.

A proper no data loss shutdown without having to upload a program is
preferable. I tried shutting down NT 4.0 using cmd.exe, rundll32.exe and
user32.dll stuff and no luck so far :(.

With a shutdown the admins should notice and eventually fix things. If they
don't then the server probably wasn't doing anything useful (just scanning
the internet :) ) so it might as well be shut down :).

Any ideas welcome.

Cheerio,
Link.

At 03:57 AM 04-11-2000 -0800, Robert Freeman wrote:
>>From my experience, without an active monitoring agent, any process may
>request a legal system reboot. A more efficient method would be to use
>malicious code to reboot, blue screen, or black screen (yes, black screen!).
>I haven't continued virii-esque development past NT4 SP6, but I imagine the
>techniques would still work as well as pass right through any monitoring
>agent. I have a lot of free time these days so I might see what I can cook
>up for 2000/XP.
>
>regards.
>
>----- Original Message -----
>From: "Lincoln Yeoh" <lyeoh@pop.jaring.my>
>To: <foob@return0.net>; <supergate@twlc.net>
>Cc: <vuln-dev@securityfocus.com>
>Sent: Friday, November 02, 2001 6:35 PM
>Subject: Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory:
>possible overflow in ms ftp client)
>
>
>
>> Is it possible to use it shutdown those Code Red/Nimda NT servers
>remotely?
>> Does IIS by default have enough permissions to shutdown the whole computer
>> or must it do some set privilege thing?
>>
>> Cheerio,
>> Link.



Relevant Pages

  • Re: System A.M. shut downs
    ... I opened a weather program which records data every 5 minutes to see ... NOD32 was loaded on the C ... when I had to reboot. ... If I shutdown my system gracefully, I do get things in the Event Log ...
    (microsoft.public.windowsxp.general)
  • Re: Explorer 6 Update KB942615
    ... into Internet Explorer, Tool, Internet Options, Advanced and take the ... second reboot Norton was updating so when it was finished I cleaned the cache ... support calls that are associated with security updates. ... third-party firewall AND enable the Windows Firewall. ...
    (microsoft.public.windowsxp.general)
  • Re: [patch] halt/reboot/shutdown cleanup
    ... shutdown so users get a clear message of the event. ... halt and reboot are low level interfaces. ... people coming over from Linux is on my RADAR. ...
    (freebsd-arch)
  • Re: Help needed with a js command
    ... The original script allowed to shutdown any computer in the ... computer, and I just need to reboot one computer, anyway. ... Const EWX_SHUTDOWN = 1 ...
    (microsoft.public.scripting.jscript)
  • Re: Danger in Purging Documents and SettingsLocal SettingsTemp ?
    ... you can delete files in TEMP folders. ... Also if you just installed software you should reboot. ... %userprofile%\Local Settings\Temporary Internet Files ... scroll down to the bottom | check: Empty Temporary Internet Files folder ...
    (microsoft.public.windowsxp.configuration_manage)