<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: NT TS / Win 2K and F7 - Enter bug

NT TS / Win 2K and F7 - Enter bug

From: <liamh_at_spook.thevenue.org>
Date: Tue, 31 Jul 2001 22:44:10 -0700 (PDT)

I've got this working, albeheit differently on Win NT/Terminal Server, and
2K Terminal server. Here's an interesting little obfuscation exploit that
works:

1) Log on to TS
2) run cmd.exe
3) do the F7 - Enter exploit

This hangs the cmd.exe window, and this task cannot be ended normally.

Now:

4) Log on as an administrator
5) Bring up Terminal Server Administration
6) Log off the user above

The user's will disappear from the list.

However, the user will still be logged on!
Not only that, but the user can continue to excecute commands (except
cmd.exe) for about 1/2 hour (didn't time it, so I'm not 100% sure).

Also note, Terminal Server Administration may hang in this state when you
try to do a user list.

Cheers,
Liam
Received on Aug 01 2001

This message: [ Message body ]
Next message: Josh Smith: "Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate"
Previous message: Cisco Systems Product Security Incident Response Team: "UPDATED: Cisco Security Advisory: "Code Red" Worm - Customer Impact"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]