Vulnerability Development: Shutting down windows NT remotely (without winnt toolkit)?

[Lincoln Yeoh <lyeoh () pop jaring my>]

A reboot isn't helpful coz the machines come back up and start scanning the
whole internet again. And the clueless admins probably won't even notice.

A proper no data loss shutdown without having to upload a program is
preferable. I tried shutting down NT 4.0 using cmd.exe, rundll32.exe and
user32.dll stuff and no luck so far :(. 

With a shutdown the admins should notice and eventually fix things. If they
don't then the server probably wasn't doing anything useful (just scanning
the internet :) ) so it might as well be shut down :).

Any ideas welcome.

Cheerio,
Link.

At 03:57 AM 04-11-2000 -0800, Robert Freeman wrote:
> > From my experience, without an active monitoring agent, any process may
> request a legal system reboot. A more efficient method would be to use
> malicious code to reboot, blue screen, or black screen (yes, black screen!).
> I haven't continued virii-esque development past NT4 SP6, but I imagine the
> techniques would still work as well as pass right through any monitoring
> agent. I have a lot of free time these days so I might see what I can cook
> up for 2000/XP.
>
> regards.
>
> ----- Original Message -----
> From: "Lincoln Yeoh" <lyeoh () pop jaring my>
> To: <foob () return0 net>; <supergate () twlc net>
> Cc: <vuln-dev () securityfocus com>
> Sent: Friday, November 02, 2001 6:35 PM
> Subject: Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory:
> possible overflow in ms ftp client)
>
>
>
> > Is it possible to use it shutdown those Code Red/Nimda NT servers
> remotely?
> > Does IIS by default have enough permissions to shutdown the whole computer
> > or must it do some set privilege thing?
> >
> > Cheerio,
> > Link.