Failed logouts in Windows NT and '95
Description: | Some people "logout" of their NT boxes and leave, but NT sometimes fails due to hung processes and give the option to abort the logout. |
Author: | Peter da Silva <peter@BAILEYNM.COM> |
Compromise: | Take over someone's local console login |
Vulnerable Systems: | Windows NT 3.51, 4.0 and I believe Win95 is vulnerable |
Date: | 3 May 1997 |
Notes: | Not too big of a deal, but it should still be fixed |
Date: Sat, 3 May 1997 09:51:29 -0500
From: Peter da Silva <peter@BAILEYNM.COM>
Peter da Silva <peter@BAILEYNM.COM>
To: NTBUGTRAQ@RC.ON.CA
Subject: NT user interface shortcoming.
I don't know whether you would call this a bug or not, but it's a security
problem.
In the course of my duties as wannabe NT expert and UNIX guru, I frequently
come across people who have logged off their NT workstation and left their
desks before they had finished logging off. In the upper left corner of the
screen is the familiar message that some task had hung and wasn't exiting,
and would I like to kill the task or abort the logout. All very nice and
polite, and a really convenient way for someone wandering by to get access
to the workstation without all that inconvenient playing about swapping disks
and other things likely to attract unwanted attention.
Is there any way to force NT to just blow everything away regardless?
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: