This is a bug in lsadump2 - there's a type mismatch in one of the
functions, although I forget which one. Something is a pointer which
shouldn't be, or vice versa. Once you fix that, it'll be good to go.
-dave
John McGuire wrote:
I have also had this happen to me, but have not had any luck in
narrowing down the exact culprit. As you stated, it does not appear to
just be tied to MS patches. I have a series of virtual machines
running at various patch levels, and none of them will crash. Running
it on my fully patched laptop, however, will crash every time. If you
happen to find the answer off this list, please post it. I’d love to
know more about it. Thanks
John
-----Original Message-----
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *oh face
*Sent:* Friday, September 02, 2005 11:42 AM
*To:* [email protected]
*Subject:* [Full-disclosure] LSADump2 Crashing Windows
In my recent experience, LSADump2 has been crashing Windows boxes. I
was able to verify this on fully patched Windows XP and 2003. In
further examination, LSADump2, when executed, killed the "lsass"
process, and with the "winlogon" process still running, the system was
forced to reboot. As far as I know, LSADump2 is utilizing a DLL
injection technique to dump the contents of LSA secrets.
Question:
1. Has anyone had this experience? If so, is there a safe method to
execute this tool?
2. When I tested LSADump2 on various Windows boxes, not all fully
patched boxes were affected by this issue. What configuration of
Windows is exactly causing "lsass" to fail?
------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
