Alex Wrote--------------> ---> Oooo my... ---> Got around 12 of win32 executable crashes on my Win2K server with all ---> patches... ---> This is much better tool that MS Baseline Security analyzer :-(
Alex I don't know why you would run it on a working server??.....did you want to reboot anyway or something?. It's not exactly pen testing.. So what did you learn? Thanks. Sean. ---> From: "Berend-Jan Wever" <[EMAIL PROTECTED]> ---> To: <[EMAIL PROTECTED]> ---> Sent: Monday, October 04, 2004 11:39 AM ---> Subject: [Full-Disclosure] Test your windows OS ---> ---> ---> > Hi all, ---> > ---> > Wanna do a quick test to see if the programmers that wrote ---> your windows ---> operating system have any clue as to what there doing ? Run ---> these commands ---> from cmd.exe in the system32 directory: ---> > ---> > for %i in (*.exe) do start %i ---> %n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n ---> > for %i in (*.exe) do start %i ---> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.... (type as much "A"-s as ---> cmd.exe allows on one line.) ---> > ---> > Each command will execute every program in your system32 ---> directory, most ---> of them will either ignore the parameter or report an error because the ---> parameter doesn't make sence... But on my win2k system I found ---> 6 programs ---> vulnerable to these very simple formatsting and BoF tests.... ---> grpconv even ---> gives EIP 0x00410041, can it be any easier? ---> > ---> > These are not vulnerabilities in itself: you cannot gain ---> access or elevate ---> priviledges but I just wanted to let you know that these ---> programmers did a ---> sloppy job. ---> > ---> > Cheers, ---> > SkyLined _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
