Just an interesting story, I once had a Ricoh copier that I was trying to setup to send scanned documents to a share... The way the share was specified was a machine name, share name, and folder name (folder within the share). If I remember correctly, if you put a full sharename\folder address in the share section (minus the \\machine part) instead of just the share name, it would reboot the workstation. I know it wasn't just a blue screen, as I had auto-reboot turned off and would have seen it when I got back to the workstation.. nothing in the event logs either, just POOF and it reboots.
I was in a hurry and eventually figured out my error and got it working properly, but never actually investigated as to how it rebooted the workstation.... -cb -----Original Message----- From: Peter van Houten [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2008 2:36 PM To: NT System Admin Issues Subject: Re: Remote server won't allow management OK, so nmap against ports 1433 and 1434 and then grab your metasploit or head over here: http://tinyurl.com/rcah3 Alternatively, give the list the box's ip address and an offer of $(datacentre_charge_per_hour-1) for the 1st successful reboot ;-) On the 13/03/2008 20:59, David W. McSpadden wrote the following: > Yeah I know. > It's actually a honeypot when it is up. > Haven't had any real biters though. > > ----- Original Message ----- From: "Salvador Manzo" <[EMAIL PROTECTED]> > To: "NT System Admin Issues" <[email protected]> > Sent: Thursday, March 13, 2008 2:48 PM > Subject: Re: Remote server won't allow management > > > Wow. That's an exploit waiting to happen. > > > On 3/13/08 11:43 AM, "David W. McSpadden" <[EMAIL PROTECTED]> wrote: > >> It does has SQL 2000 on it. With a blank SA password....... >> ----- Original Message ----- >> From: "Peter van Houten" <[EMAIL PROTECTED]> >> To: "NT System Admin Issues" <[email protected]> >> Sent: Thursday, March 13, 2008 2:30 PM >> Subject: Re: Remote server won't allow management >> >> >>> Going out on a limb but I know when I'm in this situation, I'll try just >>> about anything to talk to a server I can "see" (bearing in mind the >>> time/cost). What about running nmap against the system to see if >>> port 135 >>> (RPC) or any others are, in fact open? Anyone have a copy of Blaster >>> for >>> David :-) >>> >>> On the 13/03/2008 19:18, David W. McSpadden wrote the following: >>>> All of the ps tools come back unable to connect. >>>> ----- Original Message ----- From: "Peter van Houten" >>>> <[EMAIL PROTECTED]> >>>> To: "NT System Admin Issues" <[email protected]> >>>> Sent: Thursday, March 13, 2008 12:53 PM >>>> Subject: Re: Remote server won't allow management >>>> >>>> >>>>> Thanks to Mark R. once again: >>>>> >>>>> psexec \\computername -i "shutdown -r -t 1" >>>>> >>>>> or if you *really* want to shut down no matter what: >>>>> >>>>> pskill -t \\computername svchost.exe >>>>> >>>>> which will kill most instances of the generic host process and >>>>> consequently restart the machine. But as James pointed out, the >>>>> integrity of the RPC channel must be intact. >>>>> >>>>> I have experienced the frustration of being able to ping a system but >>>>> not being able to communicate in any other way else. This idea >>>>> would be >>>>> useful if one could implement it in Windows: >>>>> >>>>> http://www.securiteam.com/tools/5GP071FG0Q.html >>>>> >>>>> >>>>>> *From:* Rankin, James R [mailto:[EMAIL PROTECTED] *Sent:* 13 >>>>>> March >>>>>> 2008 11:38 *To:* NT System Admin Issues *Subject:* RE: Remote server >>>>>> won't allow management >>>>>> >>>>>> If it won¹t take a remote shutdown command (from the ResKit), then it >>>>>> is probably out of reach. Most stuff relies on some form of RPC >>>>>> communication. I sometimes use pskill to kill the winlogon process >>>>>> which generally makes it bluescreen, but this may not work either in >>>>>> diagnostic mode >>>>>> >>>>>> ------------------------------------------------------------------------ >>>>>> >>>>>> >>>>>> >>>>>> *From:* David W. McSpadden [mailto:[EMAIL PROTECTED] *Sent:* 13 March >>>>>> 2008 11:30 *To:* NT System Admin Issues *Subject:* Re: Remote server >>>>>> won't allow management >>>>>> >>>>>> Nope. >>>>>> >>>>>> ----- Original Message ----- >>>>>> >>>>>> *From:* Rankin, James R <mailto:[EMAIL PROTECTED]> *To:* NT >>>>>> System Admin Issues <mailto:[email protected]> >>>>>> *Sent:* Thursday, March 13, 2008 7:29 AM *Subject:* RE: Remote server >>>>>> won't allow management >>>>>> >>>>>> Take it it doesn¹t have a DRAC/RIB/ILO installed? >>>>>> >>>>>> ------------------------------------------------------------------------ >>>>>> >>>>>> >>>>>> >>>>>> *From:* David W. McSpadden [mailto:[EMAIL PROTECTED] *Sent:* 13 March >>>>>> 2008 11:20 *To:* NT System Admin Issues *Subject:* Remote server >>>>>> won't >>>>>> allow management >>>>>> >>>>>> I have a remote server I would like to get into but is was last >>>>>> restarted in Diag mode from MSCONFIG. >>>>>> >>>>>> There is no one at the remote site. Is there a way to get it >>>>>> unstuck? >>>>>> >>>>>> I can ping it but that is all. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
