Full Disclosure mailing list archives

Re: NT4 worm

From: H D Moore <fdlist () digitaloffense net>
Date: Wed, 30 Aug 2006 14:29:57 -0500

The exploit for NT 4.0 is *exactly* the same packet as the one you would 
also use on Windows 2000. I am suprised that this is considered a "NT 4" 
worm and not a "Windows 2000 (+NT 4.0)" worm. Is something specific about 
the exploit they use that prevents it from working on Windows 2000?

-HD

On Wednesday 30 August 2006 10:11, Juha-Matti Laurio wrote:

Are the machines you have experience especially NT4.0 machines?
It appears that one of the PoC's (public on Monday 28th Aug) lists the
following information: "Systems Affected:
*  Microsoft Windows 2000 SP0-SP4
*  Microsoft Windows XP SP0-SP1
*  Microsoft Windows NT 4.0"

but reportedly it is tested against XPSP1 and W2KSP4 systems.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: NT4 worm Juha-Matti Laurio (Aug 30)
- RE: NT4 worm Geo. (Aug 30)
- Re: NT4 worm H D Moore (Aug 30)
- <Possible follow-ups>
- Re: NT4 worm Juha-Matti Laurio (Aug 30)
- Re: NT4 worm Juha-Matti Laurio (Aug 30)
- Re: NT4 worm Juha-Matti Laurio (Aug 31)