Vulnerability Development mailing list archives
RE: Shutting down windows NT remotely (without winnt toolkit)?
From: "Evans, TJ" <tjevans () kpmg com>
Date: Fri, 9 Nov 2001 21:32:42 -0500
In the autoexec.nt, maybe? Also ... sysinternals.com ... you can run psshutdown on your machine and *possibly* shutdown the remote box ... a la: Psshutdown -t 50 -m "YOUR SERVER IS INFECTED, CLEAN IT!" -f \\InfectedServersIP ... <no -r should do a shutdown, with a -r it is a restart ... > Thanks! TJ -----Original Message----- From: Marshal [mailto:marshal () marshal-soft com] Sent: Friday, November 09, 2001 8:08 AM To: Lincoln Yeoh Cc: Robert Freeman; foob () return0 net; supergate () twlc net; vuln-dev () securityfocus com Subject: Re: Shutting down windows NT remotely (without winnt toolkit)? Lincoln Yeoh wrote:
At 12:06 AM 05-11-2000 -0800, Robert Freeman wrote:A reboot is helpful unless the NT box is not password protected or has an agent to automatically enter the password upon startup. Until an admin
shows
up the box is basically useless.AFAIK the services still start after a reboot. So the trojaned box still scans the whole internet.
I don't for NT but a 'echo your box has a trojan' 'pause' in autoexec.bat would do the trick on a windows 95/98 machine..probably something similair is possible on NT? -- grt, marshal [ url : http://www.startplaza.nu | security news & links ] [ url : http://www.heknet.com | security news & exploits ] ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. *****************************************************************************
Current thread:
- RE: Shutting down windows NT remotely (without winnt toolkit)? Evans, TJ (Nov 09)