From owner-freebsd-hackers Wed Feb 28 12:34:15 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id MAA09332 for hackers-outgoing; Wed, 28 Feb 1996 12:34:15 -0800 (PST) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id MAA09323 for ; Wed, 28 Feb 1996 12:34:10 -0800 (PST) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id NAA08769; Wed, 28 Feb 1996 13:27:08 -0700 From: Terry Lambert Message-Id: <199602282027.NAA08769@phaeton.artisoft.com> Subject: Re: Silent reboot To: marc@bowtie.nl (Marc van Kempen) Date: Wed, 28 Feb 1996 13:27:08 -0700 (MST) Cc: hackers@FreeBSD.ORG In-Reply-To: <199602281906.UAA02101@nietzsche.bowtie.nl> from "Marc van Kempen" at Feb 28, 96 08:06:29 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.ORG Precedence: bulk > I just had my first silent reboot of my 2.1 system, one moment I > was printing, the other I was staring at my bootmessages. My > friend at the other side of the desk (running Windows NT) was > laughing his ass off. Does anyone know a simple way how to > crash a windows nt 3.51 server ? :-) There is a logout/login race you can exploit by running a CPU intensive background process before logging out so that you can get priveledges you shouldn't have on the way back in. I forget the exact details; someone posted a program to one of the security groups. Alternately, run a console mode app that includes ifsmgr.inc from the DDK and make an int 20 VXD call gate trap to one of the IFS functions and watch it die (this will kill Win95 as well). Silly, isn't it? Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.