This is really cool.

I just tried it on my IE and DOS prompt and its working perfectly. Need to explore more on the available tools.

If you are not sure of the tools and want to have a list, open your internet explorer and type in


You get the list of EXE's and the associated files (including help files)

This is really gonna bring in new dimensions to our thoughts on hacks.

This is indeed a fascinating feature.  And, while I applaud Microsoft's desire to "test an alternate distribution mechanism for our utilities," I'm very concerned about the security issues this opens up.

First off, by typing \\[machine]\[share] at a cmd.exe, you are causing your machine to make an SMB session with Microsoft, across the Internet.  Theoretically, Microsoft thus could capture the challenge/response interaction (LM Challenge/Response, NTLMv1, or NTLMv2, depending on how you are configured), and crack your passwords, a la the Cain tool.  However, you might think that's not a big deal, because, well, Microsoft already owns you, since the first time you installed Windows 3.1.

But the issue goes beyond that.  In essence, Microsoft, in distributing tools this way, is teaching people that doing LM C/R, NTLMv1, or NTLMv2 exchanges with people across the Internet is ok.  Even if users don't think of it in those terms, this action by Microsoft will lull people into complacency regarding such interactions. 

Furthermore, someone on the network between the machine running the commands and Microsoft could intercept the traffic and crack the credentials.  Or, bad guys could merely observe the traffic to determine who allows outbound SMB access from a target environment (it's a good idea to block such outbound traffic on TCP ports 135-139 and 445). Such leaked info is very useful for bad guys.  And, what's to say that Microsoft itself won't be compromised, with attackers capturing and cracking the challenge/response.  And, finally, with DNS cache poisoning, the bad guy could become  live.sysinternals.com, at least as far as your network is concerned.  Thus, you'd be sending credentials to the evil cache-poisoning dude, and then running executables he sends back to you.

Neat idea... terrifying security ramifications.  IMHO.

--Ed Skoudis.

Nice... I'll have to check that out. I like a number of the sysintneral tools.  Running them remotely via a web connection might be nifty..

Nifty enough to get you canned?  Eh?

I don't know if it will keep us any busier persay.  It allows you to run things without having to install anything on a box, which is useful.  Granted, a hacker could do that... but they're more likely going to be wanting to actually install something anyway.  Mabey nmap for more host discovery, nessus, and some exploit packages.   I like the tools since it will make it so I don't have to have the sysinternal progs on a thumbdrive.  I'll just use the web.