Re: [Full-Disclosure] Win32 Cisco Exploit

olafandjasper_at_hushmail.com
Date: 07/24/03

  • Next message: Jennifer Bradley: "Re: Re: [Full-Disclosure] morning_wood should stop posting xss"
    To: full-disclosure@lists.netsys.com, joel@helgeson.com
    Date: Thu, 24 Jul 2003 10:28:01 -0700
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Try changing TTL, we used a value of 0 and it kill Cisco.

    On Thu, 24 Jul 2003 09:43:39 -0700 "Joel R. Helgeson" <joel@helgeson.com>
    wrote:
    >I just tested it against one of my test cisco routers.
    >nuthin happened.
    >
    >"Give a man fire, and he'll be warm for a day; set a man on fire,
    > and he'll
    >be warm for the rest of his life."
    >----- Original Message -----
    >From: "amilabs" <amilabs@optonline.net>
    >To: "'amilabs'" <amilabs@optonline.net>; <koec@hush.com>;
    ><full-disclosure@lists.netsys.com>
    >Sent: Thursday, July 24, 2003 9:36 AM
    >Subject: RE: [Full-Disclosure] Win32 Cisco Exploit
    >
    >
    >> I meant to say it does NOT generate the correct type of packets
    >below in
    >> the last email I sent
    >>
    >> -----Original Message-----
    >> From: full-disclosure-admin@lists.netsys.com
    >> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of amilabs
    >> Sent: Thursday, July 24, 2003 9:57 AM
    >> To: koec@hush.com; full-disclosure@lists.netsys.com
    >> Subject: RE: [Full-Disclosure] Win32 Cisco Exploit
    >>
    >>
    >> According to protocol trace file analysis it does generate the
    >correct
    >> types of packets to cause the exploit. Both the gui and the cmd
    >line
    >> send the packets out with ttl 128 and with 0 as the next protocol
    >in the
    >> IP header. This is what the app spits out. I did not test against
    >a
    >> router just took a quick peek with a protocol analyzer and it
    >does not
    >> look like it will work based on the packet trace. Can someone
    >tell me
    >> otherwise?
    >>
    >> ------------ ETHER Header ------------
    >> Destination: 00-03-A3-43-78-6B
    >> Source: This Network Analyzer (00-04-55-2D-F8-A7)
    >> Protocol: IP
    >> FCS: E67BCBFA
    >>
    >> ------------ IP Header ------------
    >> Version = 4
    >> Header length = 20
    >> Differentiated Services (DS) Field = 0x00
    >> 0000 00.. DS Codepoint = Default PHB (0)
    >> .... ..00 Unused
    >> Packet length = 40
    >> Id = 1ed4
    >> Fragmentation Info = 0x0000
    >> .0.. .... .... .... Don't Fragment Bit = FALSE
    >> ..0. .... .... .... More Fragments Bit = FALSE
    >> ...0 0000 0000 0000 Fragment offset = 0
    >> Time to live = 128
    >> Protocol = 0 (0)
    >> Header checksum = 04EB (Verified 04EB)
    >> Source address = 10.1.1.28
    >> Destination address = 10.1.1.250
    >> 20 bytes of data
    >>
    >> Record #22 (From Node To Hub) Captured on 7/24/2003 at
    >> 09:50:56.437327771 Length = 64
    >>
    >> Frame Data: (Length = 64)
    >> 0: 00 08 A3 4D 78 6B 00 02 55 5D F8 A7 08 00 45 00 ...Mxk..
    >> U]....E.
    >> 16: 00 28 1E D4 00 00 80 00 04 EB 0A 01 01 1C 0A 01 .(......
    >> ........
    >> 32: 01 FA 45 10 00 14 2E 31 40 00 00 37 C1 76 7F 00 ..E....1
    >> @..7.v..
    >> 48: 00 01 0A 01 01 FA 00 00 00 00 00 00 E6 7B CB FA ........
    >> .....{..
    >>
    >> -----Original Message-----
    >> From: full-disclosure-admin@lists.netsys.com
    >> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
    >> koec@hush.com
    >> Sent: Wednesday, July 23, 2003 5:18 PM
    >> To: full-disclosure@lists.netsys.com
    >> Subject: [Full-Disclosure] Win32 Cisco Exploit
    >>
    >>
    >> Attached is a win32 version of the Cisco Exploit with a nice GUI.
    >>
    >>
    >> _______________________________________________
    >> Full-Disclosure - We believe in it.
    >> Charter: http://lists.netsys.com/full-disclosure-charter.html
    >>
    >> _______________________________________________
    >> Full-Disclosure - We believe in it.
    >> Charter: http://lists.netsys.com/full-disclosure-charter.html
    >>
    >>
    >
    >_______________________________________________
    >Full-Disclosure - We believe in it.
    >Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >
    -----BEGIN PGP SIGNATURE-----
    Note: This signature can be verified at https://www.hushtools.com/verify
    Version: Hush 2.3

    wkYEARECAAYFAj8gFxcACgkQsJfNyoeLaF7VEgCfZNrQEjfJZ5yub1ouPEou0k47/4EA
    nilCXsIOvTBSe6RNNu3IvG3tk+RT
    =dFRS
    -----END PGP SIGNATURE-----

    Concerned about your privacy? Follow this link to get
    FREE encrypted email: https://www.hushmail.com/?l=2

    Free, ultra-private instant messaging with Hush Messenger
    https://www.hushmail.com/services.php?subloc=messenger&l=434

    Promote security and make money with the Hushmail Affiliate Program:
    https://www.hushmail.com/about.php?subloc=affiliate&l=427
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Jennifer Bradley: "Re: Re: [Full-Disclosure] morning_wood should stop posting xss"

    Relevant Pages