Re: Net:telnet exploit

From: Dave Aitel (dave@immunitysec.com)
Date: 03/24/03

Next message: marcog@nettaxi.com: "WebApplication assessment issue"

Previous message: Alfred Huger: "Post break-in forensics"
In reply to: Gary O'leary-Steele: "Net:telnet exploit"
Next in thread: Gerardo Richarte: "Re: Net:telnet exploit"
Reply: Gerardo Richarte: "Re: Net:telnet exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 24 Mar 2003 11:36:37 -0500
From: Dave Aitel <dave@immunitysec.com>
To: "Gary O'leary-Steele" <garyo@sec-1.com>

If you read the telnet protocol's RFC you might see where they mention
how FF is a control character of some sort, or something. So to send one
\xFF you need to escape it with another \xFF, which is being
automatically done for you.

Try sending your requests raw rather than through a telnet protocol
handler.

Dave Aitel
Recruitment and Training
Immunity, Inc.
http://www.immunitysec.com/CANVAS/ "Hack like you were in the movies."

On Sun, 23 Mar 2003 11:36:34 -0000
"Gary O'leary-Steele" <garyo@sec-1.com> wrote:

> Hello all,
>
> I am coding an exploit using perl. The exploit needs to send each byte
> individually instead of a large string to get round some trivial
> bounds checking.
>
> use Net::Telnet ();
> $t->open(Host=> $host,
> Port => $port,
> Errmode => $mode,
> Timeout => $secs,);
> $t ->put("\xFF");
>
>
>
> However when I send \xFF bytes they get doubled up.
>
> Any ideas?
>
> Regards,
> Gary
>
>
> ---------------------------------------------------------------------
> ------- Did you know that you have VNC running on your network?
> Your hacker does. Plug your security holes now!
> Download a free 15-day trial of VAM:
> http://www2.stillsecure.com/download/sf_vuln_list.html
>
>

top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1

Next message: marcog@nettaxi.com: "WebApplication assessment issue"

Previous message: Alfred Huger: "Post break-in forensics"
In reply to: Gary O'leary-Steele: "Net:telnet exploit"
Next in thread: Gerardo Richarte: "Re: Net:telnet exploit"
Reply: Gerardo Richarte: "Re: Net:telnet exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: "Senden als" fuer Spam und Ham Mails mit Original Absender
... Um diese Lernfunktion zu trainieren ... >> muss man Spam, der noch durchgelassen wird, an z. ... >> spam@company.com schicken und alle Mails in dieser Mailbox werden ... ich geb dann allen Kollegen einen Crash Kurs in dem ich Ihnen telnet ...
(microsoft.public.de.german.exchange2000.general)
Re: RDNS
... option in Exchange doesn't prevent unsolicited e-mail messages. ... How to Stop Spam Mail Messages from Using IMS Relay Agent ... 267856 SMTP Relaying Restrictions in Conjunction with the Microsoft Exchange ... For more information about how to use telnet, ...
(microsoft.public.exchange2000.admin)
Re: Is wzcsvc a driver or a service?
... Sort of, you can load HTTPD and TELNET by device.exe too if you wanted to. ... That's why I said it's mostly an academic question. ...
(microsoft.public.windowsce.platbuilder)
Re: client/server socket problem(server core dumping)
... David Schwartz wrote: ... testing with telnet will always send a line ending ... is a real fount of knowledge(and spam, ... Your protocol appears to contain something called a "message". ...
(comp.unix.programmer)
Re: Network connection
... Proxy or nameserver settings of some sort? ... > servers on Wikipedia and reverted some vandalism there. ... Now telnet www.yahoo.co.uk 80 ...
(uk.comp.os.linux)