Re: Net:telnet exploit
From: Gerardo Richarte (core.lists.pentest@corest.com)
Date: 03/26/03
- Previous message: Alfred Huger: "Dogs of Cyberwar"
- In reply to: Dave Aitel: "Re: Net:telnet exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Mar 2003 11:53:43 -0300 From: Gerardo Richarte <core.lists.pentest@corest.com> To: <pen-test@securityfocus.com>
Dave Aitel wrote:
> If you read the telnet protocol's RFC you might see where they mention
> how FF is a control character of some sort, or something. So to send one
> \xFF you need to escape it with another \xFF, which is being
> automatically done for you.
Gary: remember that, for the same reason, if you send a single \xff, you won't
see anything on the other side (unless the bug you are exploiting is before telnet's
protocol decoding). i.e. Suppose you are using your $t to control a remote shell,
then if you want the shell to recieve a \xff you need to send two of them.
And while we are on it, most ftps also implement a downsized version on
telnet's protocol, and for exploiting an ftp bug, you always always need to send
\xff\xff instead of \xff.
gera
--- for a personal reply use: gera@corest.com
top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1
- Previous message: Alfred Huger: "Dogs of Cyberwar"
- In reply to: Dave Aitel: "Re: Net:telnet exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
