RE: directory traversal

From: Piyush Agarwal (pvagarwal@yahoo.com)
Date: 02/07/02

• Previous message: Jose Nazario: "Re: ssh"
• In reply to: Levenglick, Jeff: "RE: directory traversal"
• Next in thread: Robert Collins: "Re: directory traversal"
• Next in thread: Levenglick, Jeff: "RE: directory traversal"
• Reply: Robert Collins: "Re: directory traversal"
• Reply: Steve: "Re: directory traversal"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 7 Feb 2002 12:12:38 -0800 (PST)
From: Piyush Agarwal <pvagarwal@yahoo.com>
To: "Levenglick, Jeff" <jlevenglick@fhlbatl.com>, Jim Nanney <jnanney@datasync.com>, Strumpf Noir Society <vuln-dev@labs.secureance.com>

hi,
It seems you are right...
But here is something more that I found:

(Running cmd.exe on Win2k)
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>cd winnt\system32

C:\WINNT\system32>cd \.\

C:\>cd winnt\system32

C:\WINNT\system32>cd \..\

C:\>cd winnt\system32

C:\WINNT\system32>cd \...\

C:\>cd winnt\system32

C:\WINNT\system32>cd \....\

C:\>cd winnt\system32

C:\WINNT\system32>cd \.........\

C:\>cd winnt\system32
The system cannot find the path specified.

C:\>cd winnt\system32
The system cannot find the path specified.

C:\>cd winnt
The system cannot find the path specified.

C:\>

It seems that the cd command just stops working when I
carried out the above steps......weird!! Anybody care
to explain ?

Regards,
Piyush Agarwal

--- "Levenglick, Jeff" <jlevenglick@fhlbatl.com>
wrote:
> I also tried it, but I think you might be missing
> what it is doing.
>
> It looks like it takes the cd \ and ignores
> everything after it.
>
> I tried cd \.\ and cd \..\ and got the same results
>
> -----Original Message-----
> From: Piyush Agarwal [mailto:pvagarwal@yahoo.com]
> Sent: Wednesday, February 06, 2002 1:31 PM
> To: Jim Nanney; Strumpf Noir Society
> Cc: vuln-dev@securityfocus.com
> Subject: Re: directory traversal
>
>
> On Win 2k (running cmd.exe)
>
> C:\>cd winnt
>
> C:\WINNT>cd system32
>
> C:\WINNT\system32>cd \...\
>
> C:\>
>
> On same machine (now running Command.com)
>
> C:\>cd winnt
>
> C:\WINNT>cd system32
>
> C:\WINNT\SYSTEM32>cd \...\
> Invalid directory
>
> C:\WINNT\SYSTEM32>
>
> So u can see that on Win2K the triple dot traversal
> works in cmd.exe but not in command.com......anyone
> wanting to dig deeper in this ?? :-)
>
> - Piyush Agarwal
>
>
> --- Jim Nanney <jnanney@datasync.com> wrote:
> > I'm just a lurker here, but a simple thought...
> >
> > I saw this and thought well it probably has to do
> > with cmd.exe of win2k
> >
> > On my win2k machine using cmd.exe:
> > ************************************
> >
> > C:\>cd winnt\system32\drivers
> >
> > C:\WINNT\system32\drivers>cd \...\
> >
> > C:\>
> >
> > on my win98 machine using command.com
> > *************************************
> >
> > C:\>cd windows\system32\drivers
> >
> > C:\WINDOWS\SYSTEM32\DRIVERS>cd \...\
> > Bad command or file name
> >
> > C:\WINDOWS\SYSTEM32\DRIVERS>
> >
> > Can't give you reasons why, but given the little
> > information supplied I
> > would bet it would be system calls opening a shell
> > and thus the reason for
> > the /.../ working on win2k and not 98.
> >
> > --Jim Nanney
> >
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Send FREE Valentine eCards with Yahoo! Greetings!
> http://greetings.yahoo.com
>
>
____________________________________________________________________________
> This e-mail message is private and may contain
> confidential or privileged
> information.

__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

---

• Previous message: Jose Nazario: "Re: ssh"
• In reply to: Levenglick, Jeff: "RE: directory traversal"
• Next in thread: Robert Collins: "Re: directory traversal"
• Next in thread: Levenglick, Jeff: "RE: directory traversal"
• Reply: Robert Collins: "Re: directory traversal"
• Reply: Steve: "Re: directory traversal"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: directory traversal ... is some sort of overflow. ... (Running cmd.exe on Win2k) ... > C:\>cd winnt ... > Send FREE Valentine eCards with Yahoo! ... (Vuln-Dev) RE: directory traversal ... C:\>cd winnt ... So u can see that on Win2K the triple dot traversal ... > Can't give you reasons why, ... Send FREE Valentine eCards with Yahoo! ... (Vuln-Dev) Re: directory traversal ... C:\>cd winnt ... So u can see that on Win2K the triple dot traversal ... > Can't give you reasons why, ... Send FREE Valentine eCards with Yahoo! ... (Vuln-Dev) Re: Dual boot ... using Notepad as your editor: ... Since your Win2K is probably in a folder named ... "WINNT", the 2nd entry should instead be: ... (microsoft.public.windowsxp.general) Re: WMI script ... > Is there a difference between WMI on XP and win2k? ... > Here is the script, I want to delete all word docs in all subdirectories ... > Set colFiles = objWMIService.ExecQuery _ ... the LIKE operator is available on Microsoft Windows XP and ... (microsoft.public.scripting.wsh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2002-02