Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: SSL Capable NetCat and more
From: Ryan Sears <rdsears () mtu edu>
Date: Mon, 28 Mar 2011 03:08:41 -0400 (EDT)

Please, correct me if I'm wrong, but a stack overflow in the arguments for something like socat has a very very low 
impact (or probability of exploitation). The only way one can influence the program to do something is by overflowing 
the arguments, so unless it was used in a script or something of that sort in an automatic fashion, it's highly 
unlikely this will be weaponized.

Having said that, having automatic memory allocation/management through a lot of the modern day scripting languages is 
a definite plus.

I think he's looking at it like this, because this is what I was thinking when I first read about it:

(Rough outline of language abstraction layers)


        ||
        ||
+-----------------+
| High-level lang |
|  (Java, etc)    |
+-----------------+
        ||
        ||==> SCNC
        ||
+-------------------+
|  Mid-level lang.  |
| (perl,python,etc) |
+-------------------+
        ||
        ||==> Socat, Ncat, Cryptcat 
        ||
+-----------------+
| Low-level lang. |
|  (C, ASM, etc)  |
+-----------------+

Writing something in a lower-level language typically means increased speed and a lighter footprint. You can do these 
same sorts of connection relaying on a system that might not have perl installed in it. Granted, it isn't common to 
find a system without perl now-a-days, but if you need to install CPAN modules or something that's MORE of an overhead. 
That sort of thing starts to adds up, and if you can write a tiny little program to do the same thing (statically 
compiled for more portability) it's going to be better off. 

I like the concept and the idea though, as it provides some good flexibility if the target won't notice a perl script 
getting run, but notices arbitrary executables or something of the sort. 

Ryan Sears

----- Original Message -----
From: "GomoR" <gomor-fd () gomor org>
To: full-disclosure () lists grok org uk
Sent: Monday, March 28, 2011 2:47:28 AM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] SSL Capable NetCat and more

On Sun, Mar 27, 2011 at 02:23:03PM -0700, Zach C. wrote:
Okay, and also let me rephrase the question: what does your tool do that *
socat* doesn't?

Better question ;)

scnc is written in Perl, and does not suffer from stack 
overflows:

http://www.dest-unreach.org/socat/
2010/08/02: A stack overflow vulnerability has been fixed 
that could be triggered when command line arguments were 
longer than 512 bytes. Fixed versions are 1.7.1.3 and 
2.0.0-b4. See socat security advisory 2 for details.

This one is from command line, maybe the next will be in 
the server mode or whatever.

Regards,

-- 
  ^  ___  ___             http://www.GomoR.org/          <-+
  | / __ |__/            Senior Security Engineer          |
  | \__/ |  \     ---[ zsh$ alias psed='perl -pe ' ]---    |
  +-->  Net::Frame <=> http://search.cpan.org/~gomor/  <---+

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault