Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: BitchX /ignore bug

Re: BitchX /ignore bug

From: Mikael Olsson <mikael.olsson_at_ENTERNET.SE>
Date: Fri, 7 Jul 2000 16:11:25 +0200

Steve Mosher wrote:
>
> I'm willing to bet that code witten by those who write script-kid
> exploits is probably of the most secure around.

Hehe, no, sorry to disappoint you. It isn't. They are quick, dirty
hacks that do everything from "plain not work" to do buffer overruns
and printf exploits on themselves.

I picked apart ping of death v2 half a year ago and wheeeee were
there some fun things in it. The most interesting one was where
the "send mangled IP buffer" piece did a buffer overrun on itself
and shuffled lots of its stack data across the internet, including
the EIP and lots of other interesting stuff :-) 

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00         Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636        Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/       E-mail: mikael.olsson@enternet.se
Received on Jul 07 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos