Security Basics mailing list archives
RE: Needed Help!
From: Francisco Rodrigo Cortiñas <frcmsec () terra es>
Date: Tue, 16 Mar 2004 16:32:45 +0100
The key is not in making the packet, and make the PC send it; what do you know about the target? You have to know (I think) that Microsoft closed the bug without the need of a patch, so making the ping of death is not the way to crash the NT. You have to gather info about your target to crash it; its the first rule of any type of attack. You have to think about the possibility of making an attack to the target though the ICMP protocol, in some of the ports of it (echo request, echo reply, etc). I dont know the exact text of your laboratory question, so I cant tell you if this is what they are asking you to do. NOTE:: To make the PC send the packet, you have to modify the Windows. I dont tell you more, you said to us you was learning... go and discover it by yourself. NOTE2:: To ensure you are sending the packet, put an sniffer on the NT and see the packets you are sending. Francisco Rodrigo Cortiñas. CCNP, MCSE, MCDBA. -----Mensaje original----- De: Junaid [mailto:junaid () de21comp net] Enviado el: martes, 09 de marzo de 2004 19:55 Para: security-basics () securityfocus com Asunto: Needed Help! HELO Thanks for you response for my question. although it still haven't solved my problem. but I am still trying. a few things I would like to say about the suggestions received; windows (98&2K) cannot send ping packet > 65500 bytes (using ping -l size ...) . surprising win95 was able to send max of 65520. anyway I want it to send a packet >= 65535 in size. I got the code for ping of death from insecure.org, compiled it under linux, it ran but it was ineffective in crashing the machine. about my assignment/project; I am trying to learn and do penetration testing, and my first sub-task (not submittable) was to crash an NT box by sending an ICMP packet size > 65535. Junaid ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Needed Help! Junaid (Mar 09)
- RE: Needed Help! Francisco Rodrigo Cortiñas (Mar 16)
- <Possible follow-ups>
- Re: Needed Help! Crak Packet (Mar 10)
- Re: Needed Help! Eric Paynter (Mar 11)