Full Disclosure mailing list archives
Re: re: Global HIGH Security Risk
From: "David Howe" <DaveHowe () cmn sharp-uk co uk>
Date: Tue, 4 Feb 2003 13:04:39 -0000
What I did first was just to code an exploit for the vulnerable daemon and added a simple command sequence to write down to the server an uuencoded file using vi editor,
<snip the rest> Erm - hate to tell you this, but this is how it is *normally* done. you exploit a service using a 'sploit that requires only the open internet-facing port (a buffer overflow is the usual vector) and throw whatever you want down the link in whatever format it supports - often you don't need uuencode if the channel is 8 bit clean (and almost all are) exploit code usually reads "kill main server if it still exists, open new server on same port, receive future connnects from my IP address as being filename, followed by length, followed by data; run any executables and return the output to me as a reply to the download" If you have found a previously unknown exploitable bug in a server though - that is worth reporting. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Global HIGH Security Risk ^Shadown^ (Feb 03)
- Re: Global HIGH Security Risk yossarian (Feb 03)
- Message not available
- Re: Global HIGH Security Risk yossarian (Feb 03)
- Message not available
- Re: Global HIGH Security Risk yossarian (Feb 03)
- Re: Global HIGH Security Risk Jonathan Rickman (Feb 03)
- Re: Global HIGH Security Risk Benjamin Keller (Feb 03)
- Re: Global HIGH Security Risk Michael Renzmann (Feb 04)
- Re: Global HIGH Security Risk Benjamin Keller (Feb 03)
- <Possible follow-ups>
- RE: Global HIGH Security Risk bugtraq (Feb 03)
- Re: Global HIGH Security Risk David Howe (Feb 04)
- Global HIGH Security Risk phenethyl (Feb 03)
- re: Global HIGH Security Risk ^Shadown^ (Feb 03)
- Re: re: Global HIGH Security Risk David Howe (Feb 04)
- Re: re: Global HIGH Security Risk Jonathan Rickman (Feb 04)
- RE: Global HIGH Security Risk John . Airey (Feb 04)
- Re: Global HIGH Security Risk ^Shadown^ (Feb 06)
- RE: Global HIGH Security Risk Lance Fitz-Herbert (Feb 04)
- RE: Global HIGH Security Risk Jeroen Doorn (Feb 04)
- RE: Global HIGH Security Risk Jonathan Rickman (Feb 04)
- RE: Global HIGH Security Risk Melvyn Sopacua (Feb 04)
- Re: Global HIGH Security Risk Peter (Feb 04)
- RE: Global HIGH Security Risk Jonathan Rickman (Feb 04)