Full Disclosure mailing list archives
Re: Win32 Cisco Exploit
From: <olafandjasper () hushmail com>
Date: Thu, 24 Jul 2003 10:28:01 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Try changing TTL, we used a value of 0 and it kill Cisco. On Thu, 24 Jul 2003 09:43:39 -0700 "Joel R. Helgeson" <joel () helgeson com> wrote:
I just tested it against one of my test cisco routers. nuthin happened. "Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." ----- Original Message ----- From: "amilabs" <amilabs () optonline net> To: "'amilabs'" <amilabs () optonline net>; <koec () hush com>; <full-disclosure () lists netsys com> Sent: Thursday, July 24, 2003 9:36 AM Subject: RE: [Full-disclosure] Win32 Cisco ExploitI meant to say it does NOT generate the correct type of packetsbelow inthe last email I sent -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of amilabs Sent: Thursday, July 24, 2003 9:57 AM To: koec () hush com; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Win32 Cisco Exploit According to protocol trace file analysis it does generate thecorrecttypes of packets to cause the exploit. Both the gui and the cmdlinesend the packets out with ttl 128 and with 0 as the next protocolin theIP header. This is what the app spits out. I did not test againstarouter just took a quick peek with a protocol analyzer and itdoes notlook like it will work based on the packet trace. Can someonetell meotherwise? ------------ ETHER Header ------------ Destination: 00-03-A3-43-78-6B Source: This Network Analyzer (00-04-55-2D-F8-A7) Protocol: IP FCS: E67BCBFA ------------ IP Header ------------ Version = 4 Header length = 20 Differentiated Services (DS) Field = 0x00 0000 00.. DS Codepoint = Default PHB (0) .... ..00 Unused Packet length = 40 Id = 1ed4 Fragmentation Info = 0x0000 .0.. .... .... .... Don't Fragment Bit = FALSE ..0. .... .... .... More Fragments Bit = FALSE ...0 0000 0000 0000 Fragment offset = 0 Time to live = 128 Protocol = 0 (0) Header checksum = 04EB (Verified 04EB) Source address = 10.1.1.28 Destination address = 10.1.1.250 20 bytes of data Record #22 (From Node To Hub) Captured on 7/24/2003 at 09:50:56.437327771 Length = 64 Frame Data: (Length = 64) 0: 00 08 A3 4D 78 6B 00 02 55 5D F8 A7 08 00 45 00 ...Mxk.. U]....E. 16: 00 28 1E D4 00 00 80 00 04 EB 0A 01 01 1C 0A 01 .(...... ........ 32: 01 FA 45 10 00 14 2E 31 40 00 00 37 C1 76 7F 00 ..E....1 @..7.v.. 48: 00 01 0A 01 01 FA 00 00 00 00 00 00 E6 7B CB FA ........ .....{.. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of koec () hush com Sent: Wednesday, July 23, 2003 5:18 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Win32 Cisco Exploit Attached is a win32 version of the Cisco Exploit with a nice GUI. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj8gFxcACgkQsJfNyoeLaF7VEgCfZNrQEjfJZ5yub1ouPEou0k47/4EA nilCXsIOvTBSe6RNNu3IvG3tk+RT =dFRS -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Win32 Cisco Exploit koec (Jul 23)
- RE: Win32 Cisco Exploit amilabs (Jul 24)
- MS03-031 rollup missing a patch? Geo. (Jul 24)
- Re: MS03-031 rollup missing a patch? Jensenne Roculan (Jul 24)
- RE: Win32 Cisco Exploit amilabs (Jul 24)
- Re: Win32 Cisco Exploit Joel R. Helgeson (Jul 24)
- RE: Win32 Cisco Exploit amilabs (Jul 24)
- MS03-031 rollup missing a patch? Geo. (Jul 24)
- RE: Win32 Cisco Exploit amilabs (Jul 24)
- <Possible follow-ups>
- RE: Win32 Cisco Exploit Leif Sawyer (Jul 24)
- Re: Win32 Cisco Exploit Michael Scheidell (Jul 24)
- RE: Win32 Cisco Exploit Bojan Zdrnja (Jul 24)
- Re: Win32 Cisco Exploit Michael Scheidell (Jul 24)
- Re: Win32 Cisco Exploit olafandjasper (Jul 24)