Penetration Testing mailing list archives
Re: Net:telnet exploit
From: Gerardo Richarte <core.lists.pentest () corest com>
Date: Wed, 26 Mar 2003 11:53:43 -0300
Dave Aitel wrote:
If you read the telnet protocol's RFC you might see where they mention how FF is a control character of some sort, or something. So to send one \xFF you need to escape it with another \xFF, which is being automatically done for you.
Gary: remember that, for the same reason, if you send a single \xff, you won't see anything on the other side (unless the bug you are exploiting is before telnet's protocol decoding). i.e. Suppose you are using your $t to control a remote shell, then if you want the shell to recieve a \xff you need to send two of them. And while we are on it, most ftps also implement a downsized version on telnet's protocol, and for exploiting an ftp bug, you always always need to send \xff\xff instead of \xff. gera --- for a personal reply use: gera () corest com top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1
Current thread:
- Net:telnet exploit Gary O'leary-Steele (Mar 24)
- Re: Net:telnet exploit Dave Aitel (Mar 24)
- Re: Net:telnet exploit Gerardo Richarte (Mar 26)
- Re: Net:telnet exploit Dave Aitel (Mar 24)