Re: Test question

[Jose Celestino <japc () co sapo pt>]

True.

But...do I pass now? Please please please...

:)))

Thus spake Paul Cardon, on Sun, Dec 16, 2001 at 10:39:37PM -0500:
> Jose Celestino wrote:
>
> > Thus spake Paul Cardon, on Sun, Dec 16, 2001 at 10:13:35PM -0500:
> >
> > > Jose Celestino wrote:
> > >
> > > > And how the hell did you intended to get a "uid=0(root)" out of an
> > > > suposely encrypted connection?
> > >
> > > Wow, Jose.  You just flunked the test.  Good thing this was a practice 
> > > run.  ;^)
> >
> > Wrong, this is exploit specific. The exploit that has been running
> > around does a id after a successful exploit. Of course, the
> > overflow occurs at key exchange and so no encryption yet to prevent this
> > kind of data from being sniffed.
>
>
> It doesn't matter where the overflow occurs actually.  The encryption 
> will only remain if the injected code is able to maintain it in some 
> way.  Typically it will just use the open socket and all communication 
> will be in the clear.  There may not be enough room to do more or it is 
> too complex to be worth the trouble.
>
> -paul

-- 
Jose Celestino <japc () co sapo pt>
---------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users