Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exploiting any network protocol with secondarydatachannelsopened from the server

From: hdm () SECUREAUSTIN COM (H D Moore)
Date: Sun, 19 Mar 2000 22:37:17 -0600

Ralf-Philipp Weinmann wrote:

java.net.ServerSocket(portnumber) can be used for bind()ing a port.
I haven't checked whether you can use this class in an applet however
or whether the security manager successfully blocks this route.
Note however that you should only be able to bind ports between
1024 and 65535 on un*x boxes (winblows boxes don't have reserved
ports). OK. I just tested it and it works (Netscape 4.0x under linux).
Bad bad bad. Source code is attached.
This of course leads me to even nastier thoughts about what can be
done with ServerSocket since it also allows binding to a specific
address (interface) - which makes things interesting under Solaris
for example.


Could this applet be used to relay connections to an internal network?
Say your target is a dual-homed machine and your applet binds to the
external interface and then forward connections to an internal address.
Is this possible?

-HD
Previous By Date Next
Previous By Thread Next

Current thread: