Full Disclosure mailing list archives
Re: Microsoft Windows and *nix Telnet Port Number Argument Obfuscation
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 08 Jun 2005 15:04:45 +1200
Kristian Hermansen wrote:
The second argument to the telnet executable, the port number, does not need to conform to the standard available port conventions (ie. 0-65535). It is actually possible to specify a port number very far out of the effective range, and still be able to connect to the "wrapped" port value. On Windows, it is even possible to specify negative port values. Following is a short demonstration:
Did you come down in the last shower? This has been known since Adam was a cowboy. On some OSes and depending on the tool parsing the cmdline, you can also do similar things with octets within dotted IPs and other similar, funky stuff. Oh, and did you think to play around with expressing some of the values in hex? Or even weirder, octal? At least you note it is not a vulnerability -- I guess there is some hope after all... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Windows and *nix Telnet Port Number Argument Obfuscation Kristian Hermansen (Jun 07)
- Re: Microsoft Windows and *nix Telnet Port Number Argument Obfuscation Nick FitzGerald (Jun 07)
- Re: Microsoft Windows and *nix Telnet Port Number Argument Obfuscation Andrew Haninger (Jun 08)
- RE: Microsoft Windows and *nix Telnet Port NumberArgument Obfuscation Arjan van der Velde (Jun 08)
- Re: Microsoft Windows and *nix Telnet Port NumberArgument Obfuscation Raghu Chinthoju (Jun 08)
- Re: Microsoft Windows and *nix Telnet Port Number Argument Obfuscation Andrew Haninger (Jun 08)
- Re: Microsoft Windows and *nix Telnet Port Number Argument Obfuscation Stan Bubrouski (Jun 09)
- Re: Microsoft Windows and *nix Telnet Port Number Argument Obfuscation Kristian Hermansen (Jun 09)
- Re: Microsoft Windows and *nix Telnet Port Number Argument Obfuscation Nick FitzGerald (Jun 09)
- Re: Microsoft Windows and *nix Telnet PortNumber Argument Obfuscation Etaoin Shrdlu (Jun 09)
- Re: Microsoft Windows and *nix Telnet PortNumber Argument Obfuscation Kristian Hermansen (Jun 09)
- Re: Microsoft Windows and *nix Telnet PortNumber Argument Obfuscation Chris Umphress (Jun 11)
- Re: Microsoft Windows and *nix Telnet Port Number Argument Obfuscation Nick FitzGerald (Jun 07)
- Re: Microsoft Windows and *nix Telnet Port Number Argument Obfuscation Devdas Bhagat (Jun 11)