Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft Windows and *nix Telnet Port Number Argument Obfuscation

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 08 Jun 2005 15:04:45 +1200
Kristian Hermansen wrote:


The second argument to the telnet executable, the port number, does not
need to conform to the standard available port conventions (ie.
0-65535).  It is actually possible to specify a port number very far out
of the effective range, and still be able to connect to the "wrapped"
port value.  On Windows, it is even possible to specify negative port
values.  Following is a short demonstration:


Did you come down in the last shower?

This has been known since Adam was a cowboy.

On some OSes and depending on the tool parsing the cmdline, you can 
also do similar things with octets within dotted IPs and other similar, 
funky stuff.

Oh, and did you think to play around with expressing some of the values 
in hex?  Or even weirder, octal?

At least you note it is not a vulnerability -- I guess there is some 
hope after all...


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: