Penetration Testing mailing list archives
Re: local proxy udp 53
From: Nicolas RUFF <nicolas.ruff () gmail com>
Date: Sun, 19 Feb 2006 12:28:52 +0100
Take a look at the NSTX project: http://nstx.dereference.de/nstx/
Personnally, I consider NSTX more like a "proof of concept" rather than a field-useable tool. Apart from not being multi-user, it has been plagued by a bug for several years that will make it crash if a legitimate DNS request is received (!) The first byte of the DNS request is used to store the request length, but the request length is also computed by strlen(). NSTX-1.1b5 code is: nstx_encode.c:82 *rlen = i - revmap[data[0]]; where i = strlen(data); and rlen = &len; When len<0, large amounts of memory will be overwritten in the following memcpy(): nstx_pstack.c:151 memcpy(ptr->data, data, len); Author has been contacted last year, but the tool is not actively maintained (last update 10 monthes ago). PoC : # nslookup
server target.com Z.target.com
(NSTX server on target.com crashes) Regards, - Nicolas RUFF Security Researcher @ EADS-CCR ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- local proxy udp 53 Julian Totzek (Feb 13)
- Re: local proxy udp 53 Michele Vetturi (Feb 13)
- Re: local proxy udp 53 Roland Dobbins (Feb 13)
- Re: local proxy udp 53 Cedric Blancher (Feb 15)
- RE: local proxy udp 53 ops-security (Feb 14)
- Re: local proxy udp 53 Aaron (Feb 15)
- <Possible follow-ups>
- Re: local proxy udp 53 shiri_yacov (Feb 13)
- RE: local proxy udp 53 Mike Owen (Feb 17)
- Re: local proxy udp 53 Nicolas RUFF (Feb 19)