Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blind Remote Buffer Overflow

From: scut () NB IN-BERLIN DE (Sebastian)
Date: Sat, 29 Apr 2000 18:57:49 +0200

On Sat, Apr 29, 2000 at 12:54:56AM -0400, Matthew R. Potter wrote:


While we are on the topic I have some questions:



How does one tell the diffrence in architechture remotely, when the OS runs
on multiple architechtures? Other than just taking a stab at it untill it
works. Assuming you arent on the same physical network segment and can run
ARP and see the MAC adress of the target. How does one tell the diffrence
between x86 or SPARC, etc. Byte ordering? If thats at all possible to get
the machine to disclose that across a network. I wonder if it would be
possible to tell the diffrence of 4 NetBSD or OpenBSD machines with all
diffrent architechtures. Then again is it even worth it.


It is most of the times easily possible to identify the OS, architecture,
distribution, distribution version, ... remotely. The more open services
the remote host has the better. You can use a lot of methods to fingerprint
for example linux systems, from service banner compilation times (ftpd,
sendmail, pidentd) to TCP/IP stack differences (nmap TCP fingerprinting).
Once you know the architecture and the operating system version you can
try to make an exact copy at your home and work out the exploit until
it's working fine on your box. Then the chances are high it will work on
the remote host also.

And for the question of the worthiness of this effort, that depends on
whom wants to intrude your network.


Matt.


ciao,
scut / teso

--
- scut () nb in-berlin de - http://nb.in-berlin.de/scut/ --- you don't need a --
-- lot of people to be great, you need a few great to be the best ------------
http://3261000594/scut/pgp - 5453 AC95 1E02 FDA7 50D2 A42D 427E 6DEF 745A 8E07
-- data in VK/USA Mayfly experienced, awaiting transfer location, hi echelon -
Previous By Date Next
Previous By Thread Next

Current thread: