Re: Blind Remote Buffer Overflow

[sincity_mark () INAME COM (Mark L. Jackson)]

//  How does one tell the diffrence in architechture remotely, when
//  the OS runs
//  on multiple architechtures?
.....
//  How does one tell the diffrence between x86 or SPARC, etc. Byte
//  ordering?
.....
// I wonder if it would be
//  possible to tell the diffrence of 4 NetBSD or OpenBSD machines with
//  all
//  diffrent architechtures. Then again is it even worth it.

Well scanning is the first and I think easiest method. You decide what
type of system you want to hit and then scan IPs for a specific response
known to come from that system. Example Sun is known to have RPC problems.
You pick the one you want to exploit, search for systems having a response
to the RPC you are attempting to exploit. Once you know the IP you can
reverse lookup the name of the company, get it's address, phone numbers
contacts. You could then pose as a salesman and get an appointment and use
the "what system do you have know" routine to gain info. You could call a
user and ask them what is on there screen, either directly or through a
ruse of some sort. If you do not want to do that you can target known
exploits that get you info (boatloads of tools to enumerate systems). When
you ask a server to do something it can't or won't you usually get an
error message. Ever notice how apache, Domino, and ODBC errors are all
sent to your browser? Those error messages tell you a lot about the system
and how it is used. It is not as difficult as it sounds.

Mark L. Jackson
sincity_mark () iname com

People generally do not look for that which they are afraid to find.

<HR NOSHADE>
<UL>
<LI>application/x-pkcs7-signature attachment: smime.p7s
</UL>