Vulnerability Development mailing list archives
Re: Blind Remote Buffer Overflow
From: sincity_mark () INAME COM (Mark L. Jackson)
Date: Sat, 29 Apr 2000 11:49:06 -0700
// How does one tell the diffrence in architechture remotely, when // the OS runs // on multiple architechtures? ..... // How does one tell the diffrence between x86 or SPARC, etc. Byte // ordering? ..... // I wonder if it would be // possible to tell the diffrence of 4 NetBSD or OpenBSD machines with // all // diffrent architechtures. Then again is it even worth it. Well scanning is the first and I think easiest method. You decide what type of system you want to hit and then scan IPs for a specific response known to come from that system. Example Sun is known to have RPC problems. You pick the one you want to exploit, search for systems having a response to the RPC you are attempting to exploit. Once you know the IP you can reverse lookup the name of the company, get it's address, phone numbers contacts. You could then pose as a salesman and get an appointment and use the "what system do you have know" routine to gain info. You could call a user and ask them what is on there screen, either directly or through a ruse of some sort. If you do not want to do that you can target known exploits that get you info (boatloads of tools to enumerate systems). When you ask a server to do something it can't or won't you usually get an error message. Ever notice how apache, Domino, and ODBC errors are all sent to your browser? Those error messages tell you a lot about the system and how it is used. It is not as difficult as it sounds. Mark L. Jackson sincity_mark () iname com People generally do not look for that which they are afraid to find. <HR NOSHADE> <UL> <LI>application/x-pkcs7-signature attachment: smime.p7s </UL>
Current thread:
- Re: long file names in explorer.exe, (continued)
- Re: long file names in explorer.exe Rory Savage (Apr 28)
- Re: long file names in explorer.exe kj (Apr 28)
- Lotus notes + windows98 overflow Alistair Orchard (Apr 27)
- Blind Remote Buffer Overflow Granquist, Lamont (Apr 27)
- Eudora Pro Buffer Overflow testing in progress - help needed. Zoa_Chien (Apr 28)
- Re: Eudora Pro Buffer Overflow testing in progress - help needed. Blue Boar (Apr 28)
- Re: Blind Remote Buffer Overflow Marc (Apr 28)
- Re: Blind Remote Buffer Overflow Ralph The Wonder Llama (Apr 28)
- Re: Blind Remote Buffer Overflow Matthew R. Potter (Apr 28)
- Re: Blind Remote Buffer Overflow Sebastian (Apr 29)
- Re: Blind Remote Buffer Overflow Mark L. Jackson (Apr 29)
- Re: Blind Remote Buffer Overflow Arturo Busleiman (Apr 30)
- Re: Blind Remote Buffer Overflow Arturo Busleiman (Apr 30)
- Replacing Kernel Functions via a LKM Granquist, Lamont (Apr 27)
- Re: Replacing Kernel Functions via a LKM Dragos Ruiu (Apr 27)
- Re: Replacing Kernel Functions via a LKM Dragos Ruiu (Apr 28)
- Re: Replacing Kernel Functions via a LKM Prateek Jetly (Apr 27)
- Re: No-Exec Stack Smashing 101 Michael H. Warfield (Apr 26)
- Re: No-Exec Stack Smashing 101 Crispin Cowan (Apr 26)
- Re: No-Exec Stack Smashing 101 Taneli Huuskonen (Apr 26)
- Re: No-Exec Stack Smashing 101 Michael H. Warfield (Apr 20)