Vulnerability Development mailing list archives
Windows2000 telnet exploit
From: Philip Wagenaar <pb.wagenaar () CHELLO NL>
Date: Thu, 23 Nov 2000 11:44:44 -0800
Hello all! We recently installed a windows 2000 advanced server with service pack 1 = to play around with at work. Everything looked ok, untill I started to = play with the telnet server. I started the service and turned off NTLM = login so I could use cleartext telnet connections to the server. = Everthing looked ok, until I started to enter extremely long string for = login and password ( +3000 chars) and found out I received a strange = error message. Normaly when you try to login with a bad login/password, the telnet = server will return: Logon failure: unknown user name or bad password. = Nothing strange there. But when I tried to login using those extremely = long logins and password the telnet server returned a diffrent error = message that made me turn off telnet server immediately: The filename or extension is too long. Is this some kinda of bufferoverflow???? I havent been able to run any files using the login, but I just recently = discovered this and havent had the time to find out what stringformat(?) = it uses. I`m not familiar with exploits (yet?) so I was wondering if I was on to = something or that this is normal Philip Wagenaar The Netherlands
Current thread:
- Windows2000 telnet exploit Philip Wagenaar (Nov 23)
- <Possible follow-ups>
- Re: Windows2000 telnet exploit Sandro Gauci (Nov 24)
- Re: Windows2000 telnet exploit Olle Segerdahl (Nov 25)
- Re: Windows2000 telnet exploit Marty (Nov 27)
- Re: Windows2000 telnet exploit Robert G. Ferrell (Nov 28)
- Re: Windows2000 telnet exploit David Rhodus (Nov 29)