NSLOOKUP.EXEMar 20 2003 12:45AM Patrick Webster (webster_p DeMorgan com au) (2 replies)
Re: NSLOOKUP.EXEMar 22 2003 05:40AM K. K. Mookhey (cto nii co in) (2 replies)
Re: NSLOOKUP.EXEMar 24 2003 12:32PM Marcos D. Marado Torres (marado student dei uc pt)
To know how can winhlp32 be exploited, read http://www.cerberus-infosec.co.uk/wpwhlpbuf.html .
It's a fair simple concept, easy reading.
Mind Booster Noori
On Sat, 22 Mar 2003, K. K. Mookhey wrote:
> Hi,
>
> On a related note, we had reported the following local BOs to MS. But since, neither they nor us could come up with any remote exploits for this, I guess members on this list could check it out. Some of these do not work on Win2K SP3, but do work on earlier versions.
>
> First:
> C:\>regsvr32 AAAAAAA...(1300 times)
>
> Second:
> C:\>winhlp32 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaa
> aaaaaaaaaaaaaaaaaaaaa.exe
> This one crashes only at a particular value of A's, not if its any more or if its any less.
>
> Again, unless any of these runs with elevated privileges, or someone feeds in data remotely to these exes, the buffer overflows do not represent a security risk.
>
> K. K. Mookhey
> CTO,
> Network Intelligence India Pvt. Ltd.
> Web: www.nii.co.in
> =================================
> Security Auditing Handbooks
> http://www.nii.co.in/research/handbook.html
> =================================
>
>
>
> ----- Original Message -----
> Hi List,
>
> Can you do anything interesting with this?:
>
> C:\>nslookup
> Default Server: dns.server.net
> Address: 111.222.333.444
>
> > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
> Gives error: memory can't be "read" - 0x414141 (aka A).
>
>
--
========================================================================
=======
Marcos Marado AKA Mind Booster Noori
========================================================================
=======
My PGP key: http://student.dei.uc.pt/~marado/pgp.txt
Visit Mordor's (my band) WebPage on: http://www.mordor.freeurl.com
Mail me to: marado (at) student.dei.uc (dot) pt [email concealed]
========================================================================
=======
Don't get to bragging.
It's a fair simple concept, easy reading.
Mind Booster Noori
On Sat, 22 Mar 2003, K. K. Mookhey wrote:
> Hi,
>
> On a related note, we had reported the following local BOs to MS. But since, neither they nor us could come up with any remote exploits for this, I guess members on this list could check it out. Some of these do not work on Win2K SP3, but do work on earlier versions.
>
> First:
> C:\>regsvr32 AAAAAAA...(1300 times)
>
> Second:
> C:\>winhlp32 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaa
> aaaaaaaaaaaaaaaaaaaaa.exe
> This one crashes only at a particular value of A's, not if its any more or if its any less.
>
> Again, unless any of these runs with elevated privileges, or someone feeds in data remotely to these exes, the buffer overflows do not represent a security risk.
>
> K. K. Mookhey
> CTO,
> Network Intelligence India Pvt. Ltd.
> Web: www.nii.co.in
> =================================
> Security Auditing Handbooks
> http://www.nii.co.in/research/handbook.html
> =================================
>
>
>
> ----- Original Message -----
> Hi List,
>
> Can you do anything interesting with this?:
>
> C:\>nslookup
> Default Server: dns.server.net
> Address: 111.222.333.444
>
> > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
> Gives error: memory can't be "read" - 0x414141 (aka A).
>
>
--
========================================================================
=======
Marcos Marado AKA Mind Booster Noori
========================================================================
=======
My PGP key: http://student.dei.uc.pt/~marado/pgp.txt
Visit Mordor's (my band) WebPage on: http://www.mordor.freeurl.com
Mail me to: marado (at) student.dei.uc (dot) pt [email concealed]
========================================================================
=======
Don't get to bragging.
[ reply ]