|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Microsoft Windows and *nix Telnet Port Number Argument Obfuscation
From: Nick FitzGerald (nick
virus-l.demon.co.uk)
Date: Tue Jun 07 2005 - 22:04:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kristian Hermansen wrote:
> The second argument to the telnet executable, the port number, does not
> need to conform to the standard available port conventions (ie.
> 0-65535). It is actually possible to specify a port number very far out
> of the effective range, and still be able to connect to the "wrapped"
> port value. On Windows, it is even possible to specify negative port
> values. Following is a short demonstration:
Did you come down in the last shower?
This has been known since Adam was a cowboy.
On some OSes and depending on the tool parsing the cmdline, you can
also do similar things with octets within dotted IPs and other similar,
funky stuff.
Oh, and did you think to play around with expressing some of the values
in hex? Or even weirder, octal?
At least you note it is not a vulnerability -- I guess there is some
hope after all...
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]