NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Pen-test> 2007-08

Re: Bittorrent Data Port Probe

From: John Lampe (jwlampetenablesecurity.com)
Date: Fri Aug 24 2007 - 17:07:22 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Paul Melson wrote:

> I can't seem to recreate this:
>
> $ perl -e 'for (my $i=0; $i <= 90; $i++) {print chr(int(rand 255));}' | nc
> -v localhost 6881
> Connection to localhost 6881 port [tcp/*] succeeded!
> $ perl -e 'for (my $i=0; $i <= 95; $i++) {print chr(int(rand 255));}' | nc
> -v localhost 6881
> Connection to localhost 6881 port [tcp/*] succeeded!
> $ perl -e 'for (my $i=0; $i <= 96; $i++) {print chr(int(rand 255));}' | nc
> -v localhost 6881
> Connection to localhost 6881 port [tcp/*] succeeded!
> $ perl -e 'for (my $i=0; $i <= 100; $i++) {print chr(int(rand 255));}' | nc
> -v localhost 6881
> Connection to localhost 6881 port [tcp/*] succeeded!
> $ perl -e 'for (my $i=0; $i <= 1000; $i++) {print chr(int(rand 255));}' | nc
> -v localhost 6881
> Connection to localhost 6881 port [tcp/*] succeeded!
>
> If you care, the client is bittorrent-curses 4.4.0 on OpenBSD (it's what I
> had quick access to). I haven't tried your nasl code in Nessus, so maybe
> I'm missing something. But if I understand your previous post, this should
> elicit some response from a seeding client, and in my case it doesn't.
>

There's an outside possibility that bittorent-curses for OpenBSD
*wasn't* one of the platforms that I tested against. ;-)

If it doesn't work from outside localhost, then I'd bet I just happened
upon some quirky windows-bittorrent-client thingee...

--
John Lampe
Senior Security Researcher
TENABLE Network Security, Inc.
jwlampe{nessus.org,tenablesecurity.com}
Tele: (410) 872-0555
www.tenablesecurity.com

Is your network TENABLE?
---------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]