|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Problem rlogin protocol
From: Inode (inode
mediaservice.net)
Date: Fri Apr 02 2004 - 07:33:02 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
I'm playing with rlogin protocol under Solaris (but I think it's similar
to others unix system), and I got some problems.
When I try to send a buffer more than 250 byte as login name the deamon
will output 0x7 character (beep). I know that with telnet protocol there
are options for permit to use long buffer without any problems (as in
Solaris /bin/login exploit), how to do that with rlogin protocol?
Attached a little example that have this problem...
Thanks.
Best regards,
Inode
root# ./y 192.168.1.50 inode 2
[+] Connected to 192.168.1.50...
/* start, 1 bytes */
00 | .
/* Reply, 1 bytes */
00 | .
/* Rlogin init, 23 bytes */
69 6e 6f 64 65 00 69 6e 6f 64 65 00 76 74 31 30 | inode.inode.vt10
30 2f 39 36 30 30 00 | 0/9600.
/* rec, 10 bytes */
50 61 73 73 77 6f 72 64 3a 20 | Password:
/* rec, 2 bytes */
0d 0a | ..
/* rec, 17 bytes */
4c 6f 67 69 6e 20 69 6e 63 6f 72 72 65 63 74 0d | Login incorrect.
0a | .
/* rec, 7 bytes */
6c 6f 67 69 6e 3a 20 | login:
/* rec, 10 bytes */
41 41 41 41 41 41 41 41 41 41 | AAAAAAAAAA
/* rec, 10 bytes */
41 41 41 41 41 41 41 41 41 41 | AAAAAAAAAA
/* rec, 2 bytes */
0d 0a | ..
/* rec, 10 bytes */
50 61 73 73 77 6f 72 64 3a 20 | Password:
root#
root# ./y 192.168.1.50 inode 26
[+] Connected to 192.168.1.50...
/* start, 1 bytes */
00 | .
/* Reply, 1 bytes */
00 | .
/* Rlogin init, 23 bytes */
69 6e 6f 64 65 00 69 6e 6f 64 65 00 76 74 31 30 | inode.inode.vt10
30 2f 39 36 30 30 00 | 0/9600.
/* rec, 10 bytes */
50 61 73 73 77 6f 72 64 3a 20 | Password:
/* rec, 2 bytes */
0d 0a | ..
/* rec, 17 bytes */
4c 6f 67 69 6e 20 69 6e 63 6f 72 72 65 63 74 0d | Login incorrect.
0a | .
/* rec, 7 bytes */
6c 6f 67 69 6e 3a 20 | login:
/* rec, 10 bytes */
41 41 41 41 41 41 41 41 41 41 | AAAAAAAAAA
/* rec, 10 bytes */
41 41 41 41 41 41 41 41 41 41 | AAAAAAAAAA
/* rec, 10 bytes */
41 41 41 41 41 41 41 41 41 41 | AAAAAAAAAA
/* rec, 10 bytes */
41 41 41 41 41 41 41 41 41 41 | AAAAAAAAAA
[...]
41 41 41 41 41 41 41 41 41 41 | AAAAAAAAAA
/* rec, 10 bytes */
41 41 41 41 41 41 41 07 07 07 | AAAAAAA...
/* rec, 1 bytes */
07 | .
- text/x-csrc attachment: y.c
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]