Bugtraq mailing list archives
Re: INND causes cancer in laboratory rats (fwd)
From: thoth () PURPLEFROG COM (thoth () PURPLEFROG COM)
Date: Fri, 1 Aug 1997 16:26:40 -0400
Dan Fleisher <method () arena cwnet com> ,in message <Pine.LNX.3.96.970801113741.2 1315A-100000 () arena cwnet com>, wrote:
---------------------------- nnrp.c -------------------------------------- /* * Remote exploit for INN version < 1.6. Requires 'innbuf' program to operate.* To compile: cc nnrp.c -o nnrp. Usage: nnrp <host> <file generated by innbuf>.* (C) 1997 by Method of Dweebs <method () arena cwnet com> */
Consider using the "hose" program from the Netpipes package. http://www.purplefrog.com/~thoth/netpipes/ I suspect it can be a convenient wrapper for the network functionality of the nnrp.c program you posted, allowing you to concentrate on just copying data around. `` The netpipes package makes TCP/IP streams usable in shell scripts. It can also simplify client/server code by allowing the programmer to skip all the tedious programming bits related to sockets and concentrate on writing a filter/service. faucet is the server end of a TCP/IP stream. It listens on a port of the local machine waiting for connections. Every time it gets a connection it forks a process to perform a service for the connecting client. hose is the client end of a TCP/IP stream. It actively connects to a remote port and execs a process to request a service. '' It might even be as simple as hose usenet.victim.com nntp -fd3 sh -c "cat <&3 & cat innbuf.out >&3; cat >&3 ; sockdown " If you need to attach a descriptor to a network socket for a quick hack, use faucet or hose. -- Bob Forsman thoth () gainesville fl us http://www.gainesville.fl.us/~thoth/
Current thread:
- Re: Small problem in AIX write command: Executes shell David Hedley (Aug 01)
- <Possible follow-ups>
- Small problem in AIX write command: Executes shell DI. Dr. Klaus Kusche (Aug 01)
- Re: Small problem in AIX write command: Executes shell David Holland (Aug 01)
- comp.sys.sgi.bugs: YET another security alert (sigh) Arthur Hagen (Aug 04)
- comp.sys.sgi.bugs: Re: YET another security alert (sigh) Forwarded by Kari Hurtta (Aug 05)
- CPSR #8: identd Denial of Service Corinne Posse Releases (Aug 04)
- Re: CPSR #8: identd Denial of Service Curt Sampson (Aug 04)
- Re: Small problem in AIX write command: Executes shell David Holland (Aug 01)
- INND causes cancer in laboratory rats (fwd) Dan Fleisher (Aug 01)
- Re: INND causes cancer in laboratory rats (fwd) thoth () PURPLEFROG COM (Aug 01)
- Bugs in Debian Linux's ircd package Matt (Aug 01)
- SSH LocalForward Kristof Van Damme (Aug 02)
- Security hole in rusers client David Holland (Aug 02)
- SSH LocalForward Nicolas Dubee (Aug 02)
- Re: your mail Erik Troan (Aug 10)
- Sun Security Bulletin #00149 Aleph One (Aug 13)
- Sun Security Bulletin #00150 Aleph One (Aug 13)
- Possible fixed identd Phillip R. Jaenke (Aug 13)
- CERT Advisory CA-97.22 - BIND - the Berkeley Internet Name Daemon Aleph One (Aug 14)
- Vulnerability in 4.4BSD rfork() implementation Thomas H. Ptacek (Aug 02)