Penetration Testing mailing list archives
Re: Net:telnet exploit
From: Dave Aitel <dave () immunitysec com>
Date: Mon, 24 Mar 2003 11:36:37 -0500
If you read the telnet protocol's RFC you might see where they mention how FF is a control character of some sort, or something. So to send one \xFF you need to escape it with another \xFF, which is being automatically done for you. Try sending your requests raw rather than through a telnet protocol handler. Dave Aitel Recruitment and Training Immunity, Inc. http://www.immunitysec.com/CANVAS/ "Hack like you were in the movies." On Sun, 23 Mar 2003 11:36:34 -0000 "Gary O'leary-Steele" <garyo () sec-1 com> wrote:
Hello all, I am coding an exploit using perl. The exploit needs to send each byte individually instead of a large string to get round some trivial bounds checking. use Net::Telnet (); $t->open(Host=> $host, Port => $port, Errmode => $mode, Timeout => $secs,); $t ->put("\xFF"); However when I send \xFF bytes they get doubled up. Any ideas? Regards, Gary --------------------------------------------------------------------- ------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1
Current thread:
- Net:telnet exploit Gary O'leary-Steele (Mar 24)
- Re: Net:telnet exploit Dave Aitel (Mar 24)
- Re: Net:telnet exploit Gerardo Richarte (Mar 26)
- Re: Net:telnet exploit Dave Aitel (Mar 24)