[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Microsoft Windows and *nix Telnet Port Number Argument Obfuscation
- To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Microsoft Windows and *nix Telnet Port Number Argument Obfuscation
- From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 08 Jun 2005 15:04:45 +1200
Kristian Hermansen wrote:
> The second argument to the telnet executable, the port number, does not
> need to conform to the standard available port conventions (ie.
> 0-65535). It is actually possible to specify a port number very far out
> of the effective range, and still be able to connect to the "wrapped"
> port value. On Windows, it is even possible to specify negative port
> values. Following is a short demonstration:
Did you come down in the last shower?
This has been known since Adam was a cowboy.
On some OSes and depending on the tool parsing the cmdline, you can
also do similar things with octets within dotted IPs and other similar,
funky stuff.
Oh, and did you think to play around with expressing some of the values
in hex? Or even weirder, octal?
At least you note it is not a vulnerability -- I guess there is some
hope after all...
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/