lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed Jun  8 04:04:56 2005
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Microsoft Windows and *nix Telnet Port Number
	Argument Obfuscation

Kristian Hermansen wrote:

> The second argument to the telnet executable, the port number, does not
> need to conform to the standard available port conventions (ie.
> 0-65535).  It is actually possible to specify a port number very far out
> of the effective range, and still be able to connect to the "wrapped"
> port value.  On Windows, it is even possible to specify negative port
> values.  Following is a short demonstration:

Did you come down in the last shower?

This has been known since Adam was a cowboy.

On some OSes and depending on the tool parsing the cmdline, you can 
also do similar things with octets within dotted IPs and other similar, 
funky stuff.

Oh, and did you think to play around with expressing some of the values 
in hex?  Or even weirder, octal?

At least you note it is not a vulnerability -- I guess there is some 
hope after all...


Regards,

Nick FitzGerald

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux