lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <42A7090D.296.47C66704@localhost>
Date: Wed Jun  8 04:04:56 2005
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Microsoft Windows and *nix Telnet Port Number
	Argument Obfuscation

Kristian Hermansen wrote:

> The second argument to the telnet executable, the port number, does not
> need to conform to the standard available port conventions (ie.
> 0-65535).  It is actually possible to specify a port number very far out
> of the effective range, and still be able to connect to the "wrapped"
> port value.  On Windows, it is even possible to specify negative port
> values.  Following is a short demonstration:

Did you come down in the last shower?

This has been known since Adam was a cowboy.

On some OSes and depending on the tool parsing the cmdline, you can 
also do similar things with octets within dotted IPs and other similar, 
funky stuff.

Oh, and did you think to play around with expressing some of the values 
in hex?  Or even weirder, octal?

At least you note it is not a vulnerability -- I guess there is some 
hope after all...


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ