lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Oct 2006 14:33:00 -0500 From: "Luis Alberto Cortes Zavala" <napasn@...uritynation.com> To: <vuln-dev@...urityfocus.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Windows Command Processor CMD.EXE Buffer Overflow YEah! Buffer Overflow Windows XP SP2 I Hill debug this. Luís Alberto Cortes Zavala IT / Security Consultant napa@...uritynation.com http://www.securitynation.com -----Mensaje original----- De: listbounce@...urityfocus.com [mailto:listbounce@...urityfocus.com] En nombre de The SNiFF Enviado el: Viernes, 20 de Octubre de 2006 03:58 a.m. Para: vuln-dev@...urityfocus.com Asunto: Re: Windows Command Processor CMD.EXE Buffer Overflow > Copy-paste the following line in cmd.exe and execute it.. > (it is a single command, has been split into multiple lines for > readability sake). > > %COMSPEC% /K "dir > \\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" > > (260 characters of 'A's) Tried it on Win2k3 SP1: C:\Documents and Settings\Administrator>%COMSPEC% /K "dir\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" System replied: The filename or extension is too long. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists