Darren Kitchen Posted October 20, 2006 Posted October 20, 2006 I just got this emailed to me and thought it was interesting: http://www.infogreg.com/security/misc/wind...r-overflow.html %COMSPEC% /K "dir ?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" Quote
spektormax Posted October 20, 2006 Posted October 20, 2006 haha wow a buffer overflow in windows I would have never guessed, this ones rather worthless though since its not in IE It works, but I have DEP as well Quote
cooper Posted October 20, 2006 Posted October 20, 2006 Could you perhaps use this to insert shellcode which would give you a shell? I thought it was public knowledge that the Windows command line can only take 256 characters? Quote
jollyrancher82 Posted October 20, 2006 Posted October 20, 2006 As all XP machines have DEP enabled, CMD is protected by that, so shellcode wouldn't execute. Quote
spektormax Posted October 20, 2006 Posted October 20, 2006 yeh beacuse cmd is based off of command.com which could only have an 8-bit instcurtion space, it was never changed becsue the peopel at micro$oft never saw a reason to Quote
Guest Posted October 21, 2006 Posted October 21, 2006 As all XP machines have DEP enabled, CMD is protected by that, so shellcode wouldn't execute. You can get around the DEP protection though. http://www.maxpatrol.com/defeating-xpsp2-heap-protection.htm Quote
madlogik Posted October 22, 2006 Posted October 22, 2006 thanks.. I made a .bat :) crash on demand I dont believe there is something to be made out of it tough... OR I cant imagine how / what would be involved ! other than, haha I made you waste time starting the debugger! LMAO.. but hey still thanks! :) -mad Quote
Ebola Eater of Packets Posted October 22, 2006 Posted October 22, 2006 Well, couldn't you be a real bastard and make it a preliminary boot function? I mean, it's a DOS command, it'll run before windows boots. Quote
madlogik Posted October 22, 2006 Posted October 22, 2006 something to try.. but I dont know if its for the win32 cmd only.. ? hey try it on a floppy boot disk! and tell me! Quote
Mick Posted October 28, 2006 Posted October 28, 2006 Wow. Windows Server 2003's cmd.exe does nothing, it doesn't give me a DEP message, no "AAAAAAAAAA..." cannot be found as would be expected. Nothing. But in command.com on the same machine, when I pasted it, it started making this long sequence of beeps from the motherboard, then when the beeping stopped, i just closed the window and didn't want to even try running it, but I then got a Stop Error (BSOD) and had to ruin my uptime. (I know, dont test exploits on your webserver) Quote
moonlit Posted October 29, 2006 Posted October 29, 2006 (I know, dont test exploits on your webserver) "Hey lads, we got a new guy here...." Quote
a5an0 Posted October 30, 2006 Posted October 30, 2006 (I know, dont test exploits on your webserver) "Hey lads, we got a new guy here...." /me looks up from trying over run on production server you say something? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.