Darren Kitchen Posted October 20, 2006 Share Posted October 20, 2006 I just got this emailed to me and thought it was interesting: http://www.infogreg.com/security/misc/wind...r-overflow.html %COMSPEC% /K "dir ?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 20, 2006 Share Posted October 20, 2006 haha wow a buffer overflow in windows I would have never guessed, this ones rather worthless though since its not in IE It works, but I have DEP as well Quote Link to comment Share on other sites More sharing options...
cooper Posted October 20, 2006 Share Posted October 20, 2006 Could you perhaps use this to insert shellcode which would give you a shell? I thought it was public knowledge that the Windows command line can only take 256 characters? Quote Link to comment Share on other sites More sharing options...
jollyrancher82 Posted October 20, 2006 Share Posted October 20, 2006 As all XP machines have DEP enabled, CMD is protected by that, so shellcode wouldn't execute. Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 20, 2006 Share Posted October 20, 2006 yeh beacuse cmd is based off of command.com which could only have an 8-bit instcurtion space, it was never changed becsue the peopel at micro$oft never saw a reason to Quote Link to comment Share on other sites More sharing options...
PoyBoy Posted October 21, 2006 Share Posted October 21, 2006 Is there berr involved? Quote Link to comment Share on other sites More sharing options...
Guest Posted October 21, 2006 Share Posted October 21, 2006 As all XP machines have DEP enabled, CMD is protected by that, so shellcode wouldn't execute. You can get around the DEP protection though. http://www.maxpatrol.com/defeating-xpsp2-heap-protection.htm Quote Link to comment Share on other sites More sharing options...
madlogik Posted October 22, 2006 Share Posted October 22, 2006 thanks.. I made a .bat :) crash on demand I dont believe there is something to be made out of it tough... OR I cant imagine how / what would be involved ! other than, haha I made you waste time starting the debugger! LMAO.. but hey still thanks! :) -mad Quote Link to comment Share on other sites More sharing options...
Ebola Eater of Packets Posted October 22, 2006 Share Posted October 22, 2006 Well, couldn't you be a real bastard and make it a preliminary boot function? I mean, it's a DOS command, it'll run before windows boots. Quote Link to comment Share on other sites More sharing options...
madlogik Posted October 22, 2006 Share Posted October 22, 2006 something to try.. but I dont know if its for the win32 cmd only.. ? hey try it on a floppy boot disk! and tell me! Quote Link to comment Share on other sites More sharing options...
Mick Posted October 28, 2006 Share Posted October 28, 2006 Wow. Windows Server 2003's cmd.exe does nothing, it doesn't give me a DEP message, no "AAAAAAAAAA..." cannot be found as would be expected. Nothing. But in command.com on the same machine, when I pasted it, it started making this long sequence of beeps from the motherboard, then when the beeping stopped, i just closed the window and didn't want to even try running it, but I then got a Stop Error (BSOD) and had to ruin my uptime. (I know, dont test exploits on your webserver) Quote Link to comment Share on other sites More sharing options...
moonlit Posted October 29, 2006 Share Posted October 29, 2006 (I know, dont test exploits on your webserver) "Hey lads, we got a new guy here...." Quote Link to comment Share on other sites More sharing options...
a5an0 Posted October 30, 2006 Share Posted October 30, 2006 (I know, dont test exploits on your webserver) "Hey lads, we got a new guy here...." /me looks up from trying over run on production server you say something? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.