Jump to content

Recommended Posts

Posted

I just got this emailed to me and thought it was interesting:

http://www.infogreg.com/security/misc/wind...r-overflow.html

%COMSPEC% /K "dir ?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

Posted

Could you perhaps use this to insert shellcode which would give you a shell? :wink:

I thought it was public knowledge that the Windows command line can only take 256 characters?

Posted

yeh beacuse cmd is based off of command.com which could only have an 8-bit instcurtion space, it was never changed becsue the peopel at micro$oft never saw a reason to

Posted

thanks.. I made a .bat :) crash on demand

I dont believe there is something to be made out of it tough...

OR I cant imagine how / what would be involved !

other than, haha I made you waste time starting the debugger!

LMAO..

but hey still thanks! :)

-mad

Posted

Wow. Windows Server 2003's cmd.exe does nothing, it doesn't give me a DEP message, no "AAAAAAAAAA..." cannot be found as would be expected. Nothing.

But in command.com on the same machine, when I pasted it, it started making this long sequence of beeps from the motherboard, then when the beeping stopped, i just closed the window and didn't want to even try running it, but I then got a Stop Error (BSOD) and had to ruin my uptime. (I know, dont test exploits on your webserver)

Posted
(I know, dont test exploits on your webserver)

"Hey lads, we got a new guy here...."

/me looks up from trying over run on production server

you say something?

:wink:

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...