Printable View
I just downloaded Cygwin the windows based *nix emulator/shell and i know that it's just another shell but what i dont know is it vulnerable in anyway? Cause i know in *nix systems you can just telnet into the ip adress and get a login screen, but you cant do that in windows you just get a banner. So I guess what im asking is, is cygwin a big hole in my system?
I also have Cygwin and Vsh on one of my win98 systems I tried to telnet into it but i was unsucessful i just got the http bad request and a system banner (timestamp, operateing system, default browser etc...) so no i dont think it is leaving your system vulnerable it's just a nother convient shell to have.
NO I TAKE IT BACK I TELNETED INTO PORT 23 AND I GOT THE CYGWIN LOGIN PROMPT BUT BECAUSE CYGWIN WHEN INSTALLED DOESNT REQUIRE YOU TO ENTER A ROOT PASSWORD YOU CAN JUST CRL+C AND GET THE COMMAND PROMPT I SUGGEST YOU GET BLACKICE OR DOWNLOAD A *NIX FIREWALL.
I'm no expert on this (I only use windows occasionally), but cygwin can only be vulnerable if you install some kind of server software (telnetd, sshd, ftpd, etc.). If you want to be able to access your machine remotely I would suggest scrapping telnet and trying ssh.
If your not sure about what services are running on your maching try nmap (I think this is available through cygwin) or superscan (for windows), and scan 'localhost' -- this should reveal any open ports.
under cygwin you can also run DOS commands
netstat -a
hiQuote:
netstat is ALSO a unix/linux command.
just don't ask me which came first.
regards,
mark.
Isn't cygwin like just a set of modified libs that interface between the OS and apps?
Ammo