Results 1 to 7 of 7

Thread: Cygwin

  1. #1

    Cygwin

    I just downloaded Cygwin the windows based *nix emulator/shell and i know that it's just another shell but what i dont know is it vulnerable in anyway? Cause i know in *nix systems you can just telnet into the ip adress and get a login screen, but you cant do that in windows you just get a banner. So I guess what im asking is, is cygwin a big hole in my system?

  2. #2
    I also have Cygwin and Vsh on one of my win98 systems I tried to telnet into it but i was unsucessful i just got the http bad request and a system banner (timestamp, operateing system, default browser etc...) so no i dont think it is leaving your system vulnerable it's just a nother convient shell to have.

  3. #3
    NO I TAKE IT BACK I TELNETED INTO PORT 23 AND I GOT THE CYGWIN LOGIN PROMPT BUT BECAUSE CYGWIN WHEN INSTALLED DOESNT REQUIRE YOU TO ENTER A ROOT PASSWORD YOU CAN JUST CRL+C AND GET THE COMMAND PROMPT I SUGGEST YOU GET BLACKICE OR DOWNLOAD A *NIX FIREWALL.

  4. #4
    Junior Member
    Join Date
    Jun 2002
    Posts
    17

    cygwin security

    I'm no expert on this (I only use windows occasionally), but cygwin can only be vulnerable if you install some kind of server software (telnetd, sshd, ftpd, etc.). If you want to be able to access your machine remotely I would suggest scrapping telnet and trying ssh.

    If your not sure about what services are running on your maching try nmap (I think this is available through cygwin) or superscan (for windows), and scan 'localhost' -- this should reveal any open ports.

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    under cygwin you can also run DOS commands

    netstat -a
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    110
    Originally posted here by Tedob1
    under cygwin you can also run DOS commands

    netstat -a
    hi

    netstat is ALSO a unix/linux command.
    just don't ask me which came first.

    regards,
    mark.
    \'hi, welcome to *****. if you would like to speak to an operator, please hang up now.\'
    * click *

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Isn't cygwin like just a set of modified libs that interface between the OS and apps?

    Ammo
    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •