Net Send Overrun?

OK, in Windows 2000 or NT, the Messenger service is usually run from a console, which has a maximum command length of 250 [or something]. And if you run it from a 'run' menu it does the same.

But consider this: place this in a Visual Basic form.

--------------------------------------
Private Sub Form_Load()

Dim strMessage As String
strMessage = "[Large number of letters]"
Shell "net send localhost " & strMessage & strMessage & _ strMessage & strMessage & strMessage & strMessage & _ strMessage & strMessage & strMessage & strMessage

End Sub
---------------------------------------

(The same can be achieved with any other programming languages)


Is this buffer exploitable? Please tell me. I've tried and nothing's worked.

fiend...

I don't run Win2000 so I can't test it but...

The code that you have just posted is the equivilent to typing this at the Start > Run menu:

net send localhost [a really long message]

The VB code you supplied would have saved you the extra typing...but it could have all been typed by the user at the command line.

If the Messenger service has a maximum input of 250 characters, then it will not accept the "really long message" either way (by typing or VB program).

Sorry, Good thought though :)

Hope this Helped :)

btw net send will que 6 messages, so thats about the worst you can do is DoS attack the localhost or user. batch files is the way we tested. never did see a buffer overflow, we tried!