-
October 20th, 2001, 02:26 PM
#1
Member
Net Send Overrun?
OK, in Windows 2000 or NT, the Messenger service is usually run from a console, which has a maximum command length of 250 [or something]. And if you run it from a 'run' menu it does the same.
But consider this: place this in a Visual Basic form.
--------------------------------------
Private Sub Form_Load()
Dim strMessage As String
strMessage = "[Large number of letters]"
Shell "net send localhost " & strMessage & strMessage & _ strMessage & strMessage & strMessage & strMessage & _ strMessage & strMessage & strMessage & strMessage
End Sub
---------------------------------------
(The same can be achieved with any other programming languages)
Is this buffer exploitable? Please tell me. I've tried and nothing's worked.
WE ARE the anti cancer...
WE ARE the only answer...
email
-
October 20th, 2001, 03:11 PM
#2
Hmm
fiend...
I don't run Win2000 so I can't test it but...
The code that you have just posted is the equivilent to typing this at the Start > Run menu:
net send localhost [a really long message]
The VB code you supplied would have saved you the extra typing...but it could have all been typed by the user at the command line.
If the Messenger service has a maximum input of 250 characters, then it will not accept the "really long message" either way (by typing or VB program).
Sorry, Good thought though
Hope this Helped
Simon Templer
\"Your work is to discover your world and then with all your heart give yourself to it. \"
-The Buddha
-
October 25th, 2001, 06:13 AM
#3
btw net send will que 6 messages, so thats about the worst you can do is DoS attack the localhost or user. batch files is the way we tested. never did see a buffer overflow, we tried!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|