|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
SubSeven 2.1a (trojan)
Subject: SubSeven 2.1a (trojan)
From: Andrew Griffiths (d1g17al
HOTMAIL.COM)
Date: Wed Jan 19 2000 - 16:58:41 CST
- Next message: Oliver Friedrichs: "Re: usual iploggers miss some variable stealth scans"
- Previous message: David LeBlanc: "Re: XML in IE 5.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
There is a buffer overflow in Subseven 2.1a. It happens when you tell the
server to execute a dos command > 315 chars long. Depending on how long it
is, you can get it to quit quietly (not sure how long) plain crash (eip not
written over) or trash every variable there. (Around 4000 i think.)
Hell, I'm not sure if it's a bug in the OS (Win95 tested on) that can't
handle it but anyway.
An interesting side effect seems to be that stops connections to 139. I'm
not sure if it affects others I haven't had the time, lately.
The default install port is 27374, (assuming no password) type DOS
xxxxx(lot's x's)xxxxx and the connection should drop. There is some script I
wrote for the Nessus scanner (www.nessus.org) that'll get it to crash.
Catch ya,
Andrew Griffiths
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
- Next message: Oliver Friedrichs: "Re: usual iploggers miss some variable stealth scans"
- Previous message: David LeBlanc: "Re: XML in IE 5.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Thu Jan 20 2000 - 17:32:06 CST