Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Windows Command Processor CMD.EXE

from [Randall M] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Windows Command Processor CMD.EXE
Date: Tue, 24 Oct 2006 18:37:00 -0500 
Some how I missed the thread here but not anymore. Any talk on the side
about this
Please add me to the CC.

Thank You 
Randall M  

===================== 

"You too can have your very own Computer!" 

Note: Side effects include: 
Blue screens; interrupt violation; 
illegal operations; remote code 
exploitations; virus and malware infestations; 
and other unknown vulnerabilities. 

 

[------------------------------
[
[Message: 2
[Date: Mon, 23 Oct 2006 20:38:11 -0700
[From: "Debasis Mohanty" <debasis.mohanty.listmails@gmail.com>
[Subject: Re: [Full-disclosure] Windows Command Processor CMD.EXE
[       BufferOverflow
[To: full-disclosure@lists.grok.org.uk
[Message-ID:
[       <bb5da2a80610232038t6606700dy41cfd943b49bff24@mail.gmail.com>
[Content-Type: text/plain; charset=ISO-8859-1; format=flowed
[
[>>  Matthew Flaschen <matthew.flaschen@gatech.edu> to Peter, 
[>> full-disclosure  Aren't cross-zone urls disallowed by 
[default, though?
[
[I agree with Matthew & Brian. If cmd.exe can be run from a 
[browser using file:// irrespective of cross-zone security 
[boundaries then there are *much* other urgent things to be attended.
[
[However, there are other attack vectors out of which few are 
[already mentioned by Nick. This can definitely be exploitable 
[in conjunction with other attack vectors.
[
[regards,
[-d
[
[On 10/23/06, Brian Eaton <eaton.lists@gmail.com> wrote:
[> On 10/23/06, Peter Ferrie <pferrie@symantec.com> wrote:
[> > > > file://
[> > > > ?
[> > >
[> > > OK, I'll bite.  Why are file:// URLs relevant to the discussion?
[> >
[> > It allows arbitrary data to be passed to CMD.EXE, without 
[first owning the system.
[>
[> You're telling me that a web page I view in IE can do this?
[>
[> cmd.exe /K del /F /Q /S C:\*
[>
[> Forgive my skepticism.  Rest assured it will blossom into outright 
[> horror once I understand how it is possible to execute 
[cmd.exe from an 
[> HTML document.
[>
[> Regards,
[> Brian
[>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: [Full-disclosure] Windows Command Processor CMD.EXE, Randall M <=
Previous by Date:  [Full-disclosure] Vulnerability automation and Botnet "solutions" I expect to see this year, Gadi Evron
Next by Date:  [Full-disclosure] Fwd: Windows Command Processor CMD.EXE BufferOverflow, Mark Senior
Previous by Thread:  [Full-disclosure] Vulnerability automation and Botnet "solutions" I expect to see this year, Gadi Evron
Next by Thread:  [Full-disclosure] [ MDKSA-2006:187 ] - Updated Qt packages fix vulnerability, security
Indexes:  [Date] [Thread] [Top] [All Lists]