Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability

from [Ferdinand Klinzer] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability
Date: Mon, 23 Apr 2007 10:11:38 +0200 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

But that sound funny levent_ but still you are 31337 hacker
pz
:)


Am 22.04.2007 um 17:51 schrieb Levent Kayan:


On Sun, Apr 22, 2007 at 05:41:25PM +0200, Sebastian Rother wrote:

On Sun, 22 Apr 2007 01:32:35 -0400
kakaroto@kakaroto.homelinux.net (Youness Alaoui) wrote:


Hi,

I'm a developer and admin of the aMSN project, someone just sent  
me this link
( http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/ 
053912.html ).

I just grepped in the source code and that port (31337) is not  
used by aMSN, it could be a port used for a
profile (as a locking system), in which case the port is randomly  
chosen each time, so this is probably just a
fluke, he found the port of his current aMSN instance and used it.

As I don't have more info, I can't really test this bug and find  
the real cause and fix it, so it would be nice
to have more info about this.

Seeing how the user replied on the "Vendor contacted?" tag, I  
wonder if I can get any more info on this matter.

Thanks,
KaKaRoTo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


31337 is just an example port! aMSN is binding an ephermal port  
after you've
started it. Just do a netstat -an and look for ephermal ports. If  
you get the
aMSN port you can connect to it and sending some characters and  
you'll get
replies by aMSN.
If you send an '{' or '}' character to that amsn port, you'll notice
that aMSN is reporting an error message (amsn window).
But if you going to send more than one character of '}' or '{'
it will be killed. Yes, the whole client!

To "Ismail Soenmez": What about "DDoS"? Sending characters to that  
port in an
"infinite" loop is a DDoS for you?
-- 
Name: Levent Kayan
E-Mail: levent@corehack.org
GPG key:
0xd6794965
Key fingerprint:
FD20 03C3 DD7F 51BB 224F  F11E 0855 23C8 D679 4965
Website:
http://www.corehack.org/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFGLGo7ivpgT1glX4cRAl27AKDWqRE2UC1MA+gATnzPdzni7In0HwCeIuv8
hDQvRnyvcsG4ap6rg9zns40=
=hscD
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] FLEA-2007-0012-1: madwifi, Foresight Linux Essential Announcement Service
Next by Date:  Re: [Full-disclosure] Apparently eEye's blog got p0wnd, Valdis . Kletnieks
Previous by Thread:  Re: [Full-disclosure] [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability, Ismail Dönmez
Next by Thread:  Re: [Full-disclosure] [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability, Levent Kayan
Indexes:  [Date] [Thread] [Top] [All Lists]