[6806] in bugtraq
Re: NFS shell
daemon@ATHENA.MIT.EDU (Oliver Friedrichs)
Tue May 19 14:46:36 1998
Date: Tue, 19 May 1998 12:22:57 -0600
Reply-To: Oliver Friedrichs <oliver@SECURENETWORKS.COM>
From: Oliver Friedrichs <oliver@SECURENETWORKS.COM>
X-To: Leendert van Doorn <leendert@CS.VU.NL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <m0ybTx1-000eCgC@fluit.cs.vu.nl>
> The sources are in:
>
> ftp://ftp.cs.vu.nl/pub/leendert/nfsshell.tar.gz
>
> Suggestions for improvements are welcome.
Some interesting features that people will probably want to add to this:
- ability to query rpcbind/portmap on port 32771. rpcbind on (unpatched)
solaris listened on a port equal to, or above 32771. This allows you to
bypass any filters that may be blocking standard portmap/rpcbind on port
111.
- ability to perform NFS over port 4045. Solaris nlockmgr service will
accept any NFS packets and always listens on port 4045, probably because
it's a direct path into the kernel like NFS is. This allows you to
bypass any filters that may be blocking NFS traffic on port 2049.
Just 2 of a number of undocumented services that we found in Solaris...
- Oliver
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Network Associates, Inc. 2805 Bowers Ave, Santa Clara, CA, 95051
