Hi Chris,
The problem with the RPC shell exploit was my failure to use a correct
return address. Against the 90% of the machines where the exploit failed, I
would receive this message:
-Using return address of 0x77e8367a
-Exploit appeared to have failed.
According to the exploit author, I can reduce the incidence of this error by
finding a "universal return address." He provided a methodology for doing
this, but it is a fair amount of work. I have not tried yet and don't know
if I will get around to it.
On a separate note, I did not fully follow your statement that "this is why"
you prefer vtun over ssh. I can appreciate the benefit of encryption, but
did you mean more than that?
P. S. Did Paul get hold of you about the September ISSA meeting? I think
he's very interested in your presentation.
Wow, three topics in one e-mail. I probably better quit now.
-----Original Message-----
From: christopher neitzert [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2003 5:10 PM
To: Robinson, Eric R.
Cc: '[EMAIL PROTECTED]'
Subject: Re: [RLUG] Just Call Me Script Daddy
Eric,
There is much fun to be had with reverse pipes and ssh tunnels in a
similar vein. This is also why i prefer vtun over ssh for tunneling.
And that RPC shell exploit is pretty nasty with regards to bypassing
firewalls and real-time access. I think that there will be greater
emphasis put on real-time stack level IDS in the near future as these
sorts of attacks grow more frequent.
_______________________________________________
RLUG mailing list
[EMAIL PROTECTED]
http://www.rlug.org/mailman/listinfo/rlug
