I also tested on a couple routers, no luck. ---snip Strings CiscoKill.exe Disk full while accessing %1..An attempt was made to access %1 past its end. No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1.. access %1 past its end.0An attempt was made to read from the writing %1. %1 has a bad format."%1 contained an unexpected object. %1 contains an incorrect schema. #Unable to load mail system support. Mail system DLL is invalid.!Send Mail failed to send message. pixels %1: %2 Continue running script? Dispatch exception: %1 Uncheck Check Mixed ----
Why mail?? Didnt see any suspect packets on tcp or udp didn't check other protocols. -----Original Message----- From: Joel R. Helgeson [mailto:[EMAIL PROTECTED] Sent: 24 July 2003 06:44 PM To: [EMAIL PROTECTED] I just tested it against one of my test cisco routers. nuthin happened. "Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." ----- Original Message ----- From: "amilabs" <[EMAIL PROTECTED]> To: "'amilabs'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, July 24, 2003 9:36 AM Subject: RE: [Full-Disclosure] Win32 Cisco Exploit > I meant to say it does NOT generate the correct type of packets below in > the last email I sent > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of amilabs > Sent: Thursday, July 24, 2003 9:57 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] Win32 Cisco Exploit > > > According to protocol trace file analysis it does generate the correct > types of packets to cause the exploit. Both the gui and the cmd line > send the packets out with ttl 128 and with 0 as the next protocol in the > IP header. This is what the app spits out. I did not test against a > router just took a quick peek with a protocol analyzer and it does not > look like it will work based on the packet trace. Can someone tell me > otherwise? > > ------------ ETHER Header ------------ > Destination: 00-03-A3-43-78-6B > Source: This Network Analyzer (00-04-55-2D-F8-A7) > Protocol: IP > FCS: E67BCBFA > > ------------ IP Header ------------ > Version = 4 > Header length = 20 > Differentiated Services (DS) Field = 0x00 > 0000 00.. DS Codepoint = Default PHB (0) > .... ..00 Unused > Packet length = 40 > Id = 1ed4 > Fragmentation Info = 0x0000 > .0.. .... .... .... Don't Fragment Bit = FALSE > ..0. .... .... .... More Fragments Bit = FALSE > ...0 0000 0000 0000 Fragment offset = 0 > Time to live = 128 > Protocol = 0 (0) > Header checksum = 04EB (Verified 04EB) > Source address = 10.1.1.28 > Destination address = 10.1.1.250 > 20 bytes of data > > Record #22 (From Node To Hub) Captured on 7/24/2003 at > 09:50:56.437327771 Length = 64 > > Frame Data: (Length = 64) > 0: 00 08 A3 4D 78 6B 00 02 55 5D F8 A7 08 00 45 00 ...Mxk.. > U]....E. > 16: 00 28 1E D4 00 00 80 00 04 EB 0A 01 01 1C 0A 01 .(...... > ........ > 32: 01 FA 45 10 00 14 2E 31 40 00 00 37 C1 76 7F 00 ..E....1 > @..7.v.. > 48: 00 01 0A 01 01 FA 00 00 00 00 00 00 E6 7B CB FA ........ > .....{.. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, July 23, 2003 5:18 PM > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] Win32 Cisco Exploit > > > Attached is a win32 version of the Cisco Exploit with a nice GUI. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ---------------------------------------------- Filtered by despammed.com. Tracer: MAA159361059067286 Remember: you can forward any spam that slips through the filters to the abuse desk here at Despammed. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
