Originally Posted by hhmatt81
Yes in various ways. User input (keyboard and mouse), updates from other nodes, search results, etc
P2P programs, Do they accept input?
Can they be exploited?
A DoS isn't an exploit?
I saw one on milw0rm for limewire but it looked more like a malformed http request and forced like a self DoS. Nothing that could return a shell.
Did you try "shutdown -a" ? (Abort shutdown).
Exploiting windows services like NetBIOS, This is what I've personally been struggling with lately. I'm trying to pwn my own box (XP Pro SP2 full updates) and I have shutdown almost every service I could, it has 3 listening ports for TCP 137, 139, and 445. Everytime I try to put the NetBIOS service into ollydbg I get a system error and about 45 seconds before automatic shutdown.
IIRC there's an entire Fuzzing menu. I'm not on a BT box right now so I can't really tell ya off the top of my head.
I cant use the ipc exploit because it is patched. I believe this was done in sp2. But it would make sense to me that you could overflow the user ID and Password fields if it didn't shutdown windows. Couldn't you run the necessary code to get your reverse shell then use a seperate pointer to redirect NetBIOS back so that it doesn't shutdown?
Is there a fuzzer in BT that knows many different protocols?
What about them.
What about those UDP ports that seem to be open?
Yes people do, however the nature of UDP makes things more difficult. (http://en.wikipedia.org/wiki/User_Datagram_Protocol)
I can't seem to find anything that exploits UDP ports. I have found a couple things for TFTP but that would be it. Does nobody even consider using these ports?
Depends on how you exploit it.
I know UDP is unreliable so couldn't UDP be used to spawn a listening TCP port?