Pages

Sunday, February 21, 2016

4 Pretty Amazing Random Things

So every now and then you come across something that's extremely novel and basic yet changes your very understanding and or thought process on a given subject. I have apparently hit a stroke of good luck this last week, as I came across 2 of them by pure chance. The last one I hinted at a few posts ago and I want to go over it again. I promise you they're not very well known so pay attention and I bet you'll learn something. A fair warning first tho, while each is pretty nifty, I have yet to find them "exploitable" except for maybe the last one... Lets get right down to it.


1: Navigating in linux and windows using the command line. Apparently I wasn't privileged enough to be part of the "in crowd" when everyone was explaining ease of navigation.

pushd: Will store a Directory

popd: Will pop you to the stored Directory

It works in both linux and windows, Ive used it more than once and trust me it does save some time!


2: The second one is somewhat known but still nifty, anytime you put a link in a page that doesn't have a tld at the end, or even if it does and windows cant find it. You're going to be sending out broadcast llmnr and nbns requests to your network looking for it. The really interesting part of this is that since browsers preload dns for "I think" all the links on a page, your going to hitting it no matter what, test it out like so...

<img alt="wow" src="http://wut.">

The way I found this out, is actually via misconfigured javascript on a site and I'm running noscript so think about that...


3: Probably the most interesting, and I already mentioned it before. NetBios 139 does NOT bind to 0.0.0.0. lets take a closer look.


As you can see it binds to your actual IP address, yet does NOT bind to localhost so we can in fact do this...


In addition to that you can see that its running as pid 4 "system", what makes it even more odd is that udp 137 and udp 138 also have the same behavior.


4: If I was to ping google.com the IP would resolve to... 216.58.216.238, and if I went to http://216.58.216.238 I would get a google page, well depending if they change the dns but this address is also the same google page http://3627735278 ... ya now that is interesting. It works in FF, IE, and from the cmdline. The funny part is this is how its expected to work for instance try this.




Anyways if I wanted to go to 127.0.0.1, it would be this 2130706433 I wrote a little script just to mess around with it and you can find it here.

https://github.com/trump0dump/ip_num



So what are the implications of this, well the first thing I tried was hitting a smb path and sadly it doesn't appear to work but my next immediate thought was in any sort of xss that filters for ....

So there you have it 4 randomly cool things, and I bet you learned something :)

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)