BufferOverflow Advisory #2 - The NetOp Remote Control for NT tool allows anyone with a client to connect to the host software and download any file. Version 6 is vulnerable.
c8aecbf2235c9cb21ac221f98f56af1a9457a30fea67a017427f132b915b270a
_____________________________________________________________________
b u f f e r 0 v e r f l 0 w s e c u r i t y a d v i s o r y # 2
Advisory Name: NetOp, Bypass of NT Security to retrieve files
Date: 12/4/00
Application: NetOp Remote Control
Vendor: Danware
WWW: www.netop.dk
Severity: Any user can browse and even download
files from the remote computer
Author: axess ( axess@mail.com )
Homepage: www.b0f.com
* Overview
NetOp is a remote administrator control tool that allows you to capture
the screen and it will act as if you were infront of it.
Its a client / host based software.
* The Problem
By default there is no account set up for verify that you are authorised to use
the host software running on the server and anyone that has an client for it can
access the screen.
Default port 6502 is used.
I have done a lot of testing of this and found out that most of the people running
it dont use the accounts that can be set up to verify with an account and password
that u are allowed to use the host.
They rely on the NT security with locking the screen that should be enough.
So if we log on we get a normal screen that says login with administrator account.
Not easy to bypass, but then there is a function that you can use called file transfer.
I use that method and a screen that looks like explorer will appear and you can download
sam._ or what ever file you want and start cracking it while just bypassing all
the NT security.
* Vulnerable Versions
Version 6 is the only one tested but i beleive all versions
prior to that is vulnerable.
* Fix
6.5 has just been released and uses the NT security that will fix this problem.
copyright © 1999-2000
axess , buffer0verfl0w security
www.b0f.com