Penetration Testing mailing list archives

RE: Netcat reverse shell and ftp


From: "Glafkos Charalambous" <glafkos () infosec org uk>
Date: Wed, 28 Jan 2009 10:23:19 +0200

Hello,

FTP is non interactive that's why you should echo your commands to a text
file and then ftp -s:file.txt to do the interaction through the file.

Regards,
Glafkos Charalambous

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of David Howe
Sent: Monday, January 26, 2009 3:23 PM
To: avaya.toons () gmail com
Cc: pen-test () securityfocus com
Subject: Re: Netcat reverse shell and ftp

Avaya.Toons wrote:
yup, i did the -e cmd.exe option thinking it would then pipe the stdin
and stdout, and for  half way it caused no problem, see what i'm doing,

****************************************************************************
********
See the Password prompt in victim (and no response in Attacker), not in
attacker console, ie the first User prompt in attacker console and
second password prompt in victim machine,
The problem is only for ftp, all other commands are working fine, and
ftp in a seperate stand alone console is working fine in both machines,
no problems,
what am i doing wrong, why my netcat not piping the second prompt?

Must be a "feature" of ms ftp - probably trying to protect the password
prompt by doing something undocumented. You tried it using a response
script (-s:filename.ext in ftp parameters) or failing that, just wget?





Current thread: