Re: Bouncing with PHP

[Jeremy Kelley <jeremy () austin ibm com>]

Quoting Dave Aitel (dave () immunityinc com):
[snipped]
> 1. Lots of things have PHP so you know you always have the ability to 
> install a callback trojan on them you can bounce through even if you 
> can't execute real binaries.
>
> 2. All of the PHP Include and PHP Eval() bugs can now be used to 
> directly bounce other attacks through, without ever loading code on the 
> target system. This makes forensics harder and is convenient to boot! 
> Hurrah!

I think we're going to see a lot more of this for a couple of reasons.

1) the interp'd languages are so mature now.  I want to upload/download
something to/from your box and http does that quite well and will pass
through firewalls.  I don't have ot reinvent the wheel each time.
Python's motto is "batteries included" referring to the libraries that
are included.  Ever looked at just what's enabled in a default install
of PHP on the big linux distros?  Everything.

2) Seems that php/python/ruby is what most people really are comfortable
using now.  Schools are even starting to teach php and python as
secondary languages for projects, etc so the userbase just builds on
itself.

> As a side note, for those of you with iTunes you can now download Flight 
> of The Conchords, which is about two kiwi musicians and is quite funny.

Youtube has a bunch also, which works on linux.  :)

-j

-- 
Jeremy Kelley <jeremy () austin ibm com>               Sr. Threat Analyst
gpg  1024D/E0DF8B2D  4BC3 B8B5 5B42 CC8E B6A9 2E85 32D3 C51C E0DF 8B2D
That's the problem with science.  You've got a bunch of empiricists
trying to describe things of unimaginable wonder.      -Bill Watterson
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave