Full Disclosure mailing list archives

Re: No shell => secure?

From: npguy <npguy () websurfer com np>
Date: Fri, 9 Jul 2004 21:14:07 +0545

On Friday 09 July 2004 08:19 am, hax wrote:

2)  That'd stop a lot of skript kiddies, I guess, but it'd be pretty
trivial to just rework the shellcode to call some other command
instead of /bin/sh.


if this is single target. attacker can guess your setting and keeping
executing any commands it could possible target to execute more attack
what about wget from shellcode.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

No shell => secure? Matthias Benkmann (Jul 08)
- Re: No shell => secure? hax (Jul 08)
  - Re: No shell => secure? npguy (Jul 09)
    - Re: No shell => secure? Kevin Ponds (Jul 09)
  - Re: No shell => secure? Matthias Benkmann (Jul 09)
    - Re: No shell => secure? Ron DuFresne (Jul 09)
    - Re: No shell => secure? Barry Fitzgerald (Jul 09)
    - Re: No shell => secure? Vincent Archer (Jul 12)
    - Re: No shell => secure? daniel uriah clemens (Jul 09)
- Re: No shell => secure? Nick FitzGerald (Jul 09)
- Re: No shell => secure? Ron DuFresne (Jul 09)
- Re: No shell => secure? Valdis . Kletnieks (Jul 09)
- Re: No shell => secure? Matthias Benkmann (Jul 09)

(Thread continues...)