Re: Netcat reverse shell and ftp

[René Østensen <rene.ostensen () gmail com>]

Avaya.Toons wrote:
> i too think so, like what su does, but here not only to the password
> prompt, almost all prompts
> (for eg: ftp> ) output of help etc..
>
> When i tried as >ftp -A ftp.attacker
> The same problem but since -A it logged in but no prompt, but the
> commands are all working.
>
> Any comments?
>
> On Mon, Jan 26, 2009 at 6:53 PM, David Howe
> <DaveHowe.Pentest () googlemail com> wrote:
>   
> > Avaya.Toons wrote:
> >     
> > > yup, i did the -e cmd.exe option thinking it would then pipe the stdin
> > > and stdout, and for  half way it caused no problem, see what i'm doing,
> > > ************************************************************************************
> > > See the Password prompt in victim (and no response in Attacker), not in
> > > attacker console, ie the first User prompt in attacker console and
> > > second password prompt in victim machine,
> > > The problem is only for ftp, all other commands are working fine, and
> > > ftp in a seperate stand alone console is working fine in both machines,
> > > no problems,
> > > what am i doing wrong, why my netcat not piping the second prompt?
> > >       
> > Must be a "feature" of ms ftp - probably trying to protect the password
> > prompt by doing something undocumented. You tried it using a response
> > script (-s:filename.ext in ftp parameters) or failing that, just wget?
> >
> >     
>
>
>   
I have had the same problem about a year ago, what I found is that if
you run the commands through netcat then they will work but if you try
to execute the shell like cmd.exe then you get "limited access" which
only let you run programs that doesn't try to connect outside. I'm not
going to say I'm an expert and might as well have had a wrong syntax,
just thought I wanted to share this with you guys.