Vulnerability Development mailing list archives
perl/php connect-back backdoor?
From: "Victor Pereira" <vpereira () modulo com br>
Date: Tue, 29 Jul 2003 16:33:13 -0300
Hi, you can use the reverse shell from THC ( http://www.thc.org/releases/rwwwshell-2.0.pl.gz) <cut> Well, a program is run on the internal host, which spawns a child every day at a special time. For the firewall, this child acts like a user, using his netscape client to surf on the internet. In reality, this child executes a local shell and connects to the www server owned by the hacker on the internet via a legitimate looking http request and sends it ready signal. The legitimate looking answer of the www server owned by the hacker are in reality the commands the child will execute on it's machine it the local shell. All traffic will be converted (I'll not call this "encrypted", I'm not Micro$oft) in a Base64 like structure and given as a value for a cgi-string to prevent caching. </cut> You can use netcat compiled with the execute option and run with a time option to connect to your machine either. Reguards, VP ______________________________________________ Victor Pereira - LPI, CCSA, CCSE - Security Analyst http://www.modulo.com.br http://getdata.codigolivre.org.br
Current thread:
- perl/php connect-back backdoor? Ingram (Jul 28)
- RE: perl/php connect-back backdoor? Rick Patel (Jul 28)
- Re: perl/php connect-back backdoor? Knud Erik Højgaard (Jul 28)
- Re: perl/php connect-back backdoor? Diode Trnasistor (Jul 30)
- <Possible follow-ups>
- perl/php connect-back backdoor? Victor Pereira (Jul 30)