Hi, you can use the reverse shell from THC ( http://www.thc.org/releases/rwwwshell-2.0.pl.gz) <cut> Well, a program is run on the internal host, which spawns a child every day at a special time. For the firewall, this child acts like a user, using his netscape client to surf on the internet. In reality, this child executes a local shell and connects to the www server owned by the hacker on the internet via a legitimate looking http request and sends it ready signal. The legitimate looking answer of the www server owned by the hacker are in reality the commands the child will execute on it's machine it the local shell. All traffic will be converted (I'll not call this "encrypted", I'm not Micro$oft) in a Base64 like structure and given as a value for a cgi-string to prevent caching. </cut> You can use netcat compiled with the execute option and run with a time option to connect to your machine either. Reguards, VP ______________________________________________ Victor Pereira - LPI, CCSA, CCSE - Security Analyst http://www.modulo.com.br http://getdata.codigolivre.org.br
This archive was generated by hypermail 2b30 : Wed Jul 30 2003 - 12:33:18 PDT