Bouncing with PHP

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There are lots of operating systems that are not within Immunity's 
direct focus for whatever reason. But when you're hip-deep in a network, 
you don't want to hear "I can't bounce that exploit through a ten year 
old AIX webserver". One solution is to spend lots of time writing MOSDEF 
back-ends for every platform under the sun. The other one is to write 
MOSDEFSock implementations in a bunch of interpreted languages, and hope 
the target has PHP, Perl, Python, or Java installed. Not in that order, 
probably.

So recently we updated the PHP trojan to support MOSDEF-Sock, and you 
can see a little demo of it working here:
http://www.immunityinc.com/documentation/php_demo.html

This is good for two reasons:

1. Lots of things have PHP so you know you always have the ability to 
install a callback trojan on them you can bounce through even if you 
can't execute real binaries.

2. All of the PHP Include and PHP Eval() bugs can now be used to 
directly bounce other attacks through, without ever loading code on the 
target system. This makes forensics harder and is convenient to boot! 
Hurrah!

As a side note, for those of you with iTunes you can now download Flight 
of The Conchords, which is about two kiwi musicians and is quite funny.

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIMdxCtehAhL0gheoRAo8XAJ0Q4VLCWkYSxsdcb+VW9TIaqVWFtACfY7Cl
iT6xkmTCAJcX4GBfXO5rp4g=
=1ir2
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave