Dailydave mailing list archives
Bouncing with PHP
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 19 May 2008 16:00:03 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There are lots of operating systems that are not within Immunity's direct focus for whatever reason. But when you're hip-deep in a network, you don't want to hear "I can't bounce that exploit through a ten year old AIX webserver". One solution is to spend lots of time writing MOSDEF back-ends for every platform under the sun. The other one is to write MOSDEFSock implementations in a bunch of interpreted languages, and hope the target has PHP, Perl, Python, or Java installed. Not in that order, probably. So recently we updated the PHP trojan to support MOSDEF-Sock, and you can see a little demo of it working here: http://www.immunityinc.com/documentation/php_demo.html This is good for two reasons: 1. Lots of things have PHP so you know you always have the ability to install a callback trojan on them you can bounce through even if you can't execute real binaries. 2. All of the PHP Include and PHP Eval() bugs can now be used to directly bounce other attacks through, without ever loading code on the target system. This makes forensics harder and is convenient to boot! Hurrah! As a side note, for those of you with iTunes you can now download Flight of The Conchords, which is about two kiwi musicians and is quite funny. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIMdxCtehAhL0gheoRAo8XAJ0Q4VLCWkYSxsdcb+VW9TIaqVWFtACfY7Cl iT6xkmTCAJcX4GBfXO5rp4g= =1ir2 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Bouncing with PHP Dave Aitel (May 19)
- Re: Bouncing with PHP Jeremy Kelley (May 19)
- Message not available
- Re: Bouncing with PHP Jeremy Kelley (May 20)
- Message not available
- Re: Bouncing with PHP Jeremy Kelley (May 19)