Penetration Testing mailing list archives
MonkeyShell: using XML-RPC for access to a remote shell
From: Abe Usher <securitylist () sharp-ideas net>
Date: Sun, 10 Oct 2004 22:39:32 -0400
Security pundits have been warning about the dangers implicit with Web services for years. A good starting point for understanding the security issues related to Web services can be found at: http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci872720,00.html Of course to really understand the security risks posed by Web services, you need to understand the basics of Web services. Enter an application I wrote called "Monkey Shell." MonkeyShell is a simple open source Python application that uses extensible markup language remote procedure calls (XML-RPC) to execute commands through a remote system shell. I kept the code terse (less than 100 lines total) so that it can be studied easily. It is similar to netcat except instead of "shell shoveling" data through a raw TCP connection, it wraps data in XML and transports it over HTTP. MonkeyShell is freely available at: http://www.sharp-ideas.net/ Cheers, Abe Usher, CISSP ------------------------------------------------------------------------------ Internet Security Systems. - Keeping You Ahead of the ThreatWhen business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology.
http://www.securityfocus.com/sponsor/ISS_pen-test_041001 -------------------------------------------------------------------------------
Current thread:
- MonkeyShell: using XML-RPC for access to a remote shell Abe Usher (Oct 14)