Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

perl/php connect-back backdoor?

From: "Victor Pereira" <vpereira () modulo com br>
Date: Tue, 29 Jul 2003 16:33:13 -0300

Hi, you can use the reverse shell from THC (
http://www.thc.org/releases/rwwwshell-2.0.pl.gz)

<cut>
Well, a program is run on the internal host, which spawns a child every day
at a special time. For the firewall, this child acts like a user, using his
netscape client to surf on the internet. In reality, this child executes a
local shell and connects to the www server owned by the hacker on the
internet via a legitimate looking http request and sends it ready signal.
The legitimate looking answer of the www server owned by the hacker are in
reality the commands the child will execute on it's machine it the local
shell. All traffic will be converted (I'll not call this "encrypted", I'm
not Micro$oft) in a Base64 like structure and given as a value for a
cgi-string to prevent caching.
</cut>

You can use netcat compiled with the execute option and run with a time
option to connect to your machine either.


Reguards,

VP
______________________________________________
Victor Pereira - LPI, CCSA, CCSE - Security Analyst

http://www.modulo.com.br
http://getdata.codigolivre.org.br
Previous By Date Next
Previous By Thread Next

Current thread: