Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: IDS or IPS detection and bypass

Re: IDS or IPS detection and bypass

From: Frank Knobbe <frank_at_knobbe.us>
Date: Mon, 08 Aug 2005 15:16:19 -0500

On Mon, 2005-08-08 at 13:40 +0400, Ahmad N wrote:
> I was trying to gain a reverse shell to a website the other day using
> a buffer overflow exploit, unfortunaetly it seems like they have some
> kind of
> buffer overflow exploit protection coming from and IDS or IPS

Or they just have the web server properly firewalled so that no outbound
connections from the web server are allowed to the outside. No
black-magic-IPS-fu required there.

Instead of using a reverse shell, either have the exploit crash the web
server and set up a listener on port 80 and use a forward shell, or
better yet, use an inline-shell that re-uses the already established
session you have with the web server.

HTH,
Frank 

-- 
Ciscogate: Shame on Cisco. Double-Shame on ISS.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Received on Aug 08 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]