Fwd: Sending remote procedure calls through e-mail (RPC-Mail)

[Chris Kuethe <chris.kuethe () gmail com>]

I sent this to Abe (obviously) but I guess I can share with the list.


---------- Forwarded message ----------
From: Chris Kuethe <chris.kuethe () gmail com>
Date: Tue, 19 Oct 2004 20:51:31 -0600
Subject: Re: [Dailydave] Sending remote procedure calls through e-mail
(RPC-Mail)
To: Abe Usher <securitylist () sharp-ideas net>


Rather than using cron, I'd go for PGP encrypted messages. Incoming
messages go to through some method (an alias or procmail or...) to get
to PGP, validated and then fed to the shell. By validated, I mean at
least checking that a message comes from the expected key, plus
whatever else you might want to do to feel comfortable. Run the
message, which basically is a shell script, and reply by encrypted
email.

Except for the encrypted email part, cron handles that last part for
ya, so I guess I can see the value of using it...

CK



On Tue, 19 Oct 2004 22:27:38 -0400, Abe Usher
<securitylist () sharp-ideas net> wrote:
> Have you ever had the need to remotely send a command to a system, but
> you could not access it directly via ssh or telnet because the firewall
> is blocking all inbound connections?
>
> The practice of portknocking <http://www.portknocking.org/> provides an
> interesting network authentication mechanism for establishing a
> connection to a networked computer that has no open ports (as advertised
> on portknocking.org).
>
> While I find portknocking ingenious, it is somewhat cumbersome and
> overly complex for most users. I propose an alternative - send remote
> procedure calls via e-mail. I've coded an application that fits the
> bill: RPC-Mail.
>
> The premise of RPC-Mail is simple:
> (1) Construct an e-mail message that has a command that you want one of
> your remote PCs to execute.
> (2) Send the e-mail to a special account that is only used by RPC-Mail.
> (3) Have the remote PC set up with a scheduled task or cron job to
> periodically execute the application RPC-Mail.py.
> (4) When RPC-Mail.py executes, it parses all of the subject lines and
> message bodies of e-mail messages that it finds. If the message body
> contains a special passphrase, RPC-Mail executes the subject line as a
> command, and returns standard output as an e-mail message.
>
> For more information check out my full write up on:
> http://www.sharp-ideas.net/
>
> Cheers,
> Abe Usher, CISSP
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://www.immunitysec.com/mailman/listinfo/dailydave


--
GDB has a 'break' feature; why doesn't it have 'fix' too?


-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave