[Full-Disclosure] Sending remote procedure calls through e-mail (RPC-Mail)

From: Abe Usher (securitylist_at_sharp-ideas.net)
Date: 10/20/04

  • Next message: http-equiv_at_excite.com : "[Full-Disclosure] How to Break Windows XP SP2 + Internet Explorer 6 SP2" 
    To: full-disclosure@lists.netsys.com
Date: Tue, 19 Oct 2004 22:26:43 -0400

    Have you ever had the need to remotely send a command to a system, but
    you could not access it directly via ssh or telnet because the firewall
    is blocking all inbound connections?

    The practice of portknocking <http://www.portknocking.org/> provides an
    interesting network authentication mechanism for establishing a
    connection to a networked computer that has no open ports (as advertised
    on portknocking.org).

    While I find portknocking ingenious, it is somewhat cumbersome and
    overly complex for most users. I propose an alternative - send remote
    procedure calls via e-mail. I've coded an application that fits the
    bill: RPC-Mail.

    The premise of RPC-Mail is simple:
    (1) Construct an e-mail message that has a command that you want one of
    your remote PCs to execute.
    (2) Send the e-mail to a special account that is only used by RPC-Mail.
    (3) Have the remote PC set up with a scheduled task or cron job to
    periodically execute the application RPC-Mail.py.
    (4) When RPC-Mail.py executes, it parses all of the subject lines and
    message bodies of e-mail messages that it finds. If the message body
    contains a special passphrase, RPC-Mail executes the subject line as a
    command, and returns standard output as an e-mail message.

    For more information check out my full write up on:
    http://www.sharp-ideas.net/

    Cheers,
    Abe Usher, CISSP

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: http-equiv_at_excite.com : "[Full-Disclosure] How to Break Windows XP SP2 + Internet Explorer 6 SP2"

    Relevant Pages

    • Re: error messages in mce 2005, why?
      ... The remote is considered optional, since you can order an MCE PC without a tuner. ... Most vendors like Sony, Dell, Compaq consider the remote an option. ... Execute the command regsvr32.exe atl.dll ...
      (microsoft.public.windows.mediacenter)
    • [EXPL] Psunami Bulletin Board CGI Remote Command Execution
      ... Due to a vulnerability in Psunami Bulletin ... a remote attacker can cause it to execute arbitrary commands as the ... #Psunami Bulletin Board CGI remote command execution ...
      (Securiteam)
    • Re: Executing a file remotely
      ... >That depends on how you'd execute any command on a remote machine. ...
      (comp.lang.python)
    • Re: netsh problem
      ... First get connected to the remote machine using the following command: ... This will get you to the netsh context on the remote server. ... If you want to do it within your automation and execute it on the remote ...
      (microsoft.public.windows.server.networking)
    • [UNIX] GNU Mailutils Multiple Vulnerabilities (Buffer Overflows, Format String, DoS)
      ... execute arbitrary code from remote using the GNU Mailutils programs. ... Remote exploitation of a format string vulnerability in the imap4d server ... The vulnerability specifically exists in the handling of the command tag ...
      (Securiteam)