MonkeyShell: using XML-RPC for access to a remote shell

• Previous message: Paul Szabo: "Eudora 6.2.0.7 attachment spoof"
• Next in thread: Barry Dorrans: "Re: MonkeyShell: using XML-RPC for access to a remote shell"
• Reply: Barry Dorrans: "Re: MonkeyShell: using XML-RPC for access to a remote shell"
• Reply: Darryl Luff: "Re: MonkeyShell: using XML-RPC for access to a remote shell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Sun, 10 Oct 2004 22:38:50 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Security pundits have been warning about the dangers implicit with Web
services for years. A good starting point for understanding the security
issues related to Web services can be found at:
http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci872720,00.html

Of course to really understand the security risks posed by Web services,
you need to understand the basics of Web services. Enter an application
I wrote called "Monkey Shell."

MonkeyShell is a simple open source Python application that uses
extensible markup language remote procedure calls (XML-RPC) to execute
commands through a remote system shell.

I kept the code terse (less than 100 lines total) so that it can be
studied easily. It is similar to netcat except instead of "shell
shoveling" data through a raw TCP connection, it wraps data in XML and
transports it over HTTP.

MonkeyShell is freely available at:
http://www.sharp-ideas.net/

Cheers,
Abe Usher, CISSP

--
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
--

• Previous message: Paul Szabo: "Eudora 6.2.0.7 attachment spoof"
• Next in thread: Barry Dorrans: "Re: MonkeyShell: using XML-RPC for access to a remote shell"
• Reply: Barry Dorrans: "Re: MonkeyShell: using XML-RPC for access to a remote shell"
• Reply: Darryl Luff: "Re: MonkeyShell: using XML-RPC for access to a remote shell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages MonkeyShell: using XML-RPC for access to a remote shell ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ... (Pen-Test) [fw-wiz] MonkeyShell: using XML-RPC for access to a remote shell ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ... (Firewall-Wizards) MonkeyShell: using XML-RPC for access to a remote shell ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ... (FreeBSD-Security) [Full-Disclosure] MonkeyShell: using XML-RPC for access to a remote shell ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ... (Full-Disclosure) Microsoft .NET ... reading up various documents that discuss - "What is Microsoft .Net" ... I'm trying to write a paper on security and software development using ... utilize connected solutions using Web services, ... language, of course, but also: ... (microsoft.public.dotnet.general)