[TOOL] Web Shell (WSH), Remote UNIX/WIN Shell
From: SecuriTeam (support_at_securiteam.com)
Date: 06/16/03
- Previous message: SecuriTeam: "[UNIX] BNC Double File Locking Mechanism Allows Attackers to Cause a Denial of Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 16 Jun 2003 14:36:14 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
Latest attack techniques.
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
Learn more at http://www.coresecurity.com/promos/sit_e1,
or call 617-399-6980
- - - - - - - - -
Web Shell (WSH), Remote UNIX/WIN Shell
------------------------------------------------------------------------
DETAILS
Wsh, "Web Shell" - is a remote UNIX/WIN shell that works via HTTP/HTTPS.
The package contains two perl scripts for server and client hosts: the
first one is for console usage and the second one runs as CGI script on
the target host.
Example:
http://gray-world.net/images/wsh.gif
The key Web Shell features: SSL support (*), command line history support
(*), file upload/download, protect server part script usage with secret
key inside HTTP message, data flow Xor encoding, can work trough HTTP
proxy server (to hide client ip or bypass firewall).
(*) - Additional packages are required on the client host
ADDITIONAL INFORMATION
The tool can be downloaded from:
<http://gray-world.net/> http://gray-world.net/
The information has been provided by <mailto:alex@gray-world.net> Alex.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] BNC Double File Locking Mechanism Allows Attackers to Cause a Denial of Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [TOOL] Firepass, A Tunneling Tool
... The following security advisory is sent to the securiteam mailing list, and can be found at
the SecuriTeam web site: http://www.securiteam.com ... Latest attack techniques.
... both - client and server parts are written in Perl and the server ... server
and when client interact with it from the external network. ... (Securiteam) - [NEWS] XSS Vulnerability in Synkron.web CMS
... The following security advisory is sent to the securiteam mailing list, and can be found at
the SecuriTeam web site: http://www.securiteam.com ... Latest attack techniques.
... The information in this bulletin is provided "AS IS" without warranty of any kind.
... In no event shall we be liable for any damages whatsoever including direct, indirect,
incidental, consequential, loss of business profits or special damages. ... (Securiteam) - [NT] LiteServe Directory Index Cross-Site Scripting
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Web, email and FTP server.
... This is similar to the Apache XSS of last month. ... (Securiteam) - [NEWS] Lycos Authenticating Systems and Lycos News Server Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be found at
the SecuriTeam web site: http://www.securiteam.com ... Latest attack techniques.
... The information in this bulletin is provided "AS IS" without warranty of any kind.
... In no event shall we be liable for any damages whatsoever including direct, indirect,
incidental, consequential, loss of business profits or special damages. ... (Securiteam) - [NT] Directory Traversal bug in QuickFront Webserver
... The following security advisory is sent to the securiteam mailing list, and can be found at
the SecuriTeam web site: http://www.securiteam.com ... Quickfront "will help you
to capture emails ... directory traversal vulnerability in the product allows remote attackers
... When attacker sends a request to server in the following form: ... (Securiteam)
