MonkeyShell: using XML-RPC for access to a remote shell

From: Abe Usher (securitylist_at_sharp-ideas.net)
Date: 10/11/04

  • Next message: Pete Herzog: "better late than never.... (was Re: Penetration testing scope/outline)"
    Date: Sun, 10 Oct 2004 22:39:32 -0400
    To: pen-test@securityfocus.com
    
    

    Security pundits have been warning about the dangers implicit with Web
    services for years. A good starting point for understanding the security
    issues related to Web services can be found at:
    http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci872720,00.html

    Of course to really understand the security risks posed by Web services,
    you need to understand the basics of Web services. Enter an application
    I wrote called "Monkey Shell."

    MonkeyShell is a simple open source Python application that uses
    extensible markup language remote procedure calls (XML-RPC) to execute
    commands through a remote system shell.

    I kept the code terse (less than 100 lines total) so that it can be
    studied easily. It is similar to netcat except instead of "shell
    shoveling" data through a raw TCP connection, it wraps data in XML and
    transports it over HTTP.

    MonkeyShell is freely available at:
    http://www.sharp-ideas.net/

    Cheers,
    Abe Usher, CISSP

    ------------------------------------------------------------------------------
    Internet Security Systems. - Keeping You Ahead of the Threat

    When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology.

    http://www.securityfocus.com/sponsor/ISS_pen-test_041001
    -------------------------------------------------------------------------------


  • Next message: Pete Herzog: "better late than never.... (was Re: Penetration testing scope/outline)"

    Relevant Pages

    • [fw-wiz] MonkeyShell: using XML-RPC for access to a remote shell
      ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ...
      (Firewall-Wizards)
    • MonkeyShell: using XML-RPC for access to a remote shell
      ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ...
      (FreeBSD-Security)
    • Microsoft .NET
      ... reading up various documents that discuss - "What is Microsoft .Net" ... I'm trying to write a paper on security and software development using ... utilize connected solutions using Web services, ... language, of course, but also: ...
      (microsoft.public.dotnet.general)
    • MonkeyShell: using XML-RPC for access to a remote shell
      ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ...
      (NT-Bugtraq)
    • [Full-Disclosure] MonkeyShell: using XML-RPC for access to a remote shell
      ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ...
      (Full-Disclosure)