lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 19 Sep 2008 19:25:30 -0400
From: 545945 <545945@...il.com>
To: "Kurt Buff" <kurt.buff@...il.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Reverse Shell Without Enabling Netcat's
	"GAPING_SECURITY_HOLE"

Funny I actually saw your reply before my original post with the
method in it was posted.  The question was he wanted the easiest
method using Netcat.  On a system that you may not have a lot of
access to (i.e. one you are running an exploit against) downloading
cryptcat and running that would be a lot harder since it is not
included in any of the standard *Nix distros, where as Netcat usually
is.  So the goal is to get a reverse shell using as little effort as
possible and if the ability exists without having to run a bunch of
commands on a remote server then why not.  But you are correct as I
stated in the original post, there is more than one way to do this.
In the end it is the results that make them happy getting there is
one's own choice.



On Fri, Sep 19, 2008 at 6:28 PM, Kurt Buff <kurt.buff@...il.com> wrote:
> On Fri, Sep 19, 2008 at 3:01 PM, 545945 <545945@...il.com> wrote:
>>      Recently a friend of mine asked me a seemingly simple question.  What
>> is the easiest method to get a reverse shell from a *nix based system using
>> Netcat.  He then added a caveat, that he did not want worry about
>> recompiling the source to enable the "GAPING_SECURITY_HOLE" option that
>> allows you to bind a shell using "-e".  My first thought was to say "Dude go
>> check Google and stop bothering me with this piddly shit", however I have in
>> the past had this same discussion with others and trying to construct a
>> Google search string and get meaningful results on this subject can prove
>> very irritating.  Because of this I gave in and told him the method I use
>> which is laid out below.  I then had the thought that I should post it
>> somewhere else so it was a little easier for the next person to find.  I say
>> "somewhere else" because I can only assume that I am not the first person to
>> post this method.
>
> <snip>
>
> Or you could just grab cryptcat and be done with it, if I understand
> what you're after.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ