lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4175CCE3.5060809@sharp-ideas.net> From: securitylist at sharp-ideas.net (Abe Usher) Subject: Sending remote procedure calls through e-mail (RPC-Mail) Have you ever had the need to remotely send a command to a system, but you could not access it directly via ssh or telnet because the firewall is blocking all inbound connections? The practice of portknocking <http://www.portknocking.org/> provides an interesting network authentication mechanism for establishing a connection to a networked computer that has no open ports (as advertised on portknocking.org). While I find portknocking ingenious, it is somewhat cumbersome and overly complex for most users. I propose an alternative - send remote procedure calls via e-mail. I've coded an application that fits the bill: RPC-Mail. The premise of RPC-Mail is simple: (1) Construct an e-mail message that has a command that you want one of your remote PCs to execute. (2) Send the e-mail to a special account that is only used by RPC-Mail. (3) Have the remote PC set up with a scheduled task or cron job to periodically execute the application RPC-Mail.py. (4) When RPC-Mail.py executes, it parses all of the subject lines and message bodies of e-mail messages that it finds. If the message body contains a special passphrase, RPC-Mail executes the subject line as a command, and returns standard output as an e-mail message. For more information check out my full write up on: http://www.sharp-ideas.net/ Cheers, Abe Usher, CISSP
Powered by blists - more mailing lists