lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: securitylist at sharp-ideas.net (Abe Usher)
Subject: Sending remote procedure calls through e-mail (RPC-Mail)

Have you ever had the need to remotely send a command to a system, but 
you could not access it directly via ssh or telnet because the firewall 
is blocking all inbound connections?

The practice of portknocking <http://www.portknocking.org/> provides an 
interesting network authentication mechanism for establishing a 
connection to a networked computer that has no open ports (as advertised 
on portknocking.org).

While I find portknocking ingenious, it is somewhat cumbersome and 
overly complex for most users. I propose an alternative - send remote 
procedure calls via e-mail. I've coded an application that fits the 
bill: RPC-Mail.

The premise of RPC-Mail is simple:
(1) Construct an e-mail message that has a command that you want one of 
your remote PCs to execute.
(2) Send the e-mail to a special account that is only used by RPC-Mail.
(3) Have the remote PC set up with a scheduled task or cron job to 
periodically execute the application RPC-Mail.py.
(4) When RPC-Mail.py executes, it parses all of the subject lines and 
message bodies of e-mail messages that it finds. If the message body 
contains a special passphrase, RPC-Mail executes the subject line as a 
command, and returns standard output as an e-mail message.

For more information check out my full write up on:
http://www.sharp-ideas.net/

Cheers,
Abe Usher, CISSP


Powered by blists - more mailing lists