| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Aug 8 21:16:34 2005 From: frank at knobbe.us (Frank Knobbe) Subject: IDS or IPS detection and bypass On Mon, 2005-08-08 at 13:40 +0400, Ahmad N wrote: > I was trying to gain a reverse shell to a website the other day using > a buffer overflow exploit, unfortunaetly it seems like they have some > kind of > buffer overflow exploit protection coming from and IDS or IPS Or they just have the web server properly firewalled so that no outbound connections from the web server are allowed to the outside. No black-magic-IPS-fu required there. Instead of using a reverse shell, either have the exploit crash the web server and set up a listener on port 80 and use a forward shell, or better yet, use an inline-shell that re-uses the already established session you have with the web server. HTH, Frank -- Ciscogate: Shame on Cisco. Double-Shame on ISS. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050808/32c8b2d8/attachment.bin
Powered by blists - more mailing lists