Sounds confusing right? The following image should clear things up. Create a FIFO file system object and use it as a backpipe to relay standard output from commands piped from netcat to /bin/bash back into netcat. When the GAPING_SECURITY_HOLE is disabled, which means you don't have access to the '-e' option of netcat, most people pass on using netcat and move to something else.
It is based on the common technique used to build netcat relays. This is a little trick that Ed Skoudis tweeted about in November of last year, but I haven't seen it widely publicized. netcat with GAPING_SECURITY_HOLE disabled:
Fire up a listener on the attacker machine on a port which is reachable from the target and connect back to the listener with netcat. Starting from the easiest and most common, here are some of the techniques which can be used to gain reverse shell on the target system. There are many instances of this scenario. Whether it be via a Remote Command Execution vulnerability in a website, or some sort of php injected XSS which causes a privileged user to run commands on the target system. The scenario is this: You have the ability to run a simple command, or cause a user to run a simple command, on the target system. Well, not to worry my friends, there are many techniques for spawning shells, specifically reverse shells, from linux, and one or more of these techniques is bound to be available no matter which distro you're looking at. Which means when engaging these different flavors during a pentest, what works against one linux target to get an interactive shell, may not work against another. There are many distributions of linux, and they all do things a little different regarding default security and built-in tool sets.
0 kommentar(er)
