|
We are having some fun with reverse command shells here at NDOT. I
found some sample exploit code on the Internet and compiled it with Visual C++.
I started a netcat session on my Linux machine, then ran my new executable
on the Windows box. Bingo! It connected to the Linux machine and rendered up a
Windows command shell. The executable hid itself from the Windows process list,
so it was not visible in Task Manager or even to third-party tools such as pslist
from SysInternals. I am using this fun little experiment to demonstrate to folks here at
NDOT how a simple executable could be used to bypass our firewall and give a
remote intruder real-time access to the NDOT network. I have been studying security for a few years, but this is only the
second or third time I have compiled exploit code. (I also compiled the recent Windows
RPC shell exploit, which supposedly works against all flavors of Windows,
although it only worked against about 10% of the machines I tested.) I guess this officially makes me a script kiddy, although I am 42, so
perhaps script “daddy” would be more accurate. :-) Of course, this sort of thing will be old hat to many of you. Does
anyone else in the list do this kind of experimentation? It would be fun to
compare notes. -- Eric Robinson |
- Re: [RLUG] Just Call Me Script Daddy Robinson, Eric R.
- Re: [RLUG] Just Call Me Script Daddy Mark C. Ballew
- RE: [RLUG] Just Call Me Script Daddy Jess Wellman
- RE: [RLUG] Just Call Me Script Daddy Kyle T. Smith
- Re: [RLUG] Just Call Me Script Daddy christopher neitzert
- RE: [RLUG] Just Call Me Script Daddy Robinson, Eric R.
