[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] No shell => secure?

To: hax <uberhax@xxxxxxxxx>, Matthias Benkmann <msbremove-this@xxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] No shell => secure?
From: npguy <npguy@xxxxxxxxxxxxxxxx>
Date: Fri, 9 Jul 2004 21:14:07 +0545

On Friday 09 July 2004 08:19 am, hax wrote:
> 2)  That'd stop a lot of skript kiddies, I guess, but it'd be pretty
> trivial to just rework the shellcode to call some other command
> instead of /bin/sh.

if this is single target. attacker can guess your setting and keeping
executing any commands it could possible target to execute more attack
what about wget from shellcode.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] No shell => secure?
  - From: Kevin Ponds

References:
- [Full-Disclosure] No shell => secure?
  - From: Matthias Benkmann
- Re: [Full-Disclosure] No shell => secure?
  - From: hax

Prev by Date: [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)
Next by Date: Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08
Previous by thread: Re: [Full-Disclosure] No shell => secure?
Next by thread: Re: [Full-Disclosure] No shell => secure?
Index(es):
- Date
- Thread