On Wed, 2011-03-23 at 16:56 -0500, Donnie Berkholz wrote: > It's called reverse shellcode. One would exploit a vulnerability in your > web browser, email reader, or integrated apps/libraries (primarily > Flash, Evince/libpoppler, or Java) that provides the ability to run > arbitrary code as the local user to get the shellcode onto your system > and run it. Reverse shellcode then connects from your computer to a > remote server and provides them with a login shell.
Very interesting! I did a bit of looking. This appears to be far into the realm of grey-hat hacking. I found <http://linux.softpedia.com/get/System/Shells/Sishell-25119.shtml> and <http://projectshellcode.com/node/2>. This looks mostly like it's theoretical, proof of concept stuff, and some of it uses DNS as an intermediary agent. Do exploits based on on these techniques actually exist in the wild that you know of? Linux is unsinkable, just like the Titanic. -- Lindsay Haisley | "Never expect the people who caused a problem FMP Computer Services | to solve it." - Albert Einstein 512-259-1190 | http://www.fmp.com |
