NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Immunitysec Daily Dave> 2004-q4

Re: [Dailydave] Sending remote procedure calls through e-mail (RPC-Mail)

From: David Maynor (dmaynorgmail.com)
Date: Tue Oct 19 2004 - 21:47:56 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I read this email 3 times hoping that I missed the security part of
your idea. Do you really want to be able to email rpc requests? You
are building an awesome avenue to bypass current security tools like
IPS. You can't really rely on the obscurity of the account name, it
would not take long for somebody to find it.

On Tue, 19 Oct 2004 22:27:38 -0400, Abe Usher
<securitylistsharp-ideas.net> wrote:
> Have you ever had the need to remotely send a command to a system, but
> you could not access it directly via ssh or telnet because the firewall
> is blocking all inbound connections?
>
> The practice of portknocking <http://www.portknocking.org/> provides an
> interesting network authentication mechanism for establishing a
> connection to a networked computer that has no open ports (as advertised
> on portknocking.org).
>
> While I find portknocking ingenious, it is somewhat cumbersome and
> overly complex for most users. I propose an alternative - send remote
> procedure calls via e-mail. I've coded an application that fits the
> bill: RPC-Mail.
>
> The premise of RPC-Mail is simple:
> (1) Construct an e-mail message that has a command that you want one of
> your remote PCs to execute.
> (2) Send the e-mail to a special account that is only used by RPC-Mail.
> (3) Have the remote PC set up with a scheduled task or cron job to
> periodically execute the application RPC-Mail.py.
> (4) When RPC-Mail.py executes, it parses all of the subject lines and
> message bodies of e-mail messages that it finds. If the message body
> contains a special passphrase, RPC-Mail executes the subject line as a
> command, and returns standard output as an e-mail message.
>
> For more information check out my full write up on:
> http://www.sharp-ideas.net/
>
> Cheers,
> Abe Usher, CISSP
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://www.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://www.immunitysec.com/mailman/listinfo/dailydave

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]