Paid Advertising is
ha.ckers sla.cking
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Port knocking a web app for remote control.
Posted by: llvllatrix
Date: April 15, 2010 11:10AM

This was something that popped into my head after going through some port knocking docs. I was wondering if you guys have seen anything similar. The idea is that you want some sort of remote control over a web app; make a get or a post request and the server does something for you.

You don't want your modifications to be obvious, so instead you inject your code into the logging system. Every time the system makes a log, your code runs. From the outside, you then make a request that you know will fail and produce a log (like a failed log in attempt). Your injected code can then decode the log and run the appropriate instruction.

Is this threat known?

Options: ReplyQuote
Re: Port knocking a web app for remote control.
Posted by: Reiners
Date: April 17, 2010 02:35PM

i read about it on phrack if I remember correctly

Options: ReplyQuote

Sorry, only registered users may post in this forum.