From: Gareth Bromley (gbromley@intstar.com)
Date: Sat Feb 08 2003 - 17:02:27 EST
As subject:
Got some projects involving Citrix (also I guess MS Terminal server) coming
up, and was pondering some ways to subvert the desktop when the file sharing
option has been disabled.
So far I've come up with the following ideas:
- Using the clipboard copy feature, copy an archive of exploit(s) to the
local PC clipboard, and then paste onto remot desktop.
- If this dont work due to OLE/Binary transfer issues, how about same
concept as above, but first UUEncode (or another means to turn binary into
text) the archive, then copy and paste and UUDecode the other end?
Any got any experience of either of these? Or other means?
As an aside, how about ways to interrupt running spawned scripts, say runing
a perl script through inetd, that just dumps data and then closes? I was
thinking Ctrl+C, Z etc... ot use telnet's send brk, ip, .... however on
testing on Linux and Solaris these dont work as I thought. Any ideas??
Gareth
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT