Just out of curiosity, wouldn't netcat be run under the same user as the web server itself? If that's the case, surely having the shell for whatever user the web server runs as set to /bin/false would remove the ability of any program to execute in this manner.
I'll have a play with my web server though later on or tomorrow to be sure, as I host a few personal websites on one of my Gentoo boxes. Results to follow....
No, if you tell netcat to run /bin/bash it will still show the shell. The shell from /etc/passwd is only used for logins, it can be circumnavigated in a myriad of ways.
These sorts of vulnerabilities vary by configuration to configuration. It's not really a tutorial IMO, however it does illustrate that non-hardened systems are open to attack (which should be pretty obvious to most by now).
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
Reply With Quote