The most interesting part of the SME hack is upgrading from a crappy netcat to a full screen session [25:12]. Handy!https://www.youtube.com/watch?v=oTbI74ti0yY#t=25m12 …
-
so basically that's just shell code execution from a python process web server?
No, it's just a netcat shell. The point is he uses python to spawn a pty, fixes up the local terminal, then gets a screen going.
-
-
So he goes from a barebones broken non-interactive shell to a fully working screen session that can run vim.
-
And is this a exploit on a live website? Or internal test server?
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.