黑基网 首页 学院 电脑技术 查看内容

如何通过email方式发送rpc请求

2004-10-21 06:50| 投稿: net

摘要: Sending remote procedure calls through e-mail (RPC-Mail)Have you ever had the need to remotely send ...
Sending remote procedure calls through e-mail (RPC-Mail)Have you ever had the need to remotely send a command to a system, but you could not access it directly via ssh or telnet because the firewall is blocking all inbound connections?The practice of portknocking provides an interesting network authentication mechanism for establishing a connection to a networked computer that has no open ports (as advertised on portknocking.org).While I find this portknocking ingenious, it is somewhat cumbersome and overly complex for most users. I propose an alternative - send remote procedure calls via e-mail. I've coded an application that fits the bill: RPC-Mail.The premise of RPC-Mail is simple. Construct an e-mail message that has a command that you want one of your remote PCs to execute. Send the e-mail to a special account that is only used by RPC-Mail. Have the remote PC set up with a scheduled task or cron job to periodically execute the application RPC-Mail.py. When RPC-Mail.py executes, it parses all of the subject lines and message bodies of e-mail messages that it finds. If the message body contains a special passphrase, RPC-Mail executes the subject line as a command, and returns standard output as an e-mail message.Let's look at an example:(1) Compose the e-mail message. Enter the command to be executed as the subject line. Include the secret passphrase somewhere in the message body. (2) Confirm that the message was sent. (3) Have the remote machine set up with a recurring task to run RPC-Mail.py periodically (every minute?). In the example below, I invoke it manually only to show that it is being executed. The command runs and then sends a confirmation e-mail message. (4) The command results from standard output (the command shell) are sent back to the originator as an e-mail message. (5) The e-mail message includes the results of the command. In this specific example, my linux machine ran an nmap scan on my MySQL database server, showing that it is still "up." I wrote RPC-Mail to experiment with the imap libraries of python. It is NOT a hacking tool; all that it does it execute commands on a system that you already have access to. You are welcome to download my code and use it for legitimate purposes only.You may download RPC-Mail.py. If you refactor the code or make additions, please send me a copy.If you'd like an alternative for sending remote commands, please check out Monkey Shell, a similar project that uses XML-RPC for communication, or nmap bot, which sends commands via instant messenger.Posted by abeusher at October 19, 2004 09:30 PM CommentsAnd you authenticate and validate integrity of email how?Posted by: PKI-guy at October 20, 2004 02:41 AM SOAP supports any kind of transport, from HTTP to SMTP. That's real RPC, it's standardized, and implemented by a number of libraries in various languages.http://ws.apache.org/soap/faq/faq_chawke_smtp.htmlhttp://www-106.ibm.com/developerworks/webservices/library/ws-pyth12.htmlhttp://hyperthink.net/blog/CommentView,guid,d337a6f5-a0c8-45b8-920e-132391eedc31.aspxhttp://search.cpan.org/~byrne/SOAP-Lite-0.60a/lib/SOAP/Transport/MAILTO.pmPosted by: Anonymous at October 20, 2004 09:03 AM I'd be interested in integrating this with PGP: Create a keypair for the RPC-Mail user, and ensure that the user's keyring has your public key in it. In order to give RPC-Mail work to do, you'd need to encrypt the command to its public key, and sign it with your own. RPC-Mail would decrypt the command, validate your signature, and check that you are in the list of allowed users. Perhaps even check the command you want it to run against ACLs.Interesting idea.Posted by: Darren Chamberlain at October 20, 2004 12:10 PM    
小编推荐:欲学习电脑技术、系统维护、网络管理、编程开发和安全攻防等高端IT技术,请 点击这里 注册黑基账号,公开课频道价值万元IT培训教程免费学,让您少走弯路、事半功倍,好工作升职加薪!



免责声明:本文由投稿者转载自互联网,版权归原作者所有,文中所述不代表本站观点,若有侵权或转载等不当之处请联系我们处理,让我们一起为维护良好的互联网秩序而努力!联系方式见网站首页右下角。


鲜花

握手

雷人

路过

鸡蛋

相关阅读

发表评论

最新评论

引用 游客 2017-11-30 14:57
HlC9NC  <a href="http://yrncdnywqxvq.com/">yrncdnywqxvq</a>, [url=http://pxubuznrmvoj.com/]pxubuznrmvoj[/url], [link=http://hjpivrhfhikz.com/]hjpivrhfhikz[/link], http://dguugenelmlb.com/
引用 游客 2017-11-30 14:26
ZMoMXz  <a href="http://uwxvawlotzrc.com/">uwxvawlotzrc</a>, [url=http://mncqmbakptov.com/]mncqmbakptov[/url], [link=http://pnanqknqlcgk.com/]pnanqknqlcgk[/link], http://hnrlzqhktshk.com/
引用 游客 2017-11-28 09:29
t21Awv http://www.LnAJ7K8QSpfMO2wQ8gO.com

查看全部评论(3)


新出炉

返回顶部