monkeyshell[1].tar.gz提交时间:2004-10-13 提交用户:lam_19418 工具分类:攻击程序 运行平台:Unix/Linux 工具大小:2130 Bytes 文件MD5 :2a67de491d34810fc65543244c26cf6a 工具来源:http://www.sharp-ideas.net Security pundits have been warning about the dangers posed by web services for years. A good starting point for understanding the security issues related to Web services can be found here. Of course to really understand the security risks posed by web services, you need to understand the basics of web services. Enter Monkey Shell. Monkey Shell is a simple python application that uses extensible markup language remote procedure calls (XML-RPC) to execute remote commands through the system shell. It is similar to netcat, except instead of "shell shoveling" data through a raw TCP connection it wraps data in XML and transports it with HTTP (If you need a quick primer on XML-RPC, check XML-RPC.com). (1) Unzip and untar monkey_shell.tar.gz. On a *nix system, this will look something like: % tar xvfz monkey_shell.tar.gz (2) Next, open up monkey_shell.conf and change the configuration parameters to suit your preferences. (3) Set up the server script (monkey_shelld.py) on the remote system that you will be contacting later. (4) Start the server with the command 'python monkey_shelld.py' (5) Edit the client application (monkey_shell.py) so that it points to the appropriate server URL. (6) Connect to the monkey_shelld application with the client using the command 'python monkey_shell.py' That's it! >> 下载 << |
