Security pundits have been warning about the dangers implicit with Web services for years. A good starting point for understanding the security issues related to Web services can be found at: http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci872720,00.html Of course to really understand the security risks posed by Web services, you need to understand the basics of Web services. Enter an application I wrote called "Monkey Shell." MonkeyShell is a simple open source Python application that uses extensible markup language remote procedure calls (XML-RPC) to execute commands through a remote system shell. I kept the code terse (less than 100 lines total) so that it can be studied easily. It is similar to netcat except instead of "shell shoveling" data through a raw TCP connection, it wraps data in XML and transports it over HTTP. MonkeyShell is freely available at: http://www.sharp-ideas.net/ Cheers, Abe Usher, CISSP
Crist J. Clark
2004-Oct-11 13:52 UTC
MonkeyShell: using XML-RPC for access to a remote shell
On Sun, Oct 10, 2004 at 08:57:48PM -0400, Abe Usher wrote:> Security pundits have been warning about the dangers implicit with Web > services for years.http://www.faqs.org/rfcs/rfc3093.html I am not aware of an implementation. It'd be a nice demostration too. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org