|
|
|
|
| |
Credit:
To keep updated with the tool visit the project's homepage at: http://www.sharp-ideas.net/archives/000048.html#more
|
| |
Security pundits have been warning about the dangers posed by web services for years. A good starting point for understanding the security issues related to Web services can be found here.
Of course to really understand the security risks posed by web services, you need to understand the basics of web services. Enter Monkey Shell. Monkey Shell is a simple python application that uses extensible markup language remote procedure calls (XML-RPC) to execute remote commands through the system shell. It is similar to netcat, except instead of "shell shoveling" data through a raw TCP connection it wraps data in XML and transports it with HTTP (If you need a quick primer on XML-RPC, check XML-RPC.com).
How do I get Monkey Shell up and running? Download it then:
(1) Unzip and untar monkey_shell.tar.gz. On a *nix system, this will look something like:
% tar xvfz monkey_shell.tar.gz
(2) Next, open up monkey_shell.conf and change the configuration parameters to suit your preferences.
(3) Set up the server script (monkey_shelld.py) on the remote system that you will be contacting later.
(4) Start the server with the command 'python monkey_shelld.py'
(5) Edit the client application (monkey_shell.py) so that it points to the appropriate server URL.
(6) Connect to the monkey_shelld application with the client using the command 'python monkey_shell.py'
That's it!
For screenshots and further information see the project's homepage.
|
|
|
|
|
|
|
