Shell shoveling

Shell shoveling, in network security, refers to the act of redirecting the input and output of a shell to a service so that it can be remotely accessed.^[1]

In computing the most basic method of interfacing with the operating system is the shell, on Microsoft Windows based systems this is a program called cmd.exe or command.com, on Linux or Unix based systems it may be any of a variety of programs such as bash, ksh etc. This program accepts commands typed from a prompt and executes them, usually in real time, displaying the results to what is referred to as standard output, usually a monitor or screen.

In the shell shoveling process, one of these programs is set to run (perhaps silently or without notifying someone observing the computer) accepting input from a remote system and redirecting output to the same remote system; therefore the operator of the shoveled shell is able to operate the computer as if they were present at the console.^[2]

References

^ "'Inside-out' security", InfoWorld 22 (12): 49, March 20, 2000, http://books.google.hu/books?id=Lz0EAAAAMBAJ&lpg=PA49&dq=then%20this%20command%20%22shovels%22%20a%20remote%20commandshell%20from%20victim%20to%20attacker.com&pg=PA49#v=onepage&q&f=false
^ Tipton, Harold F.; Krause, Micki (2007), Information Security Management Handbook (6th ed.), CRC Press, p. 2839, ISBN 9781420013580

Kanclirz, Jan (2008), Netcat Power Tools, Syngress, p. 170, ISBN 978-1-59749-257-7, http://my.safaribooksonline.com/book/networking/network-management/9781597492577/the-dark-side-of-netcat/sd0e7238_b9781597492577000054