Re: pen test help please asap
From: 'ken'@FTUDate: 01/11/02
- Previous message: Magnus Ullberg: "WinPac 2.0"
- In reply to: Kimberly S.: "pen test help please asap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Jan 2002 19:20:08 -0500 From: "'ken'@FTU" <ken_at_ftu@yahoo.com> To: "Kimberly S." <kimsehhing@hotmail.com>
Kimberly S. wrote:
> Hi all,
>
> I am currently working on a no holds barred pen test that includes social
> engineering.
> As such, I intend to get a trojan installed onto the clients network via
> email or autostarting CDROM, but want something that is going to not be
> caught by AV software (they say they have Norton AV enterprise wide).
> I was hoping that someone out there in pen test land already had developed
> something of the same ilk and could save me some time by sending me a copy
> or linking to something I could use.
>
> Features desired are:
>
> 1>>
> Machine A on client site makes a configurable encrypted OUTBOUND connection
> to Machine B. Desire a netcat type outbound connection on port 80 that will
> detect and use the clients existing Internet Browser proxy settings.
>
> I know this is quite a tall order; really the most important element is that
> Machine A makes the outbound connection, and that the traffic at least looks
> a bit like HTTP and it survives a reboot.
>
> Any help would be *so* appreciated!
>
>
Well, here is the only advice I can give you at this point.
Try to make the outbound connection 443. Encryption will thort attempts
to detect common network hacks. One property of encryption is that it
not only can scramble (and thus "hide") confidential network traffic,
but malicious traffic as well! :)
Also -- although I've read that many companies detect this now -- write
the email in HTML with Javscript that automatically runs the attachment.
This is especially good if the user has a preview window open. And
when you have the code that does that perhaps you are better off making
the email urgent. This in combination with social engineering the help
desk that you are a new user -- or what every user story you will give
them -- should really work great. "Hi I'm so-and-so... I need x,y,z
done... let me send you this email... blah blah blah..."
I believe there is a tool out there at scrambles common fingerprints to
known trojans -- such as subseven or back oriface -- but I do not
remember its name. Perhaps someone on this list will.
Good luck. I'd be interested to know how it turns out.
'ken'
-- "I grew convinced that truth, sincerity and integrity in dealings between man and man were of the utmost importance to the felicity of life, and I formed a written resolution to practise them ever while I lived." -Benjamin Franklin, The Autobiography of Benjamin Franklin---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: Magnus Ullberg: "WinPac 2.0"
- In reply to: Kimberly S.: "pen test help please asap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
