RE: Creating a Custom Trojan after Social Engineering

From: Todd Towles (toddtowles_at_brookshires.com)
Date: 01/14/05

  • Next message: Jay D. Dyson: "Re: Discovering users by RCPT TO" 
    Date: Thu, 13 Jan 2005 17:02:00 -0600
To: "Eric McCarty" <eric@piteduncan.com>, "Slider Slider" <0bscur3@gmail.com>, <pen-test@securityfocus.com>

    http://ntsecurity.nu/papers/acktunneling/

    NetCat can be set to call out to a pre-defined IP, I believe.

    Search for Rx.exe as well - Windows Universal Reverse Shell Trojan

    > -----Original Message-----
    > From: Eric McCarty [mailto:eric@piteduncan.com]
    > Sent: Thursday, January 13, 2005 12:30 PM
    > To: Slider Slider; pen-test@securityfocus.com
    > Subject: RE: Creating a Custom Trojan after Social Engineering
    >
    > VNC offers the option to reverse connect using the -connect
    > command line.
    >
    > Here is an example of using SSH and VNC. Not quite a remote
    > access Trojan but very simple.
    >
    > http://faq.gotomyvnc.com/fom-serve/cache/128.html
    >
    >
    >
    >
    > -----Original Message-----
    > From: Slider Slider [mailto:0bscur3@gmail.com]
    > Sent: Wednesday, January 12, 2005 3:34 PM
    > To: pen-test@securityfocus.com
    > Subject: Creating a Custom Trojan after Social Engineering
    >
    > In the middle of a pen test and I have sucessfully SE'd some
    > employees to visit a website that I created to download a
    > keylogger. I was able to get a lot of information. I am
    > working on the firewall and there are no open ports or
    > services running, strictly internet access....so the thought....
    >
    > I want to exchange the executable keylogger for a trojan that
    > will connect to me from the client giving me remote access
    > control. I have sampled a few, but can't find any custom
    > programs where I can tell it what to do and when to uninstall.
    >
    > Has anyone tried this?
    >
    > 0bscur3
    >

  • Next message: Jay D. Dyson: "Re: Discovering users by RCPT TO"

    Relevant Pages

    • RE: Creating a Custom Trojan after Social Engineering
      ... Here is an example of using SSH and VNC. ... Creating a Custom Trojan after Social Engineering ... I want to exchange the executable keylogger for a trojan that will ... connect to me from the client giving me remote access control. ...
      (Pen-Test)
    • Re: win vnc
      ... I know it isn't a trojan - I've used it. ... I'm saying Deloder is known to ... install it without the user's knowledge. ... > Win VNC is not a trojan. ...
      (microsoft.public.security)