Penetration Testing mailing list archives
Re: [PEN-TEST] penetrating trojan
From: Tom Vandepoel <Tom.Vandepoel () UBIZEN COM>
Date: Sat, 2 Dec 2000 23:19:25 +0100
Arthur Clune wrote:
I too can picture some terrifying scenarios where the connection is client initiated on port 80.Surely you can use netcat and "at" to get a system to "phone home", or am I missing something here?
That's the first step; haven't seen stuff like that in the wild yet. Ofcourse the goal of a pen-trojan is not to spread widely, but to quietly enter a network. So it will be less likely be discovered in the wild. I have spent some small amount of time trying to encapsulate netcat into a self-depacking vbs script; I have been using the GodMessage trojan as a template, but I haven't got it working yet. Shouldn't be that hard, though. I generally recommend customers to be very restrictive on outbound traffic, just to reduce the chance of a trojan 'phoning home'. Ofcourse, put httptunnel together with some smart vbs scripting and this doesn't matter anymore... We all know the real problem lies somewhere else; mobile code is security nightmare... Tom. -- _________________________________________________ Tom Vandepoel Sr. Network Security Engineer www.ubizen.com tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00 Ubizen - Grensstraat 1b - B-3010 Leuven - Belgium _________________________________________________
Current thread:
- [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 02)
- Re: [PEN-TEST] penetrating trojan Deus, Attonbitus (Dec 02)
- Re: [PEN-TEST] penetrating trojan Conor Crowley (Dec 02)
- Re: [PEN-TEST] penetrating trojan Arthur Clune (Dec 03)
- Re: [PEN-TEST] penetrating trojan Tom Vandepoel (Dec 03)
- Re: [PEN-TEST] penetrating trojan van der Kooij, Hugo (Dec 04)
- Re: [PEN-TEST] penetrating trojan Arthur Clune (Dec 03)
- Re: [PEN-TEST] penetrating trojan Kazennov Vladimir (Dec 04)
- Re: [PEN-TEST] penetrating trojan Pierre Vandevenne (Dec 04)
- Re: [PEN-TEST] penetrating trojan Jean-Christophe Touvet (Dec 05)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- <Possible follow-ups>
- Re: [PEN-TEST] penetrating trojan Randall, Mark (ISSCalifornia) (Dec 05)
- Re: [PEN-TEST] penetrating trojan Simon Waters (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetrating trojan) Michael Rowe (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetratingtrojan) Simon Waters (Dec 07)
- Re: [PEN-TEST] penetrating trojan Simon Waters (Dec 06)