Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] penetrating trojan

From: "van der Kooij, Hugo" <Hugo.van.der.Kooij () CAIW NL>
Date: Sun, 3 Dec 2000 12:04:11 +0100
On Sat, 2 Dec 2000, Tom Vandepoel wrote:


Arthur Clune wrote:


I too can picture some terrifying scenarios where the connection is client
initiated on port 80.


Surely you can use netcat and "at" to get a system
to "phone home", or am I missing something here?


That's the first step; haven't seen stuff like that in the wild yet.
Ofcourse the goal of a pen-trojan is not to spread widely, but to
quietly enter a network. So it will be less likely be discovered in the
wild.


The most dirty trick to 'phone home' would be to use DNS queries. There is
live code out to use dns queries to transfer files. A description was made
in C'T (I read the Dutch edition).

Even when caching DNS request it is likely you can get the data through
your firewall.

Hugo.

--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij () caiw nl     http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
This message has not been checked and may contain harmfull content.
Previous By Date Next
Previous By Thread Next

Current thread: