Penetration Testing mailing list archives
Re: [PEN-TEST] penetrating trojan
From: Darbean <darjoan () SINA COM>
Date: Wed, 6 Dec 2000 10:20:11 +0800
Hello I found an article named " Placing Backdoor Through Firewalls " by van Hauser one month ago, with an perl application(rwwwshell.pl) implemented what he wrote. But I think it is a little inconvenient for compiling into executive code.Would anyone do us a favor? I did not try it on my target. Please let me know if somebody have tested it. Best regards Darjoan ----- Original Message ----- From: Sven Bruelisauer <sven () OPEN CH> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Friday, December 01, 2000 10:57 PM Subject: [PEN-TEST] penetrating trojan
Hello, Recently, associated with a penetration test of one of our customers, we had a long discussion about various hacker techniques including well known trojans such as bo2k or sub7. Despite of a huge variety of plug-ins that are available for bo2j for example, I did not encounter one that makes the trojan the initiator of a connection. The trojan may send the ip of the compromised system to his master or accept encrypted connections even over tunneling as I detected once. So all companies that have Network Address Translation enabled, are safe from such trojans since the "master" never will be able to contact the trojan (the victims IP will not be routed from the outside) !? What would make the situation a lot more dangerous is when the trojan itself had the connection started, let's say over port 80 using http protocol, e.g. pretending being a browser. Most Firewall settings would allow such a connection and the trojan could unfold his power (assuming he was not detected by a local anti virus program. Why did I never encounter such a trojan? Am I missing something ... has anybody heard of such attacks? Regards sven ------------------------------------------------------------- OOOOOOOOOOO sven bruelisauer sven () open ch O O cellular: (+41) 79 6091401 O open O work: (+41) 1 4557400 O systems O O O http://www.open.ch OOOOOOOOOOO
Current thread:
- [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 02)
- Re: [PEN-TEST] penetrating trojan Deus, Attonbitus (Dec 02)
- Re: [PEN-TEST] penetrating trojan Conor Crowley (Dec 02)
- Re: [PEN-TEST] penetrating trojan Arthur Clune (Dec 03)
- Re: [PEN-TEST] penetrating trojan Tom Vandepoel (Dec 03)
- Re: [PEN-TEST] penetrating trojan van der Kooij, Hugo (Dec 04)
- Re: [PEN-TEST] penetrating trojan Arthur Clune (Dec 03)
- Re: [PEN-TEST] penetrating trojan Kazennov Vladimir (Dec 04)
- Re: [PEN-TEST] penetrating trojan Pierre Vandevenne (Dec 04)
- Re: [PEN-TEST] penetrating trojan Jean-Christophe Touvet (Dec 05)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- <Possible follow-ups>
- Re: [PEN-TEST] penetrating trojan Randall, Mark (ISSCalifornia) (Dec 05)
- Re: [PEN-TEST] penetrating trojan Simon Waters (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetrating trojan) Michael Rowe (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetratingtrojan) Simon Waters (Dec 07)
- Re: [PEN-TEST] penetrating trojan Simon Waters (Dec 06)
- Re: [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 07)
- Re: [PEN-TEST] penetrating trojan Guy Cohen (Dec 07)
- Re: [PEN-TEST] penetrating trojan C.E.Steiner (Dec 10)