Penetration Testing mailing list archives
RE: pen test help please asap
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Fri, 11 Jan 2002 09:30:28 +0200
What I have found to be the simplest way of confusing Virus scanners is to compress the file, using one of the "PKLite" style self-decompressing executable tools. i.e. Take BackOrifice 2000, build it and link it with your config. Run it - Virus scanner busts you. Run upx on the file. Run the result - no virus scanner Rogan http://upx.sourceforge.net/
-----Original Message----- From: Kimberly S. [mailto:kimsehhing () hotmail com] Sent: 10 January 2002 10:28 To: pen-test () securityfocus com; focus-ms () securityfocus com Subject: pen test help please asap Importance: High Hi all, I am currently working on a no holds barred pen test that includes social engineering. As such, I intend to get a trojan installed onto the clients network via email or autostarting CDROM, but want something that is going to not be caught by AV software (they say they have Norton AV enterprise wide). I was hoping that someone out there in pen test land already had developed something of the same ilk and could save me some time by sending me a copy or linking to something I could use. Features desired are: 1>> Machine A on client site makes a configurable encrypted OUTBOUND connection to Machine B. Desire a netcat type outbound connection on port 80 that will detect and use the clients existing Internet Browser proxy settings. Once the connection is made to the outbound host (Machine B), a smtp mail will be sent out to notify that it is active. At that point I want to be able to connect to machine B from Machine C and leverage that outbound tunnel from Machine Ato get back into the organization, and have a remote command prompt and or remote desktop control of the target (Machine A) ------------------------------- | | | My slave system | | (machine B) | --------------------------------- /|\ /|\ | | Port 80 / 443 encrypted SSH connection or equivalent | | -------------------------------- ----------------- --------------- | | | | | Client Target sys | | my control system | | (machine A) | | (machine C) | --------------------------------- ------------------ --------------- 2>> Source code available so I can confirm no "hidden extras" ;-) 3>> Autoinstalls on machine A by leveraging a bug in IE or Outlook if possible; tho not essential 4>> Attached to some joke or funny, so the recipient is not suspicious 5>> Not detected by AV software 6>> Detects OS; installs as a SERVICE on NT/Win2k/XP systems, else in the Run sections of HKLM on Win9x 7>> Installs at the same level as TinyFirewall or ZoneAlarm, and thus will bypass these products (if possible) 8>> Incorporate a keystroke or screen capture element (if possible) I know this is quite a tall order; really the most important element is that Machine A makes the outbound connection, and that the traffic at least looks a bit like HTTP and it survives a reboot. Any help would be *so* appreciated! Sincerely Kimberly -------------------------------------------------------------- -------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- pen test help please asap Kimberly S. (Jan 10)
- Re: pen test help please asap Oliver . Karow (Jan 11)
- Re: pen test help please asap 'ken'@FTU (Jan 11)
- <Possible follow-ups>
- RE: pen test help please asap Dawes, Rogan (ZA - Johannesburg) (Jan 11)