Penetration Testing mailing list archives
Re: pen test help please asap
From: Oliver.Karow () gmx de
Date: Fri, 11 Jan 2002 10:16:45 +0100 (MET)
Hi, for some of your question i can give you some hints.. you can compress any (DOS/WIN)binary with tools like "petite.exe". This tool decompresses an exe-file (once compressed) on runtime. What means that the antivirus is in many cases not able to detect signatures in the file. Further you can use binary-wrappers like EliteWrap (there are better ones...just search on google) to put different executables together to one exe. This tools also support funktions like running one file in the background whilst another one is running on the desktop. You have to test several of this tools in combination to find one that can fool the antivirus. Maybe you can download a trial-version of the antivirus software for testing. ok, hope this info will help you a little.. Oliver www.greyhat.de
Hi all, I am currently working on a no holds barred pen test that includes social engineering. As such, I intend to get a trojan installed onto the clients network via email or autostarting CDROM, but want something that is going to not be caught by AV software (they say they have Norton AV enterprise wide). I was hoping that someone out there in pen test land already had developed something of the same ilk and could save me some time by sending me a copy or linking to something I could use. Features desired are: 1>> Machine A on client site makes a configurable encrypted OUTBOUND connection to Machine B. Desire a netcat type outbound connection on port 80 that will detect and use the clients existing Internet Browser proxy settings. Once the connection is made to the outbound host (Machine B), a smtp mail will be sent out to notify that it is active. At that point I want to be able to connect to machine B from Machine C and leverage that outbound tunnel from Machine Ato get back into the organization, and have a remote command prompt and or remote desktop control of the target (Machine A) ------------------------------- | | | My slave system | | (machine B) | --------------------------------- /|\ /|\ | | Port 80 / 443 encrypted SSH connection or equivalent | | -------------------------------- ----------------- --------------- | | | | | Client Target sys | | my control system | | (machine A) | | (machine C) | --------------------------------- ------------------ --------------- 2>> Source code available so I can confirm no "hidden extras" ;-) 3>> Autoinstalls on machine A by leveraging a bug in IE or Outlook if possible; tho not essential 4>> Attached to some joke or funny, so the recipient is not suspicious 5>> Not detected by AV software 6>> Detects OS; installs as a SERVICE on NT/Win2k/XP systems, else in the Run sections of HKLM on Win9x 7>> Installs at the same level as TinyFirewall or ZoneAlarm, and thus will bypass these products (if possible) 8>> Incorporate a keystroke or screen capture element (if possible) I know this is quite a tall order; really the most important element is that Machine A makes the outbound connection, and that the traffic at least looks a bit like HTTP and it survives a reboot. Any help would be *so* appreciated! Sincerely Kimberly
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
-- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- pen test help please asap Kimberly S. (Jan 10)
- Re: pen test help please asap Oliver . Karow (Jan 11)
- Re: pen test help please asap 'ken'@FTU (Jan 11)
- <Possible follow-ups>
- RE: pen test help please asap Dawes, Rogan (ZA - Johannesburg) (Jan 11)