Penetration Testing mailing list archives
Social Engineering Website
From: Random Task <rand0m_t4sk () yahoo com>
Date: Fri, 9 Jan 2004 06:32:48 -0800 (PST)
Good day, I've been tasked at work with modifying our social engineering website. We currently have a page that we send to our customers that is generically labelled "Audit Team Survey," and this page just prompts the user to login, which we take and dump into a DB for use later to try to get into their systems. The modification we'd like to make to our site would be a remote exploit of some sort, and I'm not totally sure where to go with that. I'm wondering if there are products or programs that exist that could be used in this way. It is of utmost importance that this program can be easily and totally removed after the testing is complete. Free is good. We don't really have any requirements beyond that. Things I've thought of so far: (Some of these would be sent out using a compromised email account from another employee in a sort of "hey, check this out!" message) * Use IE remote exploits to start a netcat listening session (not going to do much if they're behind a firewall though...could a two-way connection be created by a host behind a firewall so that I could get at it from our server?) * Create a screen saver application of some sort that would gather system/user information and transmit to our webserver (has merit, but this would be an undertaking, as all my programming in college was in Solaris and LINUX) * Create a free automated "security scanner" application similar to the screen saver There were probably others, but I'm still on coffee #1. Cons to doing this, as I see it: the employee may forward the message outside their company, skewing results and running on systems without permission. (this would only be if a screensaver/application were used) This risk would be mitigated, as we would most likely only include a link back to our website (with deny all/allow specific IP rules) with the screensaver/app on it. Then VPN'd employees are the exception, but for most of our contracts, I don't think this is outside the scope of the test. As a last note, we'd need to get people to go there. Making it look legit would be good. (i.e. use the %00 IE exploit to make the URL look like it's internal and make the site look like their own) Any techniques or message styles you've used and had success with? (This is an anonymous account I use for mailing lists. Feel free to mail me here and request a message from my real address if that would make you more comfortable with sharing information with me.) Thanks for any input, RT __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Social Engineering Website Random Task (Jan 09)
- Re: Social Engineering Website (and Trojan test) Martin Mačok (Jan 12)
- Converting raw 802.11 (rfmon) capture file to standard libpcap Jerry Shenk (Jan 12)
- Re: Converting raw 802.11 (rfmon) capture file to standard libpcap James Golovich (Jan 12)
- RE: Converting raw 802.11 (rfmon) capture file to standard libpcap Jerry Shenk (Jan 12)
- Re: Converting raw 802.11 (rfmon) capture file to standard libpcap Aaron Turner (Jan 13)
- Re: Converting raw 802.11 (rfmon) capture file to standard libpcap James Golovich (Jan 12)
- RE: Converting raw 802.11 (rfmon) capture file to standard libpcap Chris Eagle (Jan 12)
- Re: Social Engineering Website (URL obfuscation/hiding) Martin Mačok (Jan 12)
- Re: Social Engineering Website Nicolas Gregoire (Jan 13)
- <Possible follow-ups>
- RE: Social Engineering Website Otero, Hernan (EDS) (Jan 12)