Penetration Testing mailing list archives
Re: Social Engineering Website
From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: Tue, 13 Jan 2004 09:59:07 +0100
On Fri, 2004-01-09 at 15:32, Random Task wrote:
* Use IE remote exploits to start a netcat listening session (not going to do much if they're behind a firewall though...could a two-way connection be created by a host behind a firewall so that I could get at it from our server?)
I wrote last year a tool named JAB and allowing a Win32 PC to communicate with its master through the Internet Explorer OLE interface (à la Setiri from SensePost). During pen-tests, it can be used to create a command/data channel between the compromised host and your server, even if the "client" must go through personnel firewalls, NAT, antivirus gateways and proxys (even authenticated). The only need of the client machine is that Internet Explorer can access the Internet. Features : upload and download of binary files, execution of command with result sent back to the attacker, authentication of "clients", ... I made a presentation about this in June to the SSTIC'03 conference,and you can find the related PDF (in french), and the code, at : http://www.sstic.org/presentations/JAB___N._Gregoire/ Regards, -- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Social Engineering Website Random Task (Jan 09)
- Re: Social Engineering Website (and Trojan test) Martin Mačok (Jan 12)
- Converting raw 802.11 (rfmon) capture file to standard libpcap Jerry Shenk (Jan 12)
- Re: Converting raw 802.11 (rfmon) capture file to standard libpcap James Golovich (Jan 12)
- RE: Converting raw 802.11 (rfmon) capture file to standard libpcap Jerry Shenk (Jan 12)
- Re: Converting raw 802.11 (rfmon) capture file to standard libpcap Aaron Turner (Jan 13)
- Re: Converting raw 802.11 (rfmon) capture file to standard libpcap James Golovich (Jan 12)
- RE: Converting raw 802.11 (rfmon) capture file to standard libpcap Chris Eagle (Jan 12)
- Re: Social Engineering Website (URL obfuscation/hiding) Martin Mačok (Jan 12)
- Re: Social Engineering Website Nicolas Gregoire (Jan 13)
- <Possible follow-ups>
- RE: Social Engineering Website Otero, Hernan (EDS) (Jan 12)