Penetration Testing mailing list archives
Re: [PEN-TEST] Auditing for Malicious Tools
From: "Curphey, Mark (ISS Atlanta)" <MCurphey () ISS NET>
Date: Mon, 21 Aug 2000 20:59:44 -0400
I don't know of any specific tools but It should be easy enough to do under NT. Most software is installed under HKEY_LOCAL_MACHINE\SOFTWARE. I say most 'cause some things like Brutus for instance don't install a registry entry. Of course you need to have remote registry access. Ideally you would check both binaries, reg entries and dll's and correlate. If there is no reg entry it is quite tough, without grepping the entire volume again Brutus as an example could be anywhere, and hidden by renaming the binary I guess ? Again you need file access. So I guess you can but not sure how confident you can be of the results. A simple Perl script should be able to check the reg, file existence and values etc. If you have an ISS scanner license we have some flex checks that will find windows tools like l0pht crack, ISS Scanner, Retina, by doing exactly the above, and I assume all other commercial tools you could do the same pretty easily. Not supported or accurate (for the reasons mentioned above) but sometimes useful. -----Original Message----- From: Netsecure [mailto:netsecure () NETSECURE NET NZ] Sent: Sunday, August 20, 2000 5:54 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Auditing for Malicious Tools Hi Everyone I am looking for an application that searches fo malicious tools. I believe someone in the UK has written one but I am unable to find it on search engines. Does anyone no of such tools ? They look for realeased hacking tools this application should not just look for trojans (which virus scanners already do) But complied and released tools like nessus, SMBgrind, etc. Cheers Netsecure
Current thread:
- [PEN-TEST] Auditing for Malicious Tools Netsecure (Aug 21)
- Re: [PEN-TEST] Auditing for Malicious Tools Max Vision (Aug 22)
- [PEN-TEST] Proxy Penetrated Roberto Poblete (Aug 24)
- Re: [PEN-TEST] Proxy Penetrated Vanja Hrustic (Aug 24)
- Re: [PEN-TEST] Proxy Penetrated Max Vision (Aug 24)
- [PEN-TEST] Proxy Penetrated Roberto Poblete (Aug 24)
- <Possible follow-ups>
- Re: [PEN-TEST] Auditing for Malicious Tools Curphey, Mark (ISS Atlanta) (Aug 22)
- Re: [PEN-TEST] Auditing for Malicious Tools H Carvey (Aug 23)
- Re: [PEN-TEST] Auditing for Malicious Tools Netsecure (Aug 22)
- Re: [PEN-TEST] Auditing for Malicious Tools Brian Pennington (Aug 22)
- Re: [PEN-TEST] Auditing for Malicious Tools Knowledgebase i-Net Security (Aug 23)
- Re: [PEN-TEST] Auditing for Malicious Tools Steve (Aug 23)
- Re: [PEN-TEST] Auditing for Malicious Tools Curphey, Mark (ISS Atlanta) (Aug 23)
- Re: [PEN-TEST] Auditing for Malicious Tools Max Vision (Aug 22)