Re: [PEN-TEST] Auditing for Malicious Tools

["Curphey, Mark (ISS Atlanta)" <MCurphey () ISS NET>]

I don't know of any specific tools but It should be easy enough to do under
NT. Most software is installed under HKEY_LOCAL_MACHINE\SOFTWARE. I say most
'cause some things like Brutus for instance don't install a registry entry.
Of course you need to have remote registry access. Ideally you would check
both binaries, reg entries and dll's and correlate. If there is no reg entry
it is quite tough, without grepping the entire volume again Brutus as an
example could be anywhere, and hidden by renaming the binary I guess ? Again
you need file access. So I guess you can but not sure how confident you can
be of the results.

A simple Perl script should be able to check the reg, file existence and
values etc.

If you have an ISS scanner license we have some flex checks that will find
windows tools like l0pht crack, ISS Scanner, Retina, by doing exactly the
above, and I assume all other commercial tools you could do the same pretty
easily. Not supported or accurate (for the reasons mentioned above) but
sometimes useful.

-----Original Message-----
From: Netsecure [mailto:netsecure () NETSECURE NET NZ]
Sent: Sunday, August 20, 2000 5:54 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Auditing for Malicious Tools


Hi Everyone

I am looking for an application that searches fo malicious tools. I believe
someone in the UK has written one but I am unable to find it on search
engines. Does anyone no of such tools ? They look for realeased hacking
tools this application should not just look for trojans (which virus
scanners already do) But complied and released tools like nessus, SMBgrind,
etc.

Cheers
Netsecure