Penetration Testing mailing list archives
Re: [PEN-TEST] penetrating trojan
From: Panagiotis Dimitriou <pdimit () SPACE GR>
Date: Thu, 7 Dec 2000 09:52:42 +0200
Sorry, but the attachment had been stripped by the moderator. However, the script I was talking about can be found inside the article " Placing Backdoors Through Firewalls" (http://thc.inferno.tusculum.edu/files/thc/rwwwshell-1.6.perl).
-----Original Message----- From: Panagiotis Dimitriou Sent: 05 December 2000 10:00 To: 'Penetration Testers' Subject: RE: [PEN-TEST] penetrating trojan I've found a perl-based trojan that might do the trick (you can find it attached). I've never tested but it looks fine. Any feedback would be appreciated.. << OLE Object: Package >> Panos Dimitriou IT Security Analyst SPACE HELLAS -----Original Message----- From: Tom Vandepoel [SMTP:Tom.Vandepoel () UBIZEN COM] Sent: 03 December 2000 00:19 To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] penetrating trojan Arthur Clune wrote: > > I too can picture some terrifying scenarios where the connection is client > > initiated on port 80. > > Surely you can use netcat and "at" to get a system > to "phone home", or am I missing something here? > That's the first step; haven't seen stuff like that in the wild yet. Ofcourse the goal of a pen-trojan is not to spread widely, but to quietly enter a network. So it will be less likely be discovered in the wild. I have spent some small amount of time trying to encapsulate netcat into a self-depacking vbs script; I have been using the GodMessage trojan as a template, but I haven't got it working yet. Shouldn't be that hard, though. I generally recommend customers to be very restrictive on outbound traffic, just to reduce the chance of a trojan 'phoning home'. Ofcourse, put httptunnel together with some smart vbs scripting and this doesn't matter anymore... We all know the real problem lies somewhere else; mobile code is security nightmare... Tom. -- _________________________________________________ Tom Vandepoel Sr. Network Security Engineer www.ubizen.com tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00 Ubizen - Grensstraat 1b - B-3010 Leuven - Belgium _________________________________________________
Current thread:
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetrating trojan), (continued)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetrating trojan) Michael Rowe (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetratingtrojan) Simon Waters (Dec 07)
- Re: [PEN-TEST] penetrating trojan Panagiotis Dimitriou (Dec 06)
- Re: [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 07)
- Re: [PEN-TEST] penetrating trojan Guy Cohen (Dec 07)
- Re: [PEN-TEST] penetrating trojan C.E.Steiner (Dec 10)
- Re: [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 07)
- Re: [PEN-TEST] penetrating trojan Joakim Sandström (Dec 07)
- Re: [PEN-TEST] penetrating trojan David Knaack (Dec 07)
- Re: [PEN-TEST] penetrating trojan Robert van der Meulen (Dec 07)
- Re: [PEN-TEST] penetrating trojan Can Erkin Acar (Dec 10)
- Re: [PEN-TEST] penetrating trojan David Knaack (Dec 07)
- Re: [PEN-TEST] penetrating trojan Panagiotis Dimitriou (Dec 10)