Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] penetrating trojan

From: Tom Vandepoel <Tom.Vandepoel () UBIZEN COM>
Date: Sat, 2 Dec 2000 23:19:25 +0100
Arthur Clune wrote:


I too can picture some terrifying scenarios where the connection is client
initiated on port 80.


Surely you can use netcat and "at" to get a system
to "phone home", or am I missing something here?



That's the first step; haven't seen stuff like that in the wild yet.
Ofcourse the goal of a pen-trojan is not to spread widely, but to
quietly enter a network. So it will be less likely be discovered in the
wild.
I have spent some small amount of time trying to encapsulate netcat into
a self-depacking vbs script; I have been using the GodMessage trojan as
a template, but I haven't got it working yet. Shouldn't be that hard,
though.

I generally recommend customers to be very restrictive on outbound
traffic, just to reduce the chance of a trojan 'phoning home'. Ofcourse,
put httptunnel together with some smart vbs scripting and this doesn't
matter anymore...

We all know the real problem lies somewhere else; mobile code is
security nightmare...

Tom.


--
_________________________________________________

Tom Vandepoel
Sr. Network Security Engineer

www.ubizen.com
tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00
Ubizen - Grensstraat 1b - B-3010 Leuven - Belgium
_________________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: