Penetration Testing mailing list archives
Re: [PEN-TEST] penetrating trojan
From: Panagiotis Dimitriou <pdimit () SPACE GR>
Date: Tue, 5 Dec 2000 09:50:15 +0200
I've found a perl-based trojan that might do the trick (you can find it attached). I've never tested but it looks fine. Any feedback would be appreciated.. <<...>> Panos Dimitriou IT Security Analyst SPACE HELLAS
-----Original Message----- From: Tom Vandepoel [SMTP:Tom.Vandepoel () UBIZEN COM] Sent: 03 December 2000 00:19 To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] penetrating trojan Arthur Clune wrote:I too can picture some terrifying scenarios where the connection isclientinitiated on port 80.Surely you can use netcat and "at" to get a system to "phone home", or am I missing something here?That's the first step; haven't seen stuff like that in the wild yet. Ofcourse the goal of a pen-trojan is not to spread widely, but to quietly enter a network. So it will be less likely be discovered in the wild. I have spent some small amount of time trying to encapsulate netcat into a self-depacking vbs script; I have been using the GodMessage trojan as a template, but I haven't got it working yet. Shouldn't be that hard, though. I generally recommend customers to be very restrictive on outbound traffic, just to reduce the chance of a trojan 'phoning home'. Ofcourse, put httptunnel together with some smart vbs scripting and this doesn't matter anymore... We all know the real problem lies somewhere else; mobile code is security nightmare... Tom. -- _________________________________________________ Tom Vandepoel Sr. Network Security Engineer www.ubizen.com tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00 Ubizen - Grensstraat 1b - B-3010 Leuven - Belgium _________________________________________________
Current thread:
- Re: [PEN-TEST] penetrating trojan, (continued)
- Re: [PEN-TEST] penetrating trojan van der Kooij, Hugo (Dec 04)
- Re: [PEN-TEST] penetrating trojan Kazennov Vladimir (Dec 04)
- Re: [PEN-TEST] penetrating trojan Pierre Vandevenne (Dec 04)
- Re: [PEN-TEST] penetrating trojan Jean-Christophe Touvet (Dec 05)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- Re: [PEN-TEST] penetrating trojan Randall, Mark (ISSCalifornia) (Dec 05)
- Re: [PEN-TEST] penetrating trojan Simon Waters (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetrating trojan) Michael Rowe (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetratingtrojan) Simon Waters (Dec 07)
- Re: [PEN-TEST] penetrating trojan Simon Waters (Dec 06)
- Re: [PEN-TEST] penetrating trojan Panagiotis Dimitriou (Dec 06)
- Re: [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 07)
- Re: [PEN-TEST] penetrating trojan Guy Cohen (Dec 07)
- Re: [PEN-TEST] penetrating trojan C.E.Steiner (Dec 10)
- Re: [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 07)
- Re: [PEN-TEST] penetrating trojan Joakim Sandström (Dec 07)
- Re: [PEN-TEST] penetrating trojan David Knaack (Dec 07)
- Re: [PEN-TEST] penetrating trojan Robert van der Meulen (Dec 07)
- Re: [PEN-TEST] penetrating trojan Can Erkin Acar (Dec 10)
- Re: [PEN-TEST] penetrating trojan David Knaack (Dec 07)
- Re: [PEN-TEST] penetrating trojan Panagiotis Dimitriou (Dec 10)