Penetration Testing mailing list archives

Re: pen test help please asap

From: "'ken'@FTU" <ken_at_ftu () yahoo com>
Date: Thu, 10 Jan 2002 19:20:08 -0500

Kimberly S. wrote:

Hi all,

I am currently working on a no holds barred pen test that includes social
engineering.
As such, I intend to get a trojan installed onto the clients network via
email or autostarting CDROM, but want something that is going to not be
caught by AV software (they say they have Norton AV enterprise wide).
I was hoping that someone out there in pen test land already had developed
something of the same ilk and could save me some time by sending me a copy
or linking to something I could use.

Features desired are:

1>>
Machine A on client site makes a configurable encrypted OUTBOUND connection
to  Machine B. Desire a netcat type outbound connection on port 80 that will

detect and use the clients existing Internet Browser proxy settings.

I know this is quite a tall order; really the most important element is that
Machine A makes the outbound connection, and that the traffic at least looks
a bit like HTTP and it survives a reboot.

Any help would be *so* appreciated!



Well, here is the only advice I can give you at this point.

Try to make the outbound connection 443. Encryption will thort attemptsto detect common network hacks. One property of encryption is that itnot only can scramble (and thus "hide") confidential network traffic,but malicious traffic as well! :)

Also -- although I've read that many companies detect this now -- writethe email in HTML with Javscript that automatically runs the attachment.This is especially good if the user has a preview window open. Andwhen you have the code that does that perhaps you are better off makingthe email urgent. This in combination with social engineering the helpdesk that you are a new user -- or what every user story you will givethem -- should really work great. "Hi I'm so-and-so... I need x,y,zdone... let me send you this email... blah blah blah..."

I believe there is a tool out there at scrambles common fingerprints toknown trojans -- such as subseven or back oriface -- but I do notremember its name. Perhaps someone on this list will.


Good luck. I'd be interested to know how it turns out.

'ken'

--

"I grew convinced that truth, sincerity and integrity in dealingsbetween man and man were of the utmost importance to the felicity oflife, and I formed a written resolution to practise them ever while Ilived."

        -Benjamin Franklin, The Autobiography of Benjamin Franklin


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

pen test help please asap Kimberly S. (Jan 10)
- Re: pen test help please asap Oliver . Karow (Jan 11)
- Re: pen test help please asap 'ken'@FTU (Jan 11)
- <Possible follow-ups>
- RE: pen test help please asap Dawes, Rogan (ZA - Johannesburg) (Jan 11)