Penetration Testing mailing list archives
RE: DC Phone Home from BH 2002?
From: Mark Melonson <blindtechie () yahoo com>
Date: Thu, 29 Apr 2004 09:25:00 -0700 (PDT)
Alright, please somebody correct me if my personal definition of this is off, but: When using "phone-home" attacks, I have found that the best methods are to loosen security on the host, possibly introducing a daemon or two to and port redirectors, etc... I then use this to connect to a preconfigured box, which I then use to invade the box that's phoning home, transporting files, tools, etc... as needed. It's all about access! In order to save some time with such attacks, I have found that Knoppix-STD is probably the best distribution for running on the target machine. It's ideal if you have a team, due to the fact that one can work on establishing the "phone-home" while others are working inside the network. Sorry if I can't give true examples of such a technique... It's nice though, because physical access, htough beautiful, is not needed. However local access is a necessity or at least enough to create local access. I hope this helped. Best regards, -Mark L. Melonson Freelance IT Professional (Security Specialist) --- Eric Martinez <umdebaba () rgv rr com> wrote:
What you can do is download a precompiled linux for dreamcast, burn it to a cd, and compile some tools on it that would demonstrate the dreamcast penetrating the network from the inside. Here's a link to a precompiled linux for dreamcast http://www.m17n.org/linux-sh/dreamcast/ There are others but I'm am not sure which ones are the best. Check the message boards at dcemulation.com for more help. -Eric
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
__________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- DC Phone Home from BH 2002? Brian Wiese (Apr 20)
- RE: DC Phone Home from BH 2002? Eric Martinez (Apr 23)
- RE: DC Phone Home from BH 2002? Mark Melonson (Apr 30)
- RE: DC Phone Home from BH 2002? Eric Martinez (Apr 23)