Re: Social Engineering Website

[Nicolas Gregoire <ngregoire () exaprobe com>]

On Fri, 2004-01-09 at 15:32, Random Task wrote:

> * Use IE remote exploits to start a netcat listening session (not
> going to do much if they're behind a firewall though...could a
> two-way connection be created by a host behind a firewall so that I
> could get at it from our server?)

I wrote last year a tool named JAB and allowing a Win32 PC to
communicate with its master through the Internet Explorer OLE interface
(à la Setiri from SensePost).

During pen-tests, it can be used to create a command/data channel
between the compromised host and your server, even if the "client" must
go through personnel firewalls, NAT, antivirus gateways and proxys (even
authenticated). The only need of the client machine is that Internet
Explorer can access the Internet. Features : upload and download of
binary files, execution of command with result sent back to the
attacker, authentication of "clients", ...

I made a presentation about this in June to the SSTIC'03 conference,and
you can find the related PDF (in french), and the code, at :

        http://www.sstic.org/presentations/JAB___N._Gregoire/


Regards,
-- 
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F


---------------------------------------------------------------------------
----------------------------------------------------------------------------