Penetration Testing mailing list archives

RE: Creating a Custom Trojan after Social Engineering

From: "Eric McCarty" <eric () piteduncan com>
Date: Thu, 13 Jan 2005 10:29:45 -0800

VNC offers the option to reverse connect using the -connect command
line.

Here is an example of using SSH and VNC. Not quite a remote access
Trojan but very simple.

http://faq.gotomyvnc.com/fom-serve/cache/128.html


 

-----Original Message-----
From: Slider Slider [mailto:0bscur3 () gmail com] 
Sent: Wednesday, January 12, 2005 3:34 PM
To: pen-test () securityfocus com
Subject: Creating a Custom Trojan after Social Engineering

In the middle of a pen test and I have sucessfully SE'd some employees
to visit a website that I created to download a keylogger. I was able to
get a lot of information. I am working on the firewall and there are no
open ports or services running, strictly internet access....so the
thought....

I want to exchange the executable keylogger for a trojan that will
connect to me from the client giving me remote access control.  I have
sampled a few, but can't find any custom programs where I can tell it
what to do and when to uninstall.

Has anyone tried this?  

0bscur3

Current thread:

Creating a Custom Trojan after Social Engineering Slider Slider (Jan 13)
- <Possible follow-ups>
- RE: Creating a Custom Trojan after Social Engineering Eric McCarty (Jan 13)
- RE: Creating a Custom Trojan after Social Engineering Todd Towles (Jan 14)
- Re: Creating a Custom Trojan after Social Engineering H Carvey (Jan 14)
- RE: Creating a Custom Trojan after Social Engineering Todd Towles (Jan 17)