Hi all,
I am currently working on a no holds barred pen test that includes social
engineering.
As such, I intend to get a trojan installed onto the clients network via
email or autostarting CDROM, but want something that is going to not be
caught by AV software (they say they have Norton AV enterprise wide).
I was hoping that someone out there in pen test land already had developed
something of the same ilk and could save me some time by sending me a copy
or linking to something I could use.
Features desired are:
1>>
Machine A on client site makes a configurable encrypted OUTBOUND connection
to Machine B. Desire a netcat type outbound connection on port 80 that will
detect and use the clients existing Internet Browser proxy settings. Once
the connection is made to the outbound host (Machine B), a smtp mail will be
sent out to notify that it is active. At that point I want to be able to
connect to machine B from Machine C and leverage that outbound tunnel from
Machine Ato get back into the organization, and have a remote command prompt
and or remote desktop control of the target (Machine A)
-------------------------------
| |
| My slave system |
| (machine B) |
---------------------------------
/|\
/|\
|
|
Port 80 / 443 encrypted SSH connection or
equivalent
|
|
-------------------------------- -----------------
---------------
| | |
|
| Client Target sys | | my control
system |
| (machine A) | | (machine C)
|
--------------------------------- ------------------
---------------
2>> Source code available so I can confirm no "hidden extras" ;-)
3>> Autoinstalls on machine A by leveraging a bug in IE or Outlook if
possible; tho not essential
4>> Attached to some joke or funny, so the recipient is not suspicious
5>> Not detected by AV software
6>> Detects OS; installs as a SERVICE on NT/Win2k/XP systems, else in the
Run sections of HKLM on Win9x
7>> Installs at the same level as TinyFirewall or ZoneAlarm, and thus will
bypass these products (if possible)
8>> Incorporate a keystroke or screen capture element (if possible)
I know this is quite a tall order; really the most important element is that
Machine A makes the outbound connection, and that the traffic at least looks
a bit like HTTP and it survives a reboot.
Any help would be *so* appreciated!
Sincerely
Kimberly
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jan 10 2002 - 14:53:24 PST