Re: pen test help please asap

From: 'ken'@FTU
Date: Thu Jan 10 2002 - 16:20:08 PST

Next message: Mike Shaw: "Re: WinPac 2.0"

Previous message: Magnus Ullberg: "WinPac 2.0"
In reply to: Kimberly S.: "pen test help please asap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kimberly S. wrote:

> Hi all,
> 
> I am currently working on a no holds barred pen test that includes social
> engineering.
> As such, I intend to get a trojan installed onto the clients network via
> email or autostarting CDROM, but want something that is going to not be
> caught by AV software (they say they have Norton AV enterprise wide).
> I was hoping that someone out there in pen test land already had developed
> something of the same ilk and could save me some time by sending me a copy
> or linking to something I could use.
> 
> Features desired are:
> 
> 1>>
> Machine A on client site makes a configurable encrypted OUTBOUND connection
> to  Machine B. Desire a netcat type outbound connection on port 80 that will
> detect and use the clients existing Internet Browser proxy settings. 
> 
> I know this is quite a tall order; really the most important element is that
> Machine A makes the outbound connection, and that the traffic at least looks
> a bit like HTTP and it survives a reboot.
> 
> Any help would be *so* appreciated!
> 
>

Well, here is the only advice I can give you at this point.

Try to make the outbound connection 443. Encryption will thort attempts 
to detect common network hacks. One property of encryption is that it 
not only can scramble (and thus "hide") confidential network traffic, 
but malicious traffic as well! :)

Also -- although I've read that many companies detect this now -- write 
the email in HTML with Javscript that automatically runs the attachment. 
  This is especially good if the user has a preview window open. And 
when you have the code that does that perhaps you are better off making 
the email urgent. This in combination with social engineering the help 
desk that you are a new user -- or what every user story you will give 
them -- should really work great. "Hi I'm so-and-so... I need x,y,z 
done... let me send you this email... blah blah blah..."

I believe there is a tool out there at scrambles common fingerprints to 
known trojans -- such as subseven or back oriface -- but I do not 
remember its name. Perhaps someone on this list will.

Good luck. I'd be interested to know how it turns out.

'ken'

-- 
"I grew convinced that truth, sincerity and integrity in dealings 
between man and man were of the utmost importance to the felicity of 
life, and I formed a written resolution to practise them ever while I 
lived."
	-Benjamin Franklin, The Autobiography of Benjamin Franklin

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Mike Shaw: "Re: WinPac 2.0"
Previous message: Magnus Ullberg: "WinPac 2.0"
In reply to: Kimberly S.: "pen test help please asap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 12:23:37 PST