Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Creating a Custom Trojan after Social Engineering

from [Todd Towles] Network Security [Permanent Link]
Subject: RE: Creating a Custom Trojan after Social Engineering
Date: Thu, 13 Jan 2005 17:02:00 -0600 
http://ntsecurity.nu/papers/acktunneling/

NetCat can be set to call out to a pre-defined IP, I believe.

Search for Rx.exe as well - Windows Universal Reverse Shell Trojan


-----Original Message-----
From: Eric McCarty [mailto:eric@piteduncan.com] 
Sent: Thursday, January 13, 2005 12:30 PM
To: Slider Slider; pen-test@securityfocus.com
Subject: RE: Creating a Custom Trojan after Social Engineering

VNC offers the option to reverse connect using the -connect 
command line.

Here is an example of using SSH and VNC. Not quite a remote 
access Trojan but very simple.

http://faq.gotomyvnc.com/fom-serve/cache/128.html


 

-----Original Message-----
From: Slider Slider [mailto:0bscur3@gmail.com]
Sent: Wednesday, January 12, 2005 3:34 PM
To: pen-test@securityfocus.com
Subject: Creating a Custom Trojan after Social Engineering

In the middle of a pen test and I have sucessfully SE'd some 
employees to visit a website that I created to download a 
keylogger. I was able to get a lot of information. I am 
working on the firewall and there are no open ports or 
services running, strictly internet access....so the thought....

I want to exchange the executable keylogger for a trojan that 
will connect to me from the client giving me remote access 
control.  I have sampled a few, but can't find any custom 
programs where I can tell it what to do and when to uninstall.

Has anyone tried this?  

0bscur3
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Discovering users by RCPT TO, Martin Fallon
Next by Date:  RE: Sample Risk Assessment Report, Tyler Markowsky
Previous by Thread:  RE: Creating a Custom Trojan after Social Engineering, Eric McCarty
Next by Thread:  Re: Creating a Custom Trojan after Social Engineering, H Carvey
Indexes:  [Date] [Thread] [Top] [All Lists]