Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Creating a Custom Trojan after Social Engineering

from [Todd Towles] Network Security [Permanent Link]
Subject: RE: Creating a Custom Trojan after Social Engineering
Date: Mon, 17 Jan 2005 08:43:42 -0600 
If you know the type of AV they use..you can find something that isn't
detectable. Try to run whatever you want to use thru www.virustotal.com
and see how it is detected.

It is a common practice to tweak the EXE a bit and bypass the search
string used by the AV. Hence why variants are so danger and common. 


-----Original Message-----
From: Ofer Shezaf [mailto:Ofer.Shezaf@breach.com] 
Sent: Saturday, January 15, 2005 5:24 AM
To: Todd Towles; Eric McCarty; Slider Slider; 
pen-test@securityfocus.com
Subject: RE: Creating a Custom Trojan after Social Engineering


My personal favorite is netcat, but:

The problem with using off the shelf tools is that anti-virus 
software detects them: keyloggers are especially notorious as 
are tunneling tools. 

What ever you select try to check that the anti-virus used at 
the organization does not detect the tool you use. 

Ofer Shezaf
CTO, Breach Security

Tel: +972.9.956.0036 ext.212
Cell: +972.54.443.1119
ofers@breach.com
http://www.breach.com 



-----Original Message-----
From: Todd Towles [mailto:toddtowles@brookshires.com]
Sent: Friday, January 14, 2005 1:02 AM
To: Eric McCarty; Slider Slider; pen-test@securityfocus.com
Subject: RE: Creating a Custom Trojan after Social Engineering

http://ntsecurity.nu/papers/acktunneling/

NetCat can be set to call out to a pre-defined IP, I believe.

Search for Rx.exe as well - Windows Universal Reverse Shell Trojan


-----Original Message-----
From: Eric McCarty [mailto:eric@piteduncan.com]
Sent: Thursday, January 13, 2005 12:30 PM
To: Slider Slider; pen-test@securityfocus.com
Subject: RE: Creating a Custom Trojan after Social Engineering

VNC offers the option to reverse connect using the 

-connect command 

line.

Here is an example of using SSH and VNC. Not quite a 

remote access 

Trojan but very simple.

http://faq.gotomyvnc.com/fom-serve/cache/128.html




-----Original Message-----
From: Slider Slider [mailto:0bscur3@gmail.com]
Sent: Wednesday, January 12, 2005 3:34 PM
To: pen-test@securityfocus.com
Subject: Creating a Custom Trojan after Social Engineering

In the middle of a pen test and I have sucessfully SE'd some 
employees to visit a website that I created to download a 

keylogger. 

I was able to get a lot of information. I am working on 

the firewall 

and there are no open ports or services running, strictly 

internet 

access....so the thought....

I want to exchange the executable keylogger for a trojan 

that will 

connect to me from the client giving me remote access control.  I 
have sampled a few, but can't find any custom programs 

where I can 

tell it what to do and when to uninstall.

Has anyone tried this?

0bscur3
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: DoS/DDoS Attack, rzaluski
Next by Date:  Re: Discovering users by RCPT TO, Baltasar Cevc
Previous by Thread:  Re: Creating a Custom Trojan after Social Engineering, H Carvey
Next by Thread:  Sample Risk Assessment Report, Mambo
Indexes:  [Date] [Thread] [Top] [All Lists]