Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003

from [SCInfo] Network Security [Permanent Link]
Subject: New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003
Date: 27 Aug 2005 16:50:27 -0000 
I'd like to annouce a new tool that could be useful in pen testing, or for 
administration use for a server running SMTP via IIS 5.0, 6.0, including 
Exchange 2000/2003 and SBS 2000/2003.

The tool won't help you get on a box, but once you are in installing it will 
help you stay on it or issue commands through SMTP email as the carrier. 

Free! Donations accepted.

http://www.SMTPCommander.com

Beta version ready to download.

Basic overview:
* runs with "system" privilages
* input is normal email, results returned to send via email 
* single dll, must have admin rights to install and register
* no service, no task will show (runs under IIS)
* only known ways to detect it is find the actual DLL, or use script to examine 
events for SMTP
* passes email thru unless trigger in subject given
* allows shell commands as system acct
* get/put files from/to server
* reg read/write commands

Example uses tested so far:
* put pwdump2 on server, execute, return sam file
* dump registry to file and return
* explore drives using directory 

I'm interested in any feedback, post a reply or email me at 
SCInfo@SMTPCommander.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • New Tool - "SMTP Rootkit" for IIS 5/6 & EX2000/2003, SCInfo <=
Previous by Date:  Re: Scan virtual hosts, Pete Herzog
Next by Date:  Re: Software Proxys Anonymous, Andres Riancho
Previous by Thread:  External Black Box Pen Test, Lett, Craig
Next by Thread:  Where are Windows "Enforce password history" passwords stored?, Charles Gillman
Indexes:  [Date] [Thread] [Top] [All Lists]