Penetration Testing mailing list archives
Re: [PEN-TEST] penetrating trojan
From: Joakim Sandström <jode () TRIBALSTORM COM>
Date: Wed, 6 Dec 2000 09:04:55 -0000
Ok I know this is a bit evil BUT: I once wrote a small piece of software (Win32) that after planted made system tests like -> 1. Check if can reach some ex. geocities/angelfire through http. If success -> Read instructions -> do something 2. Check NNTP ports if success -> write encrypted messages describing system and dump ex. directory structure as attachment and post to new group (usually some asian group) with header easily recognaisible by attacker who know can see the troijan and can by different means communicate to it -> directly by asking it to call home (specifying port in news post) or posting command directly (encrypted) to a newsgroup. Theese commands can hold information about which files should be moved and by which means and to where. ex.. move all files in folder to a public ftp site.. (some big with allot of users).. You can easily built further and further on troijans like this. When I quit developing on thisone I was working on a Packet Relay Network to make it even harder to track back to the attacker if he has infected more than 1 computer on your network. Usually you would track him quite easily down by traditional methods and find out to where he's "speaking" etc.. but by sending packet's randomly through a "cluster" or several "clusters" of infected computers it makes it even harder.. though this was never 100% implemented.. got sort of bored ..! :) These are just examples of what could be done by this.. but my main question is -> Any tool out there capable of doing this sort of thingies? I'd be interrested in knowing what effective methods has been used to infect other computers after gaining access to a domain on some level.. Calling home isn't IMO that smart.. easy to track down.. call the seven 11 instead there is allot more ppl there.. to suspect.. /JODE
Current thread:
- Re: [PEN-TEST] penetrating trojan, (continued)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- Re: [PEN-TEST] penetrating trojan Randall, Mark (ISSCalifornia) (Dec 05)
- Re: [PEN-TEST] penetrating trojan Simon Waters (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetrating trojan) Michael Rowe (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetratingtrojan) Simon Waters (Dec 07)
- Re: [PEN-TEST] penetrating trojan Simon Waters (Dec 06)
- Re: [PEN-TEST] penetrating trojan Panagiotis Dimitriou (Dec 06)
- Re: [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 07)
- Re: [PEN-TEST] penetrating trojan Guy Cohen (Dec 07)
- Re: [PEN-TEST] penetrating trojan C.E.Steiner (Dec 10)
- Re: [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 07)
- Re: [PEN-TEST] penetrating trojan Joakim Sandström (Dec 07)
- Re: [PEN-TEST] penetrating trojan David Knaack (Dec 07)
- Re: [PEN-TEST] penetrating trojan Robert van der Meulen (Dec 07)
- Re: [PEN-TEST] penetrating trojan Can Erkin Acar (Dec 10)
- Re: [PEN-TEST] penetrating trojan David Knaack (Dec 07)
- Re: [PEN-TEST] penetrating trojan Panagiotis Dimitriou (Dec 10)