Penetration Testing mailing list archives
Re: [PEN-TEST] penetrating trojan
From: "Deus, Attonbitus" <Thor () HammerofGod Com>
Date: Fri, 1 Dec 2000 13:02:43 -0800
So all companies that have Network Address Translation enabled, are safe from such trojans since the "master" never will be able to contact the trojan (the victims IP will not be routed from the outside) !?
For this reason, I have been designing an app that 'phones home' at a configurable interval via http (inherited proxy settings if available) and checks for remote instructions to download additional files for execution or to turn over control to my remote control app. The data stream is plain old innocuous-looking HTML with the commands steganographed within the attribute tags (I'm still working on this part) so as to help avoid suspicion. So far its pretty cool, but I have a way to go yet. Any suggestions for cool-O features are welcome. --------------------------------------------------------- Attonbitus Deus thor () hammerofgod com
Current thread:
- [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 02)
- Re: [PEN-TEST] penetrating trojan Deus, Attonbitus (Dec 02)
- Re: [PEN-TEST] penetrating trojan Conor Crowley (Dec 02)
- Re: [PEN-TEST] penetrating trojan Arthur Clune (Dec 03)
- Re: [PEN-TEST] penetrating trojan Tom Vandepoel (Dec 03)
- Re: [PEN-TEST] penetrating trojan van der Kooij, Hugo (Dec 04)
- Re: [PEN-TEST] penetrating trojan Arthur Clune (Dec 03)
- Re: [PEN-TEST] penetrating trojan Kazennov Vladimir (Dec 04)
- Re: [PEN-TEST] penetrating trojan Pierre Vandevenne (Dec 04)
- Re: [PEN-TEST] penetrating trojan Jean-Christophe Touvet (Dec 05)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- <Possible follow-ups>
- Re: [PEN-TEST] penetrating trojan Randall, Mark (ISSCalifornia) (Dec 05)