Penetration Testing mailing list archives
Re: [PEN-TEST] penetrating trojan
From: "van der Kooij, Hugo" <Hugo.van.der.Kooij () CAIW NL>
Date: Sun, 3 Dec 2000 12:04:11 +0100
On Sat, 2 Dec 2000, Tom Vandepoel wrote:
Arthur Clune wrote:I too can picture some terrifying scenarios where the connection is client initiated on port 80.Surely you can use netcat and "at" to get a system to "phone home", or am I missing something here?That's the first step; haven't seen stuff like that in the wild yet. Ofcourse the goal of a pen-trojan is not to spread widely, but to quietly enter a network. So it will be less likely be discovered in the wild.
The most dirty trick to 'phone home' would be to use DNS queries. There is live code out to use dns queries to transfer files. A description was made in C'T (I read the Dutch edition). Even when caching DNS request it is likely you can get the data through your firewall. Hugo. -- Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland hvdkooij () caiw nl http://home.kabelfoon.nl/~hvdkooij/ -------------------------------------------------------------- This message has not been checked and may contain harmfull content.
Current thread:
- [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 02)
- Re: [PEN-TEST] penetrating trojan Deus, Attonbitus (Dec 02)
- Re: [PEN-TEST] penetrating trojan Conor Crowley (Dec 02)
- Re: [PEN-TEST] penetrating trojan Arthur Clune (Dec 03)
- Re: [PEN-TEST] penetrating trojan Tom Vandepoel (Dec 03)
- Re: [PEN-TEST] penetrating trojan van der Kooij, Hugo (Dec 04)
- Re: [PEN-TEST] penetrating trojan Arthur Clune (Dec 03)
- Re: [PEN-TEST] penetrating trojan Kazennov Vladimir (Dec 04)
- Re: [PEN-TEST] penetrating trojan Pierre Vandevenne (Dec 04)
- Re: [PEN-TEST] penetrating trojan Jean-Christophe Touvet (Dec 05)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- <Possible follow-ups>
- Re: [PEN-TEST] penetrating trojan Randall, Mark (ISSCalifornia) (Dec 05)
- Re: [PEN-TEST] penetrating trojan Simon Waters (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetrating trojan) Michael Rowe (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetratingtrojan) Simon Waters (Dec 07)
- Re: [PEN-TEST] penetrating trojan Simon Waters (Dec 06)