Penetration Testing mailing list archives
RE: Creating a Custom Trojan after Social Engineering
From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 17 Jan 2005 08:43:42 -0600
If you know the type of AV they use..you can find something that isn't detectable. Try to run whatever you want to use thru www.virustotal.com and see how it is detected. It is a common practice to tweak the EXE a bit and bypass the search string used by the AV. Hence why variants are so danger and common.
-----Original Message----- From: Ofer Shezaf [mailto:Ofer.Shezaf () breach com] Sent: Saturday, January 15, 2005 5:24 AM To: Todd Towles; Eric McCarty; Slider Slider; pen-test () securityfocus com Subject: RE: Creating a Custom Trojan after Social Engineering My personal favorite is netcat, but: The problem with using off the shelf tools is that anti-virus software detects them: keyloggers are especially notorious as are tunneling tools. What ever you select try to check that the anti-virus used at the organization does not detect the tool you use. Ofer Shezaf CTO, Breach Security Tel: +972.9.956.0036 ext.212 Cell: +972.54.443.1119 ofers () breach com http://www.breach.com-----Original Message----- From: Todd Towles [mailto:toddtowles () brookshires com] Sent: Friday, January 14, 2005 1:02 AM To: Eric McCarty; Slider Slider; pen-test () securityfocus com Subject: RE: Creating a Custom Trojan after Social Engineering http://ntsecurity.nu/papers/acktunneling/ NetCat can be set to call out to a pre-defined IP, I believe. Search for Rx.exe as well - Windows Universal Reverse Shell Trojan-----Original Message----- From: Eric McCarty [mailto:eric () piteduncan com] Sent: Thursday, January 13, 2005 12:30 PM To: Slider Slider; pen-test () securityfocus com Subject: RE: Creating a Custom Trojan after Social Engineering VNC offers the option to reverse connect using the-connect commandline. Here is an example of using SSH and VNC. Not quite aremote accessTrojan but very simple. http://faq.gotomyvnc.com/fom-serve/cache/128.html -----Original Message----- From: Slider Slider [mailto:0bscur3 () gmail com] Sent: Wednesday, January 12, 2005 3:34 PM To: pen-test () securityfocus com Subject: Creating a Custom Trojan after Social Engineering In the middle of a pen test and I have sucessfully SE'd some employees to visit a website that I created to download akeylogger.I was able to get a lot of information. I am working onthe firewalland there are no open ports or services running, strictlyinternetaccess....so the thought.... I want to exchange the executable keylogger for a trojanthat willconnect to me from the client giving me remote access control. I have sampled a few, but can't find any custom programswhere I cantell it what to do and when to uninstall. Has anyone tried this? 0bscur3
Current thread:
- Creating a Custom Trojan after Social Engineering Slider Slider (Jan 13)
- <Possible follow-ups>
- RE: Creating a Custom Trojan after Social Engineering Eric McCarty (Jan 13)
- RE: Creating a Custom Trojan after Social Engineering Todd Towles (Jan 14)
- Re: Creating a Custom Trojan after Social Engineering H Carvey (Jan 14)
- RE: Creating a Custom Trojan after Social Engineering Todd Towles (Jan 17)