lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7d85153f0606062350x39338321vfddd508e9c82c067@mail.gmail.com>
Date: Wed Jun  7 07:50:21 2006
From: joshuaperrymon at gmail.com (Josh L. Perrymon)
Subject: Proxy Aware trojans/ payloads

I'm working on implementing rootkitting/ trojans/ Browser exploits into my
Phishing attacks...

I have noticed how easy it is to get users to give up credentials but
sometimes this only provides access to OWA for example...( if that is the
only resource available )


The network I'm looking at now doesn't have much of an Internet presence so
I haven't had any luck with any infrastructure or app holes...

I got about 5 accounts us the Phishing attack above- also wrote a script to
tail Apache custom logs and trend target users OS, browser, IP, plug-ins,
and remote time in hopes of using this to craft a browser attack?..

But if only OWA is available I'm initially limited to info harvesting in
hopes of finding something good in email.. (Usually sensitive docs)

Which brings me to my question:


What are the caveats of using browser exploits or Trojans/Rootkits to obtain
a reverse shell? I would want it to come out something like HTTP or HTTPS or
ICMP or DNS...  depending on the internal architecture...

Would one need to worry about the payload being proxy aware?  I'm thinking
that the proxy should cache credentials and allow the payload outbound since
the user had to initiate the request and download the Trojan or visit my
site to get exploited... OR would the backdoor or payload need to pass
credentials? Shouldn't be a problem.. because I already have them :)

Idears?

JP

www.packetfocus.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060607/07312f5f/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ