lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e024ccca0710311634o247cf4b6rec90ae1e8cde940@mail.gmail.com>
Date: Wed, 31 Oct 2007 19:34:50 -0400
From: "Dude VanWinkle" <dudevanwinkle@...il.com>
To: "Joshua Tagnore" <joshua.tagnore@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Flash that simulates virus scan

On 10/31/07, Joshua Tagnore <joshua.tagnore@...il.com> wrote:
> List,
>
>     Some time ago I remember that someone posted a PoC of a small site that
> had a really nice looking flash animation that "performed a virus scan" and
> after the "virus scan" was finished, the user was prompted for a "Download
> virus fix?" question. After that, of course, a file is sent to the user and
> he got infected with some malware. Right now I'm performing a penetration
> test, and I would like to target some of the users of the corporate LAN, so
> I think this approach is the best in order to penetrate to the LAN.
>
>     I searched google but failed to find the URL, could someone send it to
> me ? Thanks!

You can always use the 'ol drop-a-usb-flash-drive-in-the-parking-lot
trick. I find it helps if you label it "2006 salary report" or
"Classified- 2008 Layoffs". This usually does the trick if autorun is
enabled on workstations. If you can find a way to create cdfs
formatted pen drives, lemme know.

Don't forget to chop your keylogger in half with hex editors till you
find the signature and then edit it so they no longer detect you.

-JP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ