From: Otero, Hernan (EDS) (HOtero@lanchile.cl)
Date: Fri Jan 09 2004 - 15:43:06 EST
You could make a two way connection from behind a firewall through proxys
just doing a HTTPS CONNECT session.
Even better if you have some users and password, basic authentication is
very simple.
I do this all the time. I have coded some tools ( for private use ) and
really work.
This is just a reverse telnet through proxys.
My $0.02
-----Original Message-----
From: Random Task [mailto:rand0m_t4sk@yahoo.com]
Sent: Friday, January 09, 2004 10:33 AM
To: pen-test@securityfocus.com
Subject: Social Engineering Website
Good day,
I've been tasked at work with modifying our social engineering website. We
currently have a page that we send to our customers that is generically
labelled "Audit Team Survey," and this page just prompts the user to login,
which we take and dump into a DB for use later to try to get into their
systems.
The modification we'd like to make to our site would be a remote exploit of
some sort, and I'm not totally sure where to go with that. I'm wondering if
there are products or programs that exist that could be used in this way. It
is of utmost importance that this program can be easily and totally removed
after the testing is complete. Free is good. We don't really have any
requirements beyond that.
Things I've thought of so far: (Some of these would be sent out using a
compromised email account from another employee in a sort of "hey, check
this out!" message)
* Use IE remote exploits to start a netcat listening session (not going to
do much if they're behind a firewall though...could a two-way connection be
created by a host behind a firewall so that I could get at it from our
server?)
* Create a screen saver application of some sort that would gather
system/user information and transmit to our webserver (has merit, but this
would be an undertaking, as all my programming in college was in Solaris and
LINUX)
* Create a free automated "security scanner" application similar to the
screen saver
There were probably others, but I'm still on coffee #1.
Cons to doing this, as I see it: the employee may forward the message
outside their company, skewing results and running on systems without
permission. (this would only be if a screensaver/application were
used)
This risk would be mitigated, as we would most likely only include a link
back to our website (with deny all/allow specific IP rules) with the
screensaver/app on it. Then VPN'd employees are the exception, but for most
of our contracts, I don't think this is outside the scope of the test.
As a last note, we'd need to get people to go there. Making it look legit
would be good. (i.e. use the %00 IE exploit to make the URL look like it's
internal and make the site look like their own) Any techniques or message
styles you've used and had success with?
(This is an anonymous account I use for mailing lists. Feel free to mail me
here and request a message from my real address if that would make you more
comfortable with sharing information with me.)
Thanks for any input,
RT
__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:45 EDT