Home page logo

pen-test logo Penetration Testing mailing list archives

Social Engineering Website
From: Random Task <rand0m_t4sk () yahoo com>
Date: Fri, 9 Jan 2004 06:32:48 -0800 (PST)

Good day,

I've been tasked at work with modifying our social engineering
website. We currently have a page that we send to our customers that
is generically labelled "Audit Team Survey," and this page just
prompts the user to login, which we take and dump into a DB for use
later to try to get into their systems.

The modification we'd like to make to our site would be a remote
exploit of some sort, and I'm not totally sure where to go with that.
I'm wondering if there are products or programs that exist that could
be used in this way. It is of utmost importance that this program can
be easily and totally removed after the testing is complete. Free is
good. We don't really have any requirements beyond that. 

Things I've thought of so far: (Some of these would be sent out using
a compromised email account from another employee in a sort of "hey,
check this out!" message)
* Use IE remote exploits to start a netcat listening session (not
going to do much if they're behind a firewall though...could a
two-way connection be created by a host behind a firewall so that I
could get at it from our server?)
* Create a screen saver application of some sort that would gather
system/user information and transmit to our webserver (has merit, but
this would be an undertaking, as all my programming in college was in
Solaris and LINUX)
* Create a free automated "security scanner" application similar to
the screen saver

There were probably others, but I'm still on coffee #1.

Cons to doing this, as I see it: the employee may forward the message
outside their company, skewing results and running on systems without
permission. (this would only be if a screensaver/application were

This risk would be mitigated, as we would most likely only include a
link back to our website (with deny all/allow specific IP rules) with
the screensaver/app on it. Then VPN'd employees are the exception,
but for most of our contracts, I don't think this is outside the
scope of the test.

As a last note, we'd need to get people to go there. Making it look
legit would be good. (i.e. use the %00 IE exploit to make the URL
look like it's internal and make the site look like their own) Any
techniques or message styles you've used and had success with?

(This is an anonymous account I use for mailing lists. Feel free to
mail me here and request a message from my real address if that would
make you more comfortable with sharing information with me.)

Thanks for any input,


Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]