Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Social Engineering Website
From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: Tue, 13 Jan 2004 09:59:07 +0100

On Fri, 2004-01-09 at 15:32, Random Task wrote:

* Use IE remote exploits to start a netcat listening session (not
going to do much if they're behind a firewall though...could a
two-way connection be created by a host behind a firewall so that I
could get at it from our server?)

I wrote last year a tool named JAB and allowing a Win32 PC to
communicate with its master through the Internet Explorer OLE interface
(à la Setiri from SensePost).

During pen-tests, it can be used to create a command/data channel
between the compromised host and your server, even if the "client" must
go through personnel firewalls, NAT, antivirus gateways and proxys (even
authenticated). The only need of the client machine is that Internet
Explorer can access the Internet. Features : upload and download of
binary files, execution of command with result sent back to the
attacker, authentication of "clients", ...

I made a presentation about this in June to the SSTIC'03 conference,and
you can find the related PDF (in french), and the code, at :


Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire () exaprobe com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]