Proxy Aware trojans/ payloads

["Josh L. Perrymon" <joshuaperrymon () gmail com>]

I'm working on implementing rootkitting/ trojans/ Browser exploits into my
Phishing attacks...

I have noticed how easy it is to get users to give up credentials but
sometimes this only provides access to OWA for example...( if that is the
only resource available )


The network I'm looking at now doesn't have much of an Internet presence so
I haven't had any luck with any infrastructure or app holes...

I got about 5 accounts us the Phishing attack above- also wrote a script to
tail Apache custom logs and trend target users OS, browser, IP, plug-ins,
and remote time in hopes of using this to craft a browser attack…..

But if only OWA is available I'm initially limited to info harvesting in
hopes of finding something good in email.. (Usually sensitive docs)

Which brings me to my question:


What are the caveats of using browser exploits or Trojans/Rootkits to obtain
a reverse shell? I would want it to come out something like HTTP or HTTPS or
ICMP or DNS...  depending on the internal architecture...

Would one need to worry about the payload being proxy aware?  I'm thinking
that the proxy should cache credentials and allow the payload outbound since
the user had to initiate the request and download the Trojan or visit my
site to get exploited... OR would the backdoor or payload need to pass
credentials? Shouldn't be a problem.. because I already have them :)

Idears?

JP

www.packetfocus.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/