From: Nicolas Gregoire (ngregoire@exaprobe.com)
Date: Tue Jan 13 2004 - 03:59:07 EST
On Fri, 2004-01-09 at 15:32, Random Task wrote:
> * Use IE remote exploits to start a netcat listening session (not
> going to do much if they're behind a firewall though...could a
> two-way connection be created by a host behind a firewall so that I
> could get at it from our server?)
I wrote last year a tool named JAB and allowing a Win32 PC to
communicate with its master through the Internet Explorer OLE interface
(à la Setiri from SensePost).
During pen-tests, it can be used to create a command/data channel
between the compromised host and your server, even if the "client" must
go through personnel firewalls, NAT, antivirus gateways and proxys (even
authenticated). The only need of the client machine is that Internet
Explorer can access the Internet. Features : upload and download of
binary files, execution of command with result sent back to the
attacker, authentication of "clients", ...
I made a presentation about this in June to the SSTIC'03 conference,and
you can find the related PDF (in french), and the code, at :
http://www.sstic.org/presentations/JAB___N._Gregoire/
Regards,
-- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:45 EDT