HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 43 guests and 2 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow malware loaded netbooks
EH-Net
May 21, 2013, 04:27:58 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: malware loaded netbooks  (Read 5172 times)
0 Members and 1 Guest are viewing this topic.
WCNA
Full Member
***
Offline Offline

Posts: 187



View Profile
« on: May 12, 2011, 01:08:03 PM »
I was watching a video by HD Moore and he was talking about one of the greatest successes in pentesting was delivering malware loaded netbooks to certain individuals in a company under the guise of a thank-you from some software or hardware manufacturer. I think the quote was a 95% success (or failure depending on how you look at it) rate.

My question is there canned software just for this purpose or is it all custom made, i.e. how would one go about setting one of these up? For instance, I could use the 'generate' function in BT with the '-x' switch to infect a bunch of programs with different payloads using the '-i' switch to obfuscate the malware. Or just use smartlogger to not set off any (many?) IDS?
Or install a rootkit (would that be overdoing it?)
Or is just the acceptance of a netbook considered good enough?

Anybody have an opinion on real world examples?

Logged
ISC2 Associate, WCNA, CWNA, OSCP, Network+
cd1zz
Hero Member
*****
Offline Offline

Posts: 561


View Profile WWW
« Reply #1 on: May 12, 2011, 02:57:47 PM »
He's just talking about loading up a netbook with some sort of metasploit payload or in HD's case, probably a super awesome magical payload that no one knows about. More than likely he just adds it to a startup folder on the box so that it runs every time they boot the netbook up. From there, he just pivots throughout the new network.

Depending on how fortified your client is would depend on how stealthy you need to be. Usually a reverse connect payload over 80 or 443 will get you what you want. If there is a real need to hide the payload from AV, you might want to look at a new post from scriptjunkie. I helped him get a payload 100% undetectable:

http://www.scriptjunkie.us/2011/04/why-encoding-does-not-matter-and-how-metasploit-generates-exes/
Logged
OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
WCNA
Full Member
***
Offline Offline

Posts: 187



View Profile
« Reply #2 on: May 13, 2011, 07:21:34 AM »
Thanks for the link. Very interesting reading.
Logged
ISC2 Associate, WCNA, CWNA, OSCP, Network+
csesuvra
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #3 on: May 31, 2011, 10:56:31 PM »
Your situation looks like me. I have also seen the video & now I need more idea as well as suggestion about real world..
Logged
Suvra Cse
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.059 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.