HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 81 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow malware loaded netbooks
EH-Net
May 26, 2012, 05:57:24 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: malware loaded netbooks  (Read 3710 times)
0 Members and 2 Guests are viewing this topic.
WCNA
Full Member
***
Offline Offline

Posts: 182



View Profile
« on: May 12, 2011, 01:08:03 PM »
I was watching a video by HD Moore and he was talking about one of the greatest successes in pentesting was delivering malware loaded netbooks to certain individuals in a company under the guise of a thank-you from some software or hardware manufacturer. I think the quote was a 95% success (or failure depending on how you look at it) rate.

My question is there canned software just for this purpose or is it all custom made, i.e. how would one go about setting one of these up? For instance, I could use the 'generate' function in BT with the '-x' switch to infect a bunch of programs with different payloads using the '-i' switch to obfuscate the malware. Or just use smartlogger to not set off any (many?) IDS?
Or install a rootkit (would that be overdoing it?)
Or is just the acceptance of a netbook considered good enough?

Anybody have an opinion on real world examples?

Logged
ISC2 Associate, WCNA, CWNA, OSCP, Network+
cd1zz
Sr. Member
****
Offline Offline

Posts: 393


View Profile WWW
« Reply #1 on: May 12, 2011, 02:57:47 PM »
He's just talking about loading up a netbook with some sort of metasploit payload or in HD's case, probably a super awesome magical payload that no one knows about. More than likely he just adds it to a startup folder on the box so that it runs every time they boot the netbook up. From there, he just pivots throughout the new network.

Depending on how fortified your client is would depend on how stealthy you need to be. Usually a reverse connect payload over 80 or 443 will get you what you want. If there is a real need to hide the payload from AV, you might want to look at a new post from scriptjunkie. I helped him get a payload 100% undetectable:

http://www.scriptjunkie.us/2011/04/why-encoding-does-not-matter-and-how-metasploit-generates-exes/
Logged
OSCE | OSCP | OWSP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
WCNA
Full Member
***
Offline Offline

Posts: 182



View Profile
« Reply #2 on: May 13, 2011, 07:21:34 AM »
Thanks for the link. Very interesting reading.
Logged
ISC2 Associate, WCNA, CWNA, OSCP, Network+
csesuvra
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #3 on: May 31, 2011, 10:56:31 PM »
Your situation looks like me. I have also seen the video & now I need more idea as well as suggestion about real world..
Logged
Suvra Cse
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.197 seconds with 21 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.