njemjy wrote:I am in the process of trying to the same thing within my organization. Unfortunately, I dont have someone who can write the trojan for me.
Does anyone know of any programs I can use? Have any of you done this first hand and can provide some guidance?
use ./msfpayload to generate a self contained executable. You can use any of the metasploit payloads for this. Obviously if you choose to use the connect back option you had better have something listening. use the multi/handler opiton.
With regards to Social Engineering, I fail to see how it is not a valid attack vector. You talk about Social Engineers being 'scum', etc... Is not part of your job as a pentester to simulate the attacks from these 'scum'? It seems to me that if you avoid or discount this attack vector then you are doing your clients a disservice.
If the scope requires it, then what is the problem? It seems that the idea that there is 'no security' amongst users is to blame. When assessing technical controls of a system, etc... don't you assign a grade or whatever scoring system you used based on the overall security of that system? I constantly hear the phrase "there is no such thing as 100% secure systems" or some variant thereof. If we apply this approach to technical controls that are put in place how is it that we assume that the users should have 100% as a grade? Rather than assuming that all users are going to fail perhaps the same approach you take to the technical aspects you should use when assessing users.
So if you perform as SE type attack (email, IM, WEB, Phone, physical, etc) would this not produce certain metrics? This gives the organization an idea if their user-awareness programs are working or need improvement. I fail to see how this is not valuable. If you can show improvement over time by repeating the SE exercise then I see that as a good thing and something that has value to the company.