With only FTP open you will have a tougher time. If you have administrator
rights you could still copy an executable into the correct directory - see
1, but you will not have the ability to reboot the host - you will have to
wait until someone reboots it. You might want to try a D.O.S attack on the
machine, but usually it will just hang (which is suspect, but will speed up
a manual reboot). If you do not have administrator rights chances are
slimmer - you need to upload a Trojan - again, be very careful what you
upload - most machines nowadays have virus scanners. You could try to wrap
netcat as something that the administrator will be tempted to execute - you
know the drill - pamela.exe or whatever. If you do not make use of a known
Trojan and there is no way for your custom Trojan to let you know that it
was executed you will need some mechanism of checking if the program was
executed - a (local) netcat in a loop with mail notification perhaps?
rights you could still copy an executable into the correct directory - see
1, but you will not have the ability to reboot the host - you will have to
wait until someone reboots it. You might want to try a D.O.S attack on the
machine, but usually it will just hang (which is suspect, but will speed up
a manual reboot). If you do not have administrator rights chances are
slimmer - you need to upload a Trojan - again, be very careful what you
upload - most machines nowadays have virus scanners. You could try to wrap
netcat as something that the administrator will be tempted to execute - you
know the drill - pamela.exe or whatever. If you do not make use of a known
Trojan and there is no way for your custom Trojan to let you know that it
was executed you will need some mechanism of checking if the program was
executed - a (local) netcat in a loop with mail notification perhaps?
No comments:
Post a Comment