I dont even really know what to put for the subtitle...

General technological topics without their own forum go here

I dont even really know what to put for the subtitle...

Post by xTractatorix on Sat Aug 11, 2012 2:25 pm
([msg=68710]see I dont even really know what to put for the subtitle...[/msg])

Okay so what im wondering is if there is a way to send or download files to a remote computer without the owner of the pc finding out that there's a file being downloaded. I ask this beacuase, i was thinking if lets say port 80 is open, in the same way that the pc can download files from remote servers, then couldnt it be possible to send files to that same pc through a server?
xTractatorix
Experienced User
Experienced User
 
Posts: 61
Joined: Sun May 13, 2012 8:42 am
Blog: View Blog (0)


Re: I dont even really know what to put for the subtitle...

Post by WallShadow on Sat Aug 11, 2012 2:54 pm
([msg=68711]see Re: I dont even really know what to put for the subtitle...[/msg])

Well, first off, if you can get a program to run on their computer, you can do virtually anything. Just open a port on that computer and connect to your server and download directly with TCP. This is probably the simplest method.

Other than that, the only way is probably to exploit a process running a port on the victim's computer and force him to download it.
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: I dont even really know what to put for the subtitle...

Post by cyberdrain on Sat Aug 11, 2012 3:53 pm
([msg=68712]see Re: I dont even really know what to put for the subtitle...[/msg])

Just like Wallshadow said: the program should actively request a file to get it on the computer. Take Bittorrent for example, the program runs on a port (usually something over 10000) and requests files (or rather packets) from other computers. You'll have to force the user to download a file before it will download it. You could use different vulnerabilities (maybe of the same program running on that port 80) to get a file on a computer or if you have (local) access all that is needed is a RAT. So unless you can trick the person using the computer to download something and execute it, you'll have to use other ways than getting in through the 'front door'.
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1109
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: I dont even really know what to put for the subtitle...

Post by WallShadow on Sat Aug 11, 2012 8:30 pm
([msg=68715]see Re: I dont even really know what to put for the subtitle...[/msg])

Now this is pure theory from me right now, but if the user is just, say, your basic Joe who uses facebook daily, then there are a number of different man-in-the-middle attacks you can do. If you control a server that he connects to (in our example, that would be the facebook server) then you can just set up a script to wait specifically for Joe and give him a malicious copy of the facebook webpage when he requests it, which will hack him without him ever knowing it. You can also set up a free sub-domain with a proxy on it with the same kind of script which will, again, hack our Joe. Similar thing can be done if you control a server / router through which he is connecting. If you just happened to be on the same network as him, maybe you can do some fancy packet injection? Dunno.
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests