Results 1 to 8 of 8

Thread: Core Impact

  1. #1
    Junior Member
    Join Date
    Jul 2007
    Posts
    57

    Question Core Impact

    I recently began to use this tool to perform tests on client sites as well as our office network. It is ridiculously simple even though all of the functions can be performed with a little research using the tools provided in BT2.

    In terms of the Client Side Rapid Penetration Test, does anyone have a solution for getting Impact to send out your spoofed emails if the SMTP servers that are found in the client MX records turn out to (shockingly) not be relaying email anonymously? I think I may need to set up an SMTP server that I can bring up/take down when I plan to send out the Client Side attacks, but if there is another solution - I am all ears.

    And I do realize this is a BT forum and not a Core Impact one. I felt it was applicable to the forum as tools in BT allow for email enumeration/spoofing emails. Offensive Security courses also highlight the use of Core Impact. I hope this last paragraph has successfully deferred any "take it to another forum" comments.

    Thanks.
    Fingerprint.

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    We can't and won't pay the 25,000 dollars a year for a unlimited subscription so how can we help. For that kind of money you can bet your ass I'd be calling "TECH Support" at any time of the day with my questions.

  3. #3
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by purehate View Post
    We can't and won't pay the 25,000 dollars a year for a unlimited subscription so how can we help. For that kind of money you can bet your ass I'd be calling "TECH Support" at any time of the day with my questions.
    Yeah for that same $25K I could trade my Big Red h4X0r I7 n0w button for a diamond-studded rhodium one
    dd if=/dev/swc666 of=/dev/wyze

  4. #4
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    if you want more support for core impact ........
    just signup for off sec courses ....
    We are happy to present a new special opportunity for new and current "Offensive Security 101" students. We are offering free trial versions of Core Impact and Saint Exploit to those who subscribe to our flagship course "Offensive Security 101" including labs. These demos can be used outside of the lab premises.


    http://www.offensive-security.com/offsec101.php;)
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  5. #5
    Junior Member
    Join Date
    Jul 2007
    Posts
    57

    Default

    Let me ask it this way.

    Let's say you are on a client site and you want to send emails to a list of addresses you have harvested using a directory you gained access to. Uh oh, the client is doing one thing right - they stopped their SMTP servers from relaying spoofed email. Now you still want to send these emails with your proof of concept payload to their employees to highlight the fact that security awareness training is a need and social engineering issues are all over the place.

    How do you send the spoofed emails? Do you set up an SMTP server that you turn on/turn off when you want to send spoofed emails? Is there another way to crack this egg without hosting an SMTP server at the home base you have to VPN to and turn on in order to send the spoofed email?
    Fingerprint.

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    That would entirely depend on the level of privilege/access yoou have gained on the victim network. Another factor you have not given us is whether you have physical acces to the LAN or if this is all remote.

  7. #7
    Junior Member
    Join Date
    Jul 2007
    Posts
    57

    Default

    This was for a pentest that happened a few weeks ago, but at the point where I wanted to begin client side attacks through emails to demonstrate their willingness to open and run mean macros hidden using vba in an excel document. This part of the test should (and this is key) be able to be performed remotely as it does not require administrative access to send spoofed emails.

    A contractual directive of the pentest is to go as far as possible while not changing the settings on the systems; therefore, I did not want to edit their SMTP settings to allow for email relay.

    Let's play hypothetics. If I had been off-site and wanted to send the 500+ phishing emails to the employees of my client, I would have had to use an SMTP server I had set up for mail relay. I would just have to take it down once finished so the spammers would not take advantage of it. That seems like the course of action I will take in the future.
    Fingerprint.

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    That seems correct to me as well. Set up your own server and then be sure to cover your tracks with a proper house cleaning.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •