Hackers of India

Handle Exploitation of Remote System From Email Account

 Bhaumik Merchant 

2011/12/04


Presentation Material

Handle Explotion of Remote System Without Being Online (Merchant Bhaumik) from ClubHack

Abstract

Video’s for the talk are listed below

In this talk , we gonna cover offline exploitation ways . One of the way shows spawning the Dynamic Reverse Shell and the other one shows , how we can get victim data with using an email account of Gmail,yahoo etc. All the communication between the attacker and Victim is done using a stand alone email account.

One of the problem being an attacker we find that once we exploit the system, it is so tricky to get access every time when victim system is up (internet connected!) for further command execution, both victim and attacker should be online my mechanism works on different mechanism..in which if one is online No Problem At All!! so in this presentation i am gonna show how we can use gmail,yahoo mail services to gain control over remote system with my tool as a payload and backdoor and it is anonymous, so no reverse trace backs no need for complicated methods for accessing remote systems. It is a new type of method of Maintaining remote access so if we create the exe using C# or any language it can be used as a payload in metasploit exploitation framework.