Penetration Testing

Perhaps one of the must useful cases for the PassiveX payload is in the field of penetration testing where it's not always possible to get into a network by the most direct means. It is common practice for corporations to make use of some sort of outbound filter, whether it be network-based, application-based, intermediate, or a combination of all three. Under conditions like these, a penetration tester may find themselves capable of exploiting a vulnerability but without an ability to really take control of the machine being exploited. In cases such as these it would be useful to have a payload that is capable of constructing a tunnel over an arbitrary protocol, such as HTTP, that is able to bypass outbound filters.

This approach is also useful to a penetration tester in that it may also be possible for them to make meaningful use of client-side vulnerabilities that would otherwise be incommunicable due to restrictive outbound filters. A particularly interesting illustration of such an approach would be to demonstrate how dangerous client-side browser vulnerabilities can be by showing that even though a company employs outbound filters on the content that leaves the network, it is still possible for an attacker to build a streaming connection to machines on the internal network once a browser vulnerability has been taken advantage of. Though such a scenario will most likely not be the norm during penetration testing, it is nonetheless a useful tool to have in the event that such a case presents itself.