Penetration Testing mailing list archives
USB delivered attacks
From: "Jerry Shenk" <jshenk () decommunications com>
Date: Thu, 27 May 2004 22:06:00 -0400
I recently inserted some guy's USB drive into a machine and was a but surprised when it went into an auto-run sequence. I think turning off auto-run is a REALLY good idea. On a USB drive, it seems like it could be really dangerous. Has anybody messed with this? One possible scenario: - Have a USB drive with a few tools on it. - Have an auto-run configured to run pwdump and dump the SAM to the USB drive It seems that this attack would work with a machine that was locked from the console. Does 'autorun' still work under a locked screen? With this USB drive being writeable, it would seem that some scripted attack to extract information from a machine could be amazingly fruitful....the possibilities are almost endless.
Current thread:
- List Closure From May 28 - May 30 Alfred Huger (May 27)
- USB delivered attacks Jerry Shenk (May 31)
- Re: USB delivered attacks Gadi Evron (May 31)
- USB delivered attacks Jerry Shenk (May 31)