Penetration Testing mailing list archives
Re: Bootable CD Attack disk + NTFS question
From: "run][control" <runcontrol () gmail com>
Date: Wed, 22 Feb 2006 13:27:34 -0500
I would add that NTFS writing has been available on knoppix for some time through through the use of "captive-ntfs". It will scan an ntfs disk for necessary drivers or you can manually install them from a usb stick. While knoppix is not security focused it has been useful being able to update nessus plugins without having to load some script that rewrites the pluggins to ramdisk. This was particularly a pain with knoppix-std. STD was great when it first came out, then they stopped updating it and I haven't used it in years. I've been wasting my copious spare time at work making a bartPE live windows cd that has some nice features such as static binaries and programs that work in an already booted windows environment (adaware,mcafee, and static bins taken from the FIRE distro) It's been useful to give to first responders of incidents. I would like to expand this to more pen-testing (can you do that with windows? :)) with tools such as metasploit and possibly vmware player and a light pentesting distro. We'll see. - Jeremiah On 2/22/06, Petr.Kazil () eap nl <Petr.Kazil () eap nl> wrote:
If you want to read/write NTFS file systems on a "victim" workstation then this one is good: http://trinityhome.org/trk/ It's a Linux CD but you can add Windows drivers to it, and then it reads/writes to NTFS. Not many Linux CD's can do that. Do you know more? Has anyone ever tried to "inject" a trojan file + autostart link into a Windows file system using a CD like this? That looks like a doable exploit. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Bootable CD Attack disk Toby Barrick (Feb 21)
- Re: Bootable CD Attack disk Erin Carroll (Feb 21)
- Re: Bootable CD Attack disk + NTFS question Petr . Kazil (Feb 22)
- Re: Bootable CD Attack disk + NTFS question okrehel (Feb 22)
- Re: Bootable CD Attack disk + NTFS question run][control (Feb 22)
- Re: Bootable CD Attack disk + NTFS question subscribe (Feb 22)
- Re: Bootable CD Attack disk + NTFS question Petr . Kazil (Feb 22)
- RE: Bootable CD Attack disk Tuck, Andrew M - DOA (Feb 21)
- RE: Bootable CD Attack disk Rich (Feb 21)
- Re: Bootable CD Attack disk Robert J. Stull (Feb 21)
- RE: Bootable CD Attack disk daniel.sullivan (Feb 22)
- Re: Bootable CD Attack disk Michael Zanetta (Feb 21)
- Re: Bootable CD Attack disk jason potopa (Feb 21)
- RE: Bootable CD Attack disk Richard Zaluski (Feb 21)
- Re: Bootable CD Attack disk Rob Oravec (Feb 21)
- Re: Bootable CD Attack disk Tiago Rosado (Feb 21)
(Thread continues...)
- Re: Bootable CD Attack disk Erin Carroll (Feb 21)