Penetration Testing mailing list archives
Evil autorun CD - ideas ? downloadable exploits anywhere ?
From: Petr.Kazil () eap nl
Date: Wed, 2 May 2007 20:59:44 +0200
On the Internet there is much talk about hacking through "evil USB sticks" : http://www.theregister.co.uk/2007/04/25/usb_malware/ I was inspired by a talk by John Craddock where he told the following anecdote: - He would bake a stack of CD's and bring them to a conference. The stack would gradually "evaporate" as people took a CD - even though the stack was not marked as "free for taking". When people inserted the CD a tune would be played. Gradually he would start hearing tunes in the neighbourhood as people inserted the CD ... It would be fun to make a few of these CD's and use them during a pentest. Of course the payload should be more malicious then. Question: Has anyone tried this before? Did it work? Greetings, Petr Kazil I will try to build a CD that will contain a photo viewer and a set of innocent pictures. But it will try to install a keylogger and send the collected data to a temporary server that I will install on the network. My hope is that if I download C++ keylogger source code, modify it a bit and compile it myself, that I will be able to evade virus checkers. I also might compile and install a network listener backdoor. At the moment I'm not even dreaming about rootkits and encrypted channels to the outside world - that's much too difficult for me. I don't think it will be able to collect password hashes or Active Directory passwords because the script and programs will be running as a normal domain user. But anyway it will be an interesting proof of concept. I wasn't able to find any exploit details on Google. I just get a lot of articles about the risks of autorun and ways to disable it ... This idea has one big risk - suppose someone takes the CD home. Then I would be committing a criminal act if I exploited his home computer. The articles about USB-stick pentesting don't mention this risk. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Evil autorun CD - ideas ? downloadable exploits anywhere ? Petr . Kazil (May 02)
- RE: Evil autorun CD - ideas ? downloadable exploits anywhere ? Shenk, Jerry A (May 02)
- Re: Evil autorun CD - ideas ? downloadable exploits anywhere ? Chris Kuethe (May 02)
- Re: Evil autorun CD - ideas ? downloadable exploits anywhere ? Michael (May 03)
- Re: Evil autorun CD - ideas ? downloadable exploits anywhere ? Joey Boyer (May 04)
- Re: Evil autorun CD - ideas ? downloadable exploits anywhere ? Chris Kuethe (May 02)
- RE: Evil autorun CD - ideas ? downloadable exploits anywhere ? Shenk, Jerry A (May 02)