Re: USB risks - working autorun example (fwd from pen-test)

[Harlan Carvey <keydet89 () yahoo com>]

> Attached is a proof-of-concept as made available by
> mak_pen () hotmail com 
> for using autorun with USB.

I haven't been able to get it to work on Win2K or XP,
and the OP doesn't seem to have specified the
manufacturer and model of the device used.

> This should work. As it was already released, I see
> nothing wrong with 
> relaying it again (with due credit) here.

"Should" work?  

The OP also mentions using a Reg file to modify the
NoDriveTypeAutorun Registry key, which by default, is
already configured (0x095, or 149) to NOT allow this
type of thing to work.

> I'd strongly suggest to people to read the
> (different) threads on the 
> subject on the pen-test list, a lot of questions
> were answered there.

Unfortunately, that's not really the case.  A lot of
things are said and claims are made...but not a lot of
questions are answered.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html