Full Disclosure mailing list archives
Re: USB risks - working autorun example (fwd from pen-test)
From: Harlan Carvey <keydet89 () yahoo com>
Date: Sat, 19 Jun 2004 09:19:47 -0700 (PDT)
Attached is a proof-of-concept as made available by mak_pen () hotmail com for using autorun with USB.
I haven't been able to get it to work on Win2K or XP, and the OP doesn't seem to have specified the manufacturer and model of the device used.
This should work. As it was already released, I see nothing wrong with relaying it again (with due credit) here.
"Should" work? The OP also mentions using a Reg file to modify the NoDriveTypeAutorun Registry key, which by default, is already configured (0x095, or 149) to NOT allow this type of thing to work.
I'd strongly suggest to people to read the (different) threads on the subject on the pen-test list, a lot of questions were answered there.
Unfortunately, that's not really the case. A lot of things are said and claims are made...but not a lot of questions are answered. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- USB risks - working autorun example (fwd from pen-test) Gadi Evron (Jun 19)
- Re: USB risks - working autorun example (fwd from pen-test) Harlan Carvey (Jun 19)
- server administration harry (Jun 21)
- Re: server administration Ron DuFresne (Jun 21)
- Re: server administration Gregory A. Gilliss (Jun 21)
- Re: server administration Mohit Muthanna (Jun 25)
- Re: server administration misiu_ (Jun 24)
- Re: server administration Mohit Muthanna (Jun 25)
- Re: server administration Darren Spruell (Jun 25)
- Re: server administration Mohit Muthanna (Jun 25)