Re: USB delivered attacks

["Antonio Fontes 'Saphyr'" <saphyr () nxtg net>]

> > One possible scenario:
> > - Have a USB drive with a few tools on it.
> > - Have an auto-run configured to run pwdump and dump the SAM to the USB
> > drive

Hello everyone,

In order to put some 'practice' on this attack, I ve been trying this night
to effectively use autorun mechanisms and see what could be possible.

After reading the MSDN specs about autorun.inf file creation, I added
an autorun.inf into my USB device along with a little batch script whose
purpose was to copy the 'SAM' table and copy of the 'SET' command
result into a specific folder on the usb device.

Nothing happens... Even after being sure auto-run is enabled. Something
should be missing... are there specific operating systems that disable
auto-run by default ? (I am using windows 2000)

However, burning the batch + autorun file onto a cd-rom and inserting
it into the tray makes the auto-run sequence loading...

So 2-cents question: which os'es do really use USB devices auto-run
and on which USB devices does it work ? (not a usb hard-disk key it
seems)...







--
Antonio Fontes
Couche 7
Stratégie de communication et sécurité Web
http://www.nxtg.net/couche7










Refs:

Creating an auto-run enabled application
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/shellcc/platform/shell/programmersguide/shell_basics/shell_basics_extending/autorun/autoplay_intro.asp