Penetration Testing mailing list archives
Re: Penetration Testing Framework 0.24 released
From: "Sam Rakowski" <masterakowski () gmail com>
Date: Wed, 28 Feb 2007 06:31:10 -0500
I think that this was in The art of Intrusion. -----Original Message----- >From: "crazy frog crazy frog" <i.m.crazy.frog () gmail com> >Sent: 02.26.2007 17.00.38 >To: "Liam Downward" <ldownward () pervasivesolutions net> >Cc: "toggmeister () vulnerabilityassessment co uk" <toggmeister () vulnerabilityassessment co uk>, "pen-test () securityfocus com" <pen-test () securityfocus com> >Subject: Re: Penetration Testing Framework 0.24 released > >yeah,i read about this attack somewhere. > >On 2/25/07, Liam Downward <ldownward () pervasivesolutions net> wrote: >> A possible addition for Social Engineering is to gain entrance to a >> network via "Human curiosity" with the use of USB thumb drives that can >> be of any size (64mb, 512mb etc), that can be strategically dropped in >> employee area's like, kitchens, parking lots, and or doctor lounges >> etc... >> >> The USB thumb drive contains a simple application that is hidden and it >> can capture simple information of the network or you can have the >> application install a keylogger to capture usernames/passwords etc... to >> show the company in question how simple it is to gather information >> about the network for an attack or to turn machines into bots >> >> The application is initiated when an employee has found a USB thumb >> drive and their curiosity gets the better of them. Then they plug the >> USB thumb drive into their workstation or laptop to see what is on the >> USB thumb drive. This is when the hidden application on the USB thumb >> drive is executed via two methods: >> >> 1. If the machine in which the USB thumb drive is plugged into has >> AutoRun enabled the app will execute. >> 2. If AutoRun is not enabled then there is shortcuts on the USB thumb >> drive to entice the employee to click, which will execute the hidden >> application. Below are some examples of embedded shortcuts: >> >> Resume.doc >> Company Payscale.xls >> Johnny Cash (I Walk the Line).mp3 >> >> The application will encrypt the information captured and email to the >> testers for review, then the application along with the embedded >> shortcuts will delete themselves from the USB thumb drive. >> >> >> Liam Downward >> >> -----Original Message----- >> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] >> On Behalf Of crazy frog crazy frog >> Sent: Saturday, February 24, 2007 9:58 AM >> To: toggmeister () vulnerabilityassessment co uk >> Cc: pen-test () securityfocus com >> Subject: Re: Penetration Testing Framework 0.24 released >> >> good work :) >> >> On 23 Feb 2007 11:43:22 -0000, >> toggmeister () vulnerabilityassessment co uk >> <toggmeister () vulnerabilityassessment co uk> wrote: >> > Hi all, >> > The latest version of the Penetration Test Framework has been >> released and can be found at: >> > >> > http://www.vulnerabilityassessment.co.uk/Penetr??ation%20Test.html >> > >> > (Pdf version also available) >> > >> > Any additions/ suggestions would be gratefully received. >> > >> > The next release 0.25 should include a Wireless Pen Test add-on, with >> the assistance from the guys at http://www.wirelessdefence.org and >> hopefully a much extended cisco section that Lee is busy putting >> together. >> > >> > Rgds >> > >> > Toggmeister a.k.a Kev Orrey >> > http://www.vulnerabilityassessment.co.uk >> > >>
----------------------------------------------------------------------
>> > -- >> > This List Sponsored by: Cenzic >> > >> > Need to secure your web apps? >> > Cenzic Hailstorm finds vulnerabilities fast. >> > Click the link to buy it, try it or download Hailstorm for FREE. >> > >> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=70 >> > 1600000008bOW >>
----------------------------------------------------------------------
>> > -- >> > >> > >> >> >> -- >> --------------------------------------- >> http://www.secgeeks.com >> get a blog on secgeeks :) >> register here:- >> http://secgeeks.com/user/register >> rss feeds :- >> http://secgeeks.com/node/feed >> Submit you security articles,send them to secgeek () secgeeks com >> >> http://www.newskicks.com >> Submit and kick for new stories from all around the world. >> --------------------------------------- >> >> ---------------------------------------------------------------------- -- >> This List Sponsored by: Cenzic >> >> Need to secure your web apps? >> Cenzic Hailstorm finds vulnerabilities fast. >> Click the link to buy it, try it or download Hailstorm for FREE. >> >> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 >> 00000008bOW >> ---------------------------------------------------------------------- -- >> >> > > >-- >--------------------------------------- >http://www.secgeeks.com >get a blog on secgeeks :) >register here:- >http://secgeeks.com/user/register >rss feeds :- >http://secgeeks.com/node/feed >Submit you security articles,send them to secgeek () secgeeks com > >http://www.newskicks.com >Submit and kick for new stories from all around the world. >--------------------------------------- > >------------------------------------------------------------------------ >This List Sponsored by: Cenzic > >Need to secure your web apps? >Cenzic Hailstorm finds vulnerabilities fast. >Click the link to buy it, try it or download Hailstorm for FREE. > >http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW >------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Penetration Testing Framework 0.24 released toggmeister (Feb 23)
- Re: Penetration Testing Framework 0.24 released crazy frog crazy frog (Feb 25)
- RE: Penetration Testing Framework 0.24 released Liam Downward (Feb 26)
- Re: Penetration Testing Framework 0.24 released crazy frog crazy frog (Feb 26)
- RE: Penetration Testing Framework 0.24 released Melissa (Feb 28)
- Re: Penetration Testing Framework 0.24 released s-williams (Feb 28)
- RE: Penetration Testing Framework 0.24 released Liam Downward (Feb 26)
- RE: Penetration Testing Framework 0.24 released Liam Downward (Feb 28)
- Re: Penetration Testing Framework 0.24 released crazy frog crazy frog (Feb 25)
- <Possible follow-ups>
- RE: Penetration Testing Framework 0.24 released Liam Downward (Feb 26)
- Re: Penetration Testing Framework 0.24 released Sam Rakowski (Feb 28)