Penetration Testing mailing list archives

Re: Penetration Testing Framework 0.24 released

From: "Sam Rakowski" <masterakowski () gmail com>
Date: Wed, 28 Feb 2007 06:31:10 -0500

I think that this was in The art of Intrusion.

-----Original Message-----
   >From: "crazy frog crazy frog" <i.m.crazy.frog () gmail com>
   >Sent: 02.26.2007 17.00.38
   >To: "Liam Downward" <ldownward () pervasivesolutions net>
   >Cc: "toggmeister () vulnerabilityassessment co uk"
<toggmeister () vulnerabilityassessment co uk>, "pen-test () securityfocus com"
<pen-test () securityfocus com>
   >Subject: Re: Penetration Testing Framework 0.24 released
   >
   >yeah,i read about this attack somewhere.
   >
   >On 2/25/07, Liam Downward <ldownward () pervasivesolutions net> wrote:
   >> A possible addition for Social Engineering is to gain entrance to a
   >> network via "Human curiosity" with the use of USB thumb drives that
can
   >> be of any size (64mb, 512mb etc), that can be strategically dropped in
   >> employee area's like, kitchens, parking lots, and or doctor lounges
   >> etc...
   >>
   >> The USB thumb drive contains a simple application that is hidden and
it
   >> can capture simple information of the network or you can have the
   >> application install a keylogger to capture usernames/passwords etc...
to
   >> show the company in question how simple it is to gather information
   >> about the network for an attack or to turn machines into bots
   >>
   >> The application is initiated when an employee has found a USB thumb
   >> drive and their curiosity gets the better of them. Then they plug the
   >> USB thumb drive into their workstation or laptop to see what is on the
   >> USB thumb drive. This is when the hidden application on the USB thumb
   >> drive is executed via two methods:
   >>
   >> 1. If the machine in which the USB thumb drive is plugged into has
   >> AutoRun enabled the app will execute.
   >> 2. If AutoRun is not enabled then there is shortcuts on the USB thumb
   >> drive to entice the employee to click, which will  execute the hidden
   >> application. Below are some examples of embedded shortcuts:
   >>
   >>               Resume.doc
   >>               Company Payscale.xls
   >>               Johnny Cash (I Walk the Line).mp3
   >>
   >> The application will encrypt the information captured and email to the
   >> testers for review, then the application along with the embedded
   >> shortcuts will delete themselves from the USB thumb drive.
   >>
   >>
   >> Liam Downward
   >>
   >> -----Original Message-----
   >> From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
   >> On Behalf Of crazy frog crazy frog
   >> Sent: Saturday, February 24, 2007 9:58 AM
   >> To: toggmeister () vulnerabilityassessment co uk
   >> Cc: pen-test () securityfocus com
   >> Subject: Re: Penetration Testing Framework 0.24 released
   >>
   >> good work :)
   >>
   >> On 23 Feb 2007 11:43:22 -0000,
   >> toggmeister () vulnerabilityassessment co uk
   >> <toggmeister () vulnerabilityassessment co uk> wrote:
   >> > Hi all,
   >> >   The latest version of the Penetration Test Framework has been
   >> released and can be found at:
   >> >
   >> > http://www.vulnerabilityassessment.co.uk/Penetr??ation%20Test.html
   >> >
   >> > (Pdf version also available)
   >> >
   >> > Any additions/ suggestions would be gratefully received.
   >> >
   >> > The next release 0.25 should include a Wireless Pen Test add-on,
with
   >> the assistance from the guys at http://www.wirelessdefence.org and
   >> hopefully a much extended cisco section that Lee is busy putting
   >> together.
   >> >
   >> > Rgds
   >> >
   >> > Toggmeister a.k.a Kev Orrey
   >> > http://www.vulnerabilityassessment.co.uk
   >> >
   >>

----------------------------------------------------------------------

   >> > --
   >> > This List Sponsored by: Cenzic
   >> >
   >> > Need to secure your web apps?
   >> > Cenzic Hailstorm finds vulnerabilities fast.
   >> > Click the link to buy it, try it or download Hailstorm for FREE.
   >> >
   >> >
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
   >> > 1600000008bOW
   >>

----------------------------------------------------------------------

   >> > --
   >> >
   >> >
   >>
   >>
   >> --
   >> ---------------------------------------
   >> http://www.secgeeks.com
   >> get a blog on secgeeks :)
   >> register here:-
   >> http://secgeeks.com/user/register
   >> rss feeds :-
   >> http://secgeeks.com/node/feed
   >> Submit you security articles,send them to secgeek () secgeeks com
   >>
   >> http://www.newskicks.com
   >> Submit and kick for new stories from all around the world.
   >> ---------------------------------------
   >>
   >> ----------------------------------------------------------------------
--
   >> This List Sponsored by: Cenzic
   >>
   >> Need to secure your web apps?
   >> Cenzic Hailstorm finds vulnerabilities fast.
   >> Click the link to buy it, try it or download Hailstorm for FREE.
   >>
   >>
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
   >> 00000008bOW
   >> ----------------------------------------------------------------------
--
   >>
   >>
   >
   >
   >--
   >---------------------------------------
   >http://www.secgeeks.com
   >get a blog on secgeeks :)
   >register here:-
   >http://secgeeks.com/user/register
   >rss feeds :-
   >http://secgeeks.com/node/feed
   >Submit you security articles,send them to secgeek () secgeeks com
   >
   >http://www.newskicks.com
   >Submit and kick for new stories from all around the world.
   >---------------------------------------
   >
   >------------------------------------------------------------------------
   >This List Sponsored by: Cenzic
   >
   >Need to secure your web apps?
   >Cenzic Hailstorm finds vulnerabilities fast.
   >Click the link to buy it, try it or download Hailstorm for FREE.
   >
   >http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
   >------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Penetration Testing Framework 0.24 released toggmeister (Feb 23)
- Re: Penetration Testing Framework 0.24 released crazy frog crazy frog (Feb 25)
  - RE: Penetration Testing Framework 0.24 released Liam Downward (Feb 26)
    - Re: Penetration Testing Framework 0.24 released crazy frog crazy frog (Feb 26)
    - RE: Penetration Testing Framework 0.24 released Melissa (Feb 28)
    - Re: Penetration Testing Framework 0.24 released s-williams (Feb 28)
  - RE: Penetration Testing Framework 0.24 released Liam Downward (Feb 28)
- <Possible follow-ups>
- RE: Penetration Testing Framework 0.24 released Liam Downward (Feb 26)
- Re: Penetration Testing Framework 0.24 released Sam Rakowski (Feb 28)