Penetration Testing mailing list archives
Re: Evil autorun CD - ideas ? downloadable exploits anywhere ?
From: "Michael" <blackavar () citizensofgravity com>
Date: Thu, 3 May 2007 09:26:13 -0400 (EDT)
A dir of "%USERPROFILE%\Recent" might give you and the client an excellent view of what you could access just from the one workstation without any privilege escalation--kind of bring it home for them. :-) You might also find yourself a copy of "Our_entire_network.vsd" if one of their admins falls for the CD trick. If you are really keen the spec for .lnk files is here: http://mediasrv.ns.ac.yu/extra/fileformat/windows/lnk/shortcut.pdf and you could write a script to parse out the actual file locations.
On 5/2/07, Shenk, Jerry A <jshenk () decommunications com> wrote:Now, rooting every box that runs the CD...that would be even more
interesting...but, if it's part of a pen-test, I'm not sure where the problem would be...a user taking the CD home would definitely be interesting...might be a little tough to keep that in scope. Maybe put a warning label on it not to remove it from the building;)
If you're already grabbing net info, do a basic check to see if you're
running on the authorized corporate net.
if not, just autoeject the cd... or if it's a rewritable cd, try to
erase the cd.
CK -- GDB has a 'break' feature; why doesn't it have 'fix' too? ------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
-- "Proceeds the Weedian... Nazareth!" -Sleep ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Evil autorun CD - ideas ? downloadable exploits anywhere ? Petr . Kazil (May 02)
- RE: Evil autorun CD - ideas ? downloadable exploits anywhere ? Shenk, Jerry A (May 02)
- Re: Evil autorun CD - ideas ? downloadable exploits anywhere ? Chris Kuethe (May 02)
- Re: Evil autorun CD - ideas ? downloadable exploits anywhere ? Michael (May 03)
- Re: Evil autorun CD - ideas ? downloadable exploits anywhere ? Joey Boyer (May 04)
- Re: Evil autorun CD - ideas ? downloadable exploits anywhere ? Chris Kuethe (May 02)
- RE: Evil autorun CD - ideas ? downloadable exploits anywhere ? Shenk, Jerry A (May 02)