Penetration Testing mailing list archives
RE: Autorun programs from flash drive.
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Wed, 16 Apr 2008 09:55:55 -0700
I've used Hak5's USB Switchblade in the past with great results (http://wiki.hak5.org/wiki/USB_Switchblade). There are multiple flavors to choose from or it's fairly easy to "roll your own." As for getting U3/autorun, if the target machine doesn't have Autorun turned on (and your flash drive isn't U3) I don't know of an easy way to enable/force this functionality so I'd also be interested to hear some ideas on this. As far as I'm aware, the only other option is to induce action from the target end-user. -- Erin Carroll Moderator, SecurityFocus pen-test mailing list amoeba () amoebazone com "Do Not Taunt Happy-Fun Ball" -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of arckeda () yahoo com Sent: Tuesday, April 15, 2008 8:09 PM To: pen-test () securityfocus com Subject: Autorun programs from flash drive. Hello, and thanks for reading this. I am sure we are all know of the Autorun feature in Cdroms and Dvdroms, how the program just runs out of the box. I am trying to figure out how to include this functionality in flash drives. /* I have a SD card with a USB adapter to test with. */ This would allow, say, for me to quickly insert a drive into a computer, have it silently run something like Meterpreter or another backdoor program, and then have remote access to the computer, assuming Windows runs it and doesn't detect a malicious program. I understand that Windows by default will not run Autorun.inf by default on flash drives, except the U3s. But I have also heard that you can format a flash drive to look like a cdrom to Windows. This is about all I know. If you have any more information, or would know about how to go about doing this, please tell me. Thank you again. -ARCKEDA ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Autorun programs from flash drive. arckeda (Apr 16)
- RE: Autorun programs from flash drive. Erin Carroll (Apr 16)
- RE: Autorun programs from flash drive. Joe Klein (Apr 16)
- RE: Autorun programs from flash drive. Morris Sgt Derek P (Apr 16)
- Re: Autorun programs from flash drive. Shreyas Zare (Apr 16)
- Re: Autorun programs from flash drive. Gadi Evron (Apr 16)
- Re: Autorun programs from flash drive. Victor DaViking (Apr 18)
- <Possible follow-ups>
- Re: Re: Autorun programs from flash drive. arckeda (Apr 19)