Re: [Full-Disclosure] Bootable Memorystick?
From: Qber_GuidoZ?= (uberguidoz_at_gmail.com)
To: firstname.lastname@example.org Date: Mon, 30 Aug 2004 15:14:06 -0400
Agree with your answer - in fact, I've successfully booted the Live
Knoppix version from a 1GB USB stick. Took some configuring, but runs
beautifully once done.
If you can get it to work, or worried it might, it has EVERYTHING to
do with a security mailing list! Lets say I have physical access to a
secured machine. I can't crack the password, nor can I hack into a
user account, etc. No worries, I just pop in my memory and stick and
pull the power plug. Turn the system back, boot to the memory stick,
and voila! I can now navigate the file system and copy anything I want
to save. (This includes the SAM accounts from a Windows box for later
cracking.) I've even enabled full NTFS write support, as I currently
use it for virus repair and troubleshooting.
Plus, all my activity is completely undetectable, minus the computer
being off or not logged in. These things happen frequently in larger
environments... power surge for example. Also, many server systems are
left in a logged-out state for security reasons, so it's possible it
would never be detected, besides some server downtime.
A problem also arises by these memory sticks with the "Autorun"
feature enabled in Windows. Plug in a stick with a specially crafted
autorun and you can copy files without even touching the keyboard or
mouse. (I've seen a successfully written autorun copy the My Documents
folder of the currently logged in user, the SAM accounts from the
machine, and the IE favorites from the currently logged in user.) All
just by plugging in the USB Stick. There are more possibilities as
well, as imagination is the limit. Not going to say more as it's not
good to give up all my secrets just yet. ;)
On Mon, 30 Aug 2004 15:32:38 +0200, Thorsten Peter
> why shouldnt you be able to boot to a memory stick?
> almost every vendor lists "bootable" as a feature of their
> sticks.....you simply need a board that is able to boot from USB
> device....that's it.
> but i don't get what this question got to do with security mailing lists ;-)
> Samuel wrote:
> >Has anyone already, or does anyone think it would be possible to boot to a memory-stick instead of a floppy? Ofcourse you would have to have an 8-in-1 card reader first, but once you have one of those, each card comes up as another drive, so seemingly you could boot to one of those drives.
> >No banners. No pop-ups. No kidding.
> >Make My Way your home on the Web - http://www.myway.com
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
-- Peace. ~G _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html