Re: [Full-Disclosure] Bootable Memorystick?

From: Qber_GuidoZ?= (uberguidoz_at_gmail.com)
Date: 08/30/04

  • Next message: Qber_GuidoZ?=: "Re: [Full-Disclosure] Viral infection via Serial Cable"
    To: boba@unixag-zw.fh-kl.de
    Date: Mon, 30 Aug 2004 15:14:06 -0400
    
    

    Agree with your answer - in fact, I've successfully booted the Live
    Knoppix version from a 1GB USB stick. Took some configuring, but runs
    beautifully once done.

    If you can get it to work, or worried it might, it has EVERYTHING to
    do with a security mailing list! Lets say I have physical access to a
    secured machine. I can't crack the password, nor can I hack into a
    user account, etc. No worries, I just pop in my memory and stick and
    pull the power plug. Turn the system back, boot to the memory stick,
    and voila! I can now navigate the file system and copy anything I want
    to save. (This includes the SAM accounts from a Windows box for later
    cracking.) I've even enabled full NTFS write support, as I currently
    use it for virus repair and troubleshooting.

    Plus, all my activity is completely undetectable, minus the computer
    being off or not logged in. These things happen frequently in larger
    environments... power surge for example. Also, many server systems are
    left in a logged-out state for security reasons, so it's possible it
    would never be detected, besides some server downtime.

    A problem also arises by these memory sticks with the "Autorun"
    feature enabled in Windows. Plug in a stick with a specially crafted
    autorun and you can copy files without even touching the keyboard or
    mouse. (I've seen a successfully written autorun copy the My Documents
    folder of the currently logged in user, the SAM accounts from the
    machine, and the IE favorites from the currently logged in user.) All
    just by plugging in the USB Stick. There are more possibilities as
    well, as imagination is the limit. Not going to say more as it's not
    good to give up all my secrets just yet. ;)

    ~G

    On Mon, 30 Aug 2004 15:32:38 +0200, Thorsten Peter
    <boba@unixag-zw.fh-kl.de> wrote:
    > why shouldnt you be able to boot to a memory stick?
    > almost every vendor lists "bootable" as a feature of their
    > sticks.....you simply need a board that is able to boot from USB
    > device....that's it.
    >
    > regards
    >
    > Thorsten
    >
    > but i don't get what this question got to do with security mailing lists ;-)
    >
    > Samuel wrote:
    >
    > >Has anyone already, or does anyone think it would be possible to boot to a memory-stick instead of a floppy? Ofcourse you would have to have an 8-in-1 card reader first, but once you have one of those, each card comes up as another drive, so seemingly you could boot to one of those drives.
    > >
    > >_______________________________________________
    > >No banners. No pop-ups. No kidding.
    > >Make My Way your home on the Web - http://www.myway.com
    > >
    > >_______________________________________________
    > >Full-Disclosure - We believe in it.
    > >Charter: http://lists.netsys.com/full-disclosure-charter.html
    > >
    > >
    > >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    -- 
    Peace. ~G
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: Qber_GuidoZ?=: "Re: [Full-Disclosure] Viral infection via Serial Cable"

    Relevant Pages

    • Re: EVGA GTX 295 not working
      ... Initializing cgroup subsys cpuset ... PM: Registered nosave memory: 000000000009f000 - 00000000000a0000 ... USB 2.0 'Enhanced' Host Controller Driver ...
      (Fedora)
    • [origin tree SLAB corruption #2] BUG kmalloc-64: Poison overwritten, INFO: Allocated in bdi_allo
      ... Freeing unused kernel memory: 2820k freed ... usb usb2: uevent ... # CAN Device Drivers ...
      (Linux-Kernel)
    • Re: Controlling specific USB devices on Windows XP
      ... I saw it first hand with a USB device bought from Best Buy that had a hard coded partition which mimicked a CD-ROM. ... When inserted, that partition would be recognized as a CD-ROM device, and would autorun the content. ... While the device will not execute autorun.inf upon insertion, there is another means by which autorun can be used to accomplish this task fairly simply. ... I get the Autoplay window that asks me what I want to do: Copy pictures, View a slideshow, Open a folder, or take no action. ...
      (Focus-Microsoft)
    • Re: CONFIG_NUMA breaks hibernation on x86-32 with PAE
      ... do you get any serial log or USB key output, ... No good ideas - the bug description gives me the impression of memory ... # CPUFreq processor drivers ... # Device Drivers ...
      (Linux-Kernel)
    • Dear Sir/Madame
      ... Today with our selling network Trade electronics serve more then 135,000 high-end technology resellers in five different continents; and is scheduled to sell in 57 more countries in year 2005. ... Epson STYLUS C64 5760X1440 DPI USB DURABRIGHT INKS INKJET COLOR $41.20 ... Memory 333/128 Micron $16.00 Standard Memory ... AGP 3D 2D VIDEO CARD ...
      (Linux-Kernel)