Re: Auto-Run CD - Disabling ScreenSavers

From: jaymz ringler (adminjaymz_at_sperrytv.com)
Date: 05/13/03

  • Next message: cdowns: "Owl Intranet Engine - bypass admin"
    To: pen-test@securityfocus.com
    Date: 13 May 2003 14:16:16 -0500
    
    

    oddly enough, I was just doing a little light reading over lunch just
    now. and flipped through and on page 145 in Hacking Exposed 4th
    edition.

    this page covers this very topic. the Screen Saver - CD Autorun
    vulnerability.

    You can load any program onto a cd such as Back Orafice or NetBus. And
    create a auto run file and point it to the NetBus server.exe
    and it will run any program specified in the autorun file.

    In the book they mention a utility to run with the autorun file
    95sscrk from http://users.aol.com/jpeschel/crack.htm there's also
    mention of another SSBypass from http://www.amecisco.com/ssbypass.htm
    for $40.

    I haven't tried doing this under 2k but I'm assuming it doesn't affect
    2k. as they say in the book that the cure for this problem in NT and
    98 is an upgrade to 2k. ....

    ---------------------------------------------------------------------------
    *** Wireless LAN Policies for Security & Management - NEW White Paper ***
    Just like wired networks, wireless LANs require network security policies
    that are enforced to protect WLANs from known vulnerabilities and threats.
    Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

    To get your FREE white paper visit us at:
    http://www.securityfocus.com/AirDefense-pen-test
    ----------------------------------------------------------------------------


  • Next message: cdowns: "Owl Intranet Engine - bypass admin"

    Relevant Pages

    • RE: A question for the list...
      ... >> evolution of the network ... implement and enforce WLAN security policies ... >> enterprise WLANs. ... implement and enforce WLAN security policies to ...
      (Incidents)
    • Re: [ANNOUNCE] protocol watcher
      ... attack, which is known to be a SYN attack! ... wireless LANs require network security policies ... > that are enforced to protect WLANs from known vulnerabilities and threats. ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ...
      (Incidents)
    • RE: HTTPS Web site testing
      ... Subject: HTTPS Web site testing ... wireless LANs require network security policies ... that are enforced to protect WLANs from known vulnerabilities and threats. ... implement and enforce WLAN security policies to lockdown ...
      (Pen-Test)
    • Re: A question for the list...
      ... Just like wired networks, wireless LANs require network security policies ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ...
      (Incidents)
    • RE: Scans from proxyprotector.com
      ... lockdown enterprise WLANs. ... Just like wired networks, wireless LANs require network security policies ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ...
      (Incidents)