Re: USB delivered attacks

• Previous message: pen-test_at_nym.hush.com: "RE: WEP attacks based on IV Collisions"
• Maybe in reply to: Balaji Prasad: "Re: USB delivered attacks"
• Next in thread: Kurt Seifried: "Re: USB delivered attacks"
• Reply: Kurt Seifried: "Re: USB delivered attacks"
• Reply: Rob Shein: "RE: USB delivered attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: pid4x@dodo.com.au, pen-test@securityfocus.com
Date: Thu, 03 Jun 2004 18:51:31 +0000

I have been unable to get any autorun to come up at all from my USB drives.
I am able though, to change the icon of the drive though (thank God for
that!).
Does anyone know how to access the onboard drivers for these drives? I
wondering if possibly inserting the previously mentioned autorun driver for
CD autorunning and tweaking it a bit to allow for the USB.

Basically, the biggest security risk I see is being able to throw something
onto a locked desktop and be able to remove information while it is locked.
Many times people will leave their comptuer unnattended but locked. If this
is possible, obviously autorun should be disabled, but users should also be
notified to log off, just not lock their desktops.

Anyone able to get autorun working on their USB? If so, would you mind
sending the guts of the autorun.inf?

Thanks in advance

____________________________________________________________
"If ignorant both of your enemy and yourself, you are certain to be in
peril."
-Sun Tzu

[randori]
XXXXXXX

>From: "PID4x" <pid4x@dodo.com.au>
>To: <pen-test@securityfocus.com>
>Subject: Re: USB delivered attacks
>Date: Thu, 3 Jun 2004 04:36:07 +1000
>MIME-Version: 1.0
>Received: from outgoing3.securityfocus.com ([205.206.231.27]) by
>mc6-f24.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 3 Jun 2004
>07:34:40 -0700
>Received: from lists.securityfocus.com (lists.securityfocus.com
>[205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid
>A8CB92370DB; Wed, 2 Jun 2004 20:51:51 -0600 (MDT)
>Received: (qmail 22810 invoked from network); 2 Jun 2004 18:23:36 -0000
>X-Message-Info: JGTYoYF78jEHjJx36Oi8+YDSEg8qKPPD
>Mailing-List: contact pen-test-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <pen-test.list-id.securityfocus.com>
>List-Post: <mailto:pen-test@securityfocus.com>
>List-Help: <mailto:pen-test-help@securityfocus.com>
>List-Unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:pen-test-subscribe@securityfocus.com>
>Delivered-To: mailing list pen-test@securityfocus.com
>Delivered-To: moderator for pen-test@securityfocus.com
>Message-ID: <009e01c448d0$78b2aeb0$82a5dccb@Hamilton>
>References: <002401c44458$53b94c80$9701010a@JASEVO>
><200406011839.28884@M3T4>
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook Express 6.00.2800.1409
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
>Return-Path:
>pen-test-return-1078474734-randori82=hotmail.com@securityfocus.com
>X-OriginalArrivalTime: 03 Jun 2004 14:34:40.0505 (UTC)
>FILETIME=[E7610E90:01C44977]
>
>Under winXP i had the same results as others, and it has been explained
>why.
>
>On win98 i use to test my auto run apps on my d: drive (hard drive
>partition) before i burnt them to cd , so that leads me to assume that
>autorun.inf's may work on usb drives under win9x as well (currently dont
>have my laptop at this house, so i couldnt test it).
>
>I was playing with this idea with a combination of a cdrom and usb drive -
>inserting the usb drive, then puting in a cd with the commands to run and
>dump to my usb drive, but you would have to know some variables, like the
>drive letter of your usb drive, etc (or as i did made a simple small c app
>to accept the drive letter to dump to, then run the commands i wanted to
>run, both with hard coding the commands into the c app, and as well as
>telling it to run "x:\start.bat" where 'x' was the drive letter entered).
>
>It works, even if it kind of defeats the purpose (hitting win+r then runing
>the bat file/commands would probably be just as fast).
>
>Hope this gives some ideas to anyone out there.
>
>Reguards,
>Philip
>
>----- Original Message -----
>From: "H D Moore" <sflist@digitaloffense.net>
>To: <pen-test@securityfocus.com>
>Sent: Wednesday, June 02, 2004 9:39 AM
>Subject: Re: USB delivered attacks
>
>
> > Some friends and I looked into this a while back as a way to bypass the
> > security of kiosk machines. We discovered that Windows 2000 (and
>possibly
> > XP as well) will not execute AutoRun scripts on USB or other "removable
> > storage" media types. Even though there is a registry key that can be
> > changed that "enables" AutoRun, it does not work.
> >
> > "Autoplay is triggered by a Media Change Notification (MCN) message from
> > the CD-ROM driver. If the Windows 2000 interface does not receive this
> > message, Autoplay does not operate, regardless of the value of this"
> >
> > http://www.tburke.net/info/regentry/topics/91525.htm
> > http://www.tburke.net/info/regentry/topics/30300.htm
> >
> > -HD
> >
> > On Thursday 27 May 2004 21:06, Jerry Shenk wrote:
> > > I recently inserted some guy's USB drive into a machine and was a but
> > > surprised when it went into an auto-run sequence. I think turning off
> > > auto-run is a REALLY good idea. On a USB drive, it seems like it
>could
> >
> >
>
>

_________________________________________________________________
Get fast, reliable Internet access with MSN 9 Dial-up – now 3 months FREE!
http://join.msn.click-url.com/go/onm00200361ave/direct/01/

• Previous message: pen-test_at_nym.hush.com: "RE: WEP attacks based on IV Collisions"
• Maybe in reply to: Balaji Prasad: "Re: USB delivered attacks"
• Next in thread: Kurt Seifried: "Re: USB delivered attacks"
• Reply: Kurt Seifried: "Re: USB delivered attacks"
• Reply: Rob Shein: "RE: USB delivered attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]