Re: Penetration Testing Framework 0.24 released



I think that this was in The art of Intrusion.

-----Original Message-----
>From: "crazy frog crazy frog" <i.m.crazy.frog@xxxxxxxxx>
>Sent: 02.26.2007 17.00.38
>To: "Liam Downward" <ldownward@xxxxxxxxxxxxxxxxxxxxxx>
>Cc: "toggmeister@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
<toggmeister@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, "pen-test@xxxxxxxxxxxxxxxxx"
<pen-test@xxxxxxxxxxxxxxxxx>
>Subject: Re: Penetration Testing Framework 0.24 released
>
>yeah,i read about this attack somewhere.
>
>On 2/25/07, Liam Downward <ldownward@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>> A possible addition for Social Engineering is to gain entrance to a
>> network via "Human curiosity" with the use of USB thumb drives that
can
>> be of any size (64mb, 512mb etc), that can be strategically dropped in
>> employee area's like, kitchens, parking lots, and or doctor lounges
>> etc...
>>
>> The USB thumb drive contains a simple application that is hidden and
it
>> can capture simple information of the network or you can have the
>> application install a keylogger to capture usernames/passwords etc...
to
>> show the company in question how simple it is to gather information
>> about the network for an attack or to turn machines into bots
>>
>> The application is initiated when an employee has found a USB thumb
>> drive and their curiosity gets the better of them. Then they plug the
>> USB thumb drive into their workstation or laptop to see what is on the
>> USB thumb drive. This is when the hidden application on the USB thumb
>> drive is executed via two methods:
>>
>> 1. If the machine in which the USB thumb drive is plugged into has
>> AutoRun enabled the app will execute.
>> 2. If AutoRun is not enabled then there is shortcuts on the USB thumb
>> drive to entice the employee to click, which will execute the hidden
>> application. Below are some examples of embedded shortcuts:
>>
>> Resume.doc
>> Company Payscale.xls
>> Johnny Cash (I Walk the Line).mp3
>>
>> The application will encrypt the information captured and email to the
>> testers for review, then the application along with the embedded
>> shortcuts will delete themselves from the USB thumb drive.
>>
>>
>> Liam Downward
>>
>> -----Original Message-----
>> From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx]
>> On Behalf Of crazy frog crazy frog
>> Sent: Saturday, February 24, 2007 9:58 AM
>> To: toggmeister@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> Cc: pen-test@xxxxxxxxxxxxxxxxx
>> Subject: Re: Penetration Testing Framework 0.24 released
>>
>> good work :)
>>
>> On 23 Feb 2007 11:43:22 -0000,
>> toggmeister@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> <toggmeister@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>> > Hi all,
>> > The latest version of the Penetration Test Framework has been
>> released and can be found at:
>> >
>> > http://www.vulnerabilityassessment.co.uk/Penetr??ation%20Test.html
>> >
>> > (Pdf version also available)
>> >
>> > Any additions/ suggestions would be gratefully received.
>> >
>> > The next release 0.25 should include a Wireless Pen Test add-on,
with
>> the assistance from the guys at http://www.wirelessdefence.org and
>> hopefully a much extended cisco section that Lee is busy putting
>> together.
>> >
>> > Rgds
>> >
>> > Toggmeister a.k.a Kev Orrey
>> > http://www.vulnerabilityassessment.co.uk
>> >
>>
----------------------------------------------------------------------
>> > --
>> > This List Sponsored by: Cenzic
>> >
>> > Need to secure your web apps?
>> > Cenzic Hailstorm finds vulnerabilities fast.
>> > Click the link to buy it, try it or download Hailstorm for FREE.
>> >
>> >
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
>> > 1600000008bOW
>>
----------------------------------------------------------------------
>> > --
>> >
>> >
>>
>>
>> --
>> ---------------------------------------
>> http://www.secgeeks.com
>> get a blog on secgeeks :)
>> register here:-
>> http://secgeeks.com/user/register
>> rss feeds :-
>> http://secgeeks.com/node/feed
>> Submit you security articles,send them to secgeek@xxxxxxxxxxxx
>>
>> http://www.newskicks.com
>> Submit and kick for new stories from all around the world.
>> ---------------------------------------
>>
>> ----------------------------------------------------------------------
--
>> This List Sponsored by: Cenzic
>>
>> Need to secure your web apps?
>> Cenzic Hailstorm finds vulnerabilities fast.
>> Click the link to buy it, try it or download Hailstorm for FREE.
>>
>>
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
>> 00000008bOW
>> ----------------------------------------------------------------------
--
>>
>>
>
>
>--
>---------------------------------------
>http://www.secgeeks.com
>get a blog on secgeeks :)
>register here:-
>http://secgeeks.com/user/register
>rss feeds :-
>http://secgeeks.com/node/feed
>Submit you security articles,send them to secgeek@xxxxxxxxxxxx
>
>http://www.newskicks.com
>Submit and kick for new stories from all around the world.
>---------------------------------------
>
>------------------------------------------------------------------------
>This List Sponsored by: Cenzic
>
>Need to secure your web apps?
>Cenzic Hailstorm finds vulnerabilities fast.
>Click the link to buy it, try it or download Hailstorm for FREE.
>
>http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
>------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



Relevant Pages

  • RE: Informing Companies about security vulnerabilities...
    ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)
  • Re: Penetration Testing Framework 0.24 released
    ... network via "Human curiosity" with the use of USB thumb drives that can ... The USB thumb drive contains a simple application that is hidden and it ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: reverse proxy identification
    ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)
  • RE: Penetration Testing Framework 0.24 released
    ... network via "Human curiosity" with the use of USB thumb drives that can ... The USB thumb drive contains a simple application that is hidden and it ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • RE: Informing Companies about security vulnerabilities...
    ... Taking the law into ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)