Re: Penetration Testing Framework 0.24 released



I think that this was in The art of Intrusion.

-----Original Message-----
>From: "crazy frog crazy frog" <i.m.crazy.frog@xxxxxxxxx>
>Sent: 02.26.2007 17.00.38
>To: "Liam Downward" <ldownward@xxxxxxxxxxxxxxxxxxxxxx>
>Cc: "toggmeister@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
<toggmeister@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, "pen-test@xxxxxxxxxxxxxxxxx"
<pen-test@xxxxxxxxxxxxxxxxx>
>Subject: Re: Penetration Testing Framework 0.24 released
>
>yeah,i read about this attack somewhere.
>
>On 2/25/07, Liam Downward <ldownward@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>> A possible addition for Social Engineering is to gain entrance to a
>> network via "Human curiosity" with the use of USB thumb drives that
can
>> be of any size (64mb, 512mb etc), that can be strategically dropped in
>> employee area's like, kitchens, parking lots, and or doctor lounges
>> etc...
>>
>> The USB thumb drive contains a simple application that is hidden and
it
>> can capture simple information of the network or you can have the
>> application install a keylogger to capture usernames/passwords etc...
to
>> show the company in question how simple it is to gather information
>> about the network for an attack or to turn machines into bots
>>
>> The application is initiated when an employee has found a USB thumb
>> drive and their curiosity gets the better of them. Then they plug the
>> USB thumb drive into their workstation or laptop to see what is on the
>> USB thumb drive. This is when the hidden application on the USB thumb
>> drive is executed via two methods:
>>
>> 1. If the machine in which the USB thumb drive is plugged into has
>> AutoRun enabled the app will execute.
>> 2. If AutoRun is not enabled then there is shortcuts on the USB thumb
>> drive to entice the employee to click, which will execute the hidden
>> application. Below are some examples of embedded shortcuts:
>>
>> Resume.doc
>> Company Payscale.xls
>> Johnny Cash (I Walk the Line).mp3
>>
>> The application will encrypt the information captured and email to the
>> testers for review, then the application along with the embedded
>> shortcuts will delete themselves from the USB thumb drive.
>>
>>
>> Liam Downward
>>
>> -----Original Message-----
>> From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx]
>> On Behalf Of crazy frog crazy frog
>> Sent: Saturday, February 24, 2007 9:58 AM
>> To: toggmeister@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> Cc: pen-test@xxxxxxxxxxxxxxxxx
>> Subject: Re: Penetration Testing Framework 0.24 released
>>
>> good work :)
>>
>> On 23 Feb 2007 11:43:22 -0000,
>> toggmeister@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> <toggmeister@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>> > Hi all,
>> > The latest version of the Penetration Test Framework has been
>> released and can be found at:
>> >
>> > http://www.vulnerabilityassessment.co.uk/Penetr??ation%20Test.html
>> >
>> > (Pdf version also available)
>> >
>> > Any additions/ suggestions would be gratefully received.
>> >
>> > The next release 0.25 should include a Wireless Pen Test add-on,
with
>> the assistance from the guys at http://www.wirelessdefence.org and
>> hopefully a much extended cisco section that Lee is busy putting
>> together.
>> >
>> > Rgds
>> >
>> > Toggmeister a.k.a Kev Orrey
>> > http://www.vulnerabilityassessment.co.uk
>> >
>>
----------------------------------------------------------------------
>> > --
>> > This List Sponsored by: Cenzic
>> >
>> > Need to secure your web apps?
>> > Cenzic Hailstorm finds vulnerabilities fast.
>> > Click the link to buy it, try it or download Hailstorm for FREE.
>> >
>> >
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
>> > 1600000008bOW
>>
----------------------------------------------------------------------
>> > --
>> >
>> >
>>
>>
>> --
>> ---------------------------------------
>> http://www.secgeeks.com
>> get a blog on secgeeks :)
>> register here:-
>> http://secgeeks.com/user/register
>> rss feeds :-
>> http://secgeeks.com/node/feed
>> Submit you security articles,send them to secgeek@xxxxxxxxxxxx
>>
>> http://www.newskicks.com
>> Submit and kick for new stories from all around the world.
>> ---------------------------------------
>>
>> ----------------------------------------------------------------------
--
>> This List Sponsored by: Cenzic
>>
>> Need to secure your web apps?
>> Cenzic Hailstorm finds vulnerabilities fast.
>> Click the link to buy it, try it or download Hailstorm for FREE.
>>
>>
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
>> 00000008bOW
>> ----------------------------------------------------------------------
--
>>
>>
>
>
>--
>---------------------------------------
>http://www.secgeeks.com
>get a blog on secgeeks :)
>register here:-
>http://secgeeks.com/user/register
>rss feeds :-
>http://secgeeks.com/node/feed
>Submit you security articles,send them to secgeek@xxxxxxxxxxxx
>
>http://www.newskicks.com
>Submit and kick for new stories from all around the world.
>---------------------------------------
>
>------------------------------------------------------------------------
>This List Sponsored by: Cenzic
>
>Need to secure your web apps?
>Cenzic Hailstorm finds vulnerabilities fast.
>Click the link to buy it, try it or download Hailstorm for FREE.
>
>http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
>------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------