Bugtraq: Re: Exploit: Windows95/98/ (NT?) Autorun

[aleph1 () NATIONWIDE NET (Aleph One)]

This is a summary of this thread. I am killing it here.

Craig Ozancin <cozancin () axent com> informs us that that Windows NT will
not perform the AutoRun function while the screen saver is active.

Ansar Mohammed <amohammed () carib-link net> points out that the AutoRun
feature is disabled on floopies disks by default.

Matt Hallacy <poptix () INGS COM> points out that the are commercial products
that exploit this feature to unlock workstations. For example
http://www.ips-corp.com/ssunlock.htm

Axon <axon2017 () students johnco cc ks us> show us how to disable the
AutoRun feature:

1) Get to the "System" Control panel.  This is accessible by right
   clicking on the "My Computer" icon and selecting "Properties" or by
   selecting "System" from the control panel.

2) Choose the "Device Manager" tab in the System Properties window, and
   Expand the "CDROM" branch by clicking on the + next to it.  This will
   display all CD-ROM devices attached to your computer.

3) Select a CD-ROM drive, then click on the "Properties" button.  This
   brings up the "CD-ROM Properties" window.  Select the "Settings" Tab.

4) The Checkbox labeled "AutoInsert Notification" is what controls
   AutoRun. Make sure it is unchecked, then click OK, then Click OK again
   in the System Properties window.  When you restart, your CD-ROM Should
   not AutoRun anymore.

Matt Hallacy <poptix () INGS COM> points out that the Windows 95 screen saver
password is easily decrypted. You can find several programs that will
print out the password. For example:
ftp://null.angel.nu/projects/95sscrk.zip. He also points out the most of
the time the screen saver password is identical to the login password
to the machine and other services.


Aleph One / aleph1 () dfw net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01