Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Penetration Testing Framework 0.24 released
From: s-williams () nyc rr com
Date: Fri, 2 Mar 2007 13:28:16 +0000

Have any here tried this before and if so do you know of any documentation. The reason I am asking is I work for a 
college, and students are always bring usb drives for us to upload to there profiles since we have a citrix farm setup.

60% of the time we are ask to open a file so that the can verify itis the right one, so at this point we are wide open 
to thistype of attack.

So if I can figure outhow to do this, I can demo it for my boss and try to come up with solutions how to combat, 
something along the lines of what you said.
"A wise man ask questions, a fool is afraid of knowledge"  

-----Original Message-----
From: FocusHacks <focushacks () gmail com>
Date: Wed, 28 Feb 2007 13:33:44 
To:s-williams () nyc rr com
Cc:crazy frog crazy frog <i.m.crazy.frog () gmail com>,listbounce () securityfocus com,Liam Downward <ldownward () 
pervasivesolutions net>,toggmeister () vulnerabilityassessment co uk, pen-test () securityfocus com
Subject: Re: Penetration Testing Framework 0.24 released

Well, it doesn't rely on auto-run, it relies on "interesting"
shortcuts that do something other than what your average end-user
would expect.  My guess is that you "disable" it via proper training
of employees to not mess with foreign media that they do not know the
contents of, and to certainly never open files if the origin is
unknown and/or untrusted.

There are software (and hardware) solutions that can disable the USB
port, but this is just as easily performed by leaving a floppy disc or
a burned CD laying around.  It just so happens that, to most people, a
portable USB drive is the most tempting and/or intriguing form of
media, and the most likely to be picked up and messed with.  Many
people would simply discard a floppy disk or an un-labeled CD-ROM
that's laying on the floor somewhere.

It's technically a low-tech social engineering attack vector since it
relies on tricking someone into doing something against company
policy.

On 2/26/07, s-williams () nyc rr com <s-williams () nyc rr com> wrote:
How might one test this, do someon have an example? This would be nice to demo. And think of ways to block it, like 
diabling auto run and so forth
"A wise man ask questions, a fool is afraid of knowledge"

-----Original Message-----
From: crazy frog crazy frog <i.m.crazy.frog () gmail com>
Date: Sun, 25 Feb 2007 19:17:18
To:Liam Downward <ldownward () pervasivesolutions net>
Cc:toggmeister () vulnerabilityassessment co uk, pen-test () securityfocus com
Subject: Re: Penetration Testing Framework 0.24 released

yeah,i read about this attack somewhere.

On 2/25/07, Liam Downward <ldownward () pervasivesolutions net> wrote:
A possible addition for Social Engineering is to gain entrance to a
network via "Human curiosity" with the use of USB thumb drives that can
be of any size (64mb, 512mb etc), that can be strategically dropped in
employee area's like, kitchens, parking lots, and or doctor lounges
etc...

The USB thumb drive contains a simple application that is hidden and it
can capture simple information of the network or you can have the
application install a keylogger to capture usernames/passwords etc... to
show the company in question how simple it is to gather information
about the network for an attack or to turn machines into bots

The application is initiated when an employee has found a USB thumb
drive and their curiosity gets the better of them. Then they plug the
USB thumb drive into their workstation or laptop to see what is on the
USB thumb drive. This is when the hidden application on the USB thumb
drive is executed via two methods:

1. If the machine in which the USB thumb drive is plugged into has
AutoRun enabled the app will execute.
2. If AutoRun is not enabled then there is shortcuts on the USB thumb
drive to entice the employee to click, which will  execute the hidden
application. Below are some examples of embedded shortcuts:

              Resume.doc
              Company Payscale.xls
              Johnny Cash (I Walk the Line).mp3

The application will encrypt the information captured and email to the
testers for review, then the application along with the embedded
shortcuts will delete themselves from the USB thumb drive.


Liam Downward

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of crazy frog crazy frog
Sent: Saturday, February 24, 2007 9:58 AM
To: toggmeister () vulnerabilityassessment co uk
Cc: pen-test () securityfocus com
Subject: Re: Penetration Testing Framework 0.24 released

good work :)

On 23 Feb 2007 11:43:22 -0000,
toggmeister () vulnerabilityassessment co uk
<toggmeister () vulnerabilityassessment co uk> wrote:
Hi all,
  The latest version of the Penetration Test Framework has been
released and can be found at:

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

(Pdf version also available)

Any additions/ suggestions would be gratefully received.

The next release 0.25 should include a Wireless Pen Test add-on, with
the assistance from the guys at http://www.wirelessdefence.org and
hopefully a much extended cisco section that Lee is busy putting
together.

Rgds

Toggmeister a.k.a Kev Orrey
http://www.vulnerabilityassessment.co.uk

----------------------------------------------------------------------
--
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
1600000008bOW
----------------------------------------------------------------------
--




--
---------------------------------------
http://www.secgeeks.com
get a blog on secgeeks :)
register here:-
http://secgeeks.com/user/register
rss feeds :-
http://secgeeks.com/node/feed
Submit you security articles,send them to secgeek () secgeeks com

http://www.newskicks.com
Submit and kick for new stories from all around the world.
---------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------




--
---------------------------------------
http://www.secgeeks.com
get a blog on secgeeks :)
register here:-
http://secgeeks.com/user/register
rss feeds :-
http://secgeeks.com/node/feed
Submit you security articles,send them to secgeek () secgeeks com

http://www.newskicks.com
Submit and kick for new stories from all around the world.
---------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



-- 
http://www.FocusHacks.com - The Ford Focus Modification Site!
http://www.focushacks.com/focushacks-gpg.txt - My GPG encryption key

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault