| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ge at egotistical.reprehensible.net (Gadi Evron) Subject: USB risks - working autorun example (fwd from pen-test) Okay, just to put this point at ease, autorun.inf usage on USB drives is possible. My concerns are of a different type, a BOF or a backdoor in an SDK. Even simple usage of USB for different operational criminal needs... Still, if the simplest solution (autorun) works (and it does...)... why over-complicate like we in the security field tend to do? Attached is a proof-of-concept as made available by mak_pen@...mail.com for using autorun with USB. This should work. As it was already released, I see nothing wrong with relaying it again (with due credit) here. I'd strongly suggest to people to read the (different) threads on the subject on the pen-test list, a lot of questions were answered there. Gadi Evron. -- Email: ge@...uxbox.org. Work: gadie@....gov.il. Backup: ge@...p.mx.dk. Phone: +972-50-428610 (Cell). PGP key for attachments: http://vapid.reprehensible.net/~ge/Gadi_Evron.asc ID: 0xD9216A06 FP: 5BB0 D3E2 D3C1 19B7 2104 C0D0 A7B3 1CF7 D921 6A06 GPG key for encrypted email: http://vapid.reprehensible.net/~ge/Gadi_Evron_Emails.asc ID: 0x06C7D450 FP: 3B88 845A DF1F 4062 E5BA 569A A87E 8DB7 06C7 D450 -------------- next part -------------- An embedded message was scrubbed... From: <mak_pen@...mail.com> Subject: Re: USB delivered attacks (working example) Date: 3 Jun 2004 15:03:11 -0000 Size: 6880 Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040619/beea2398/USBdeliveredattacksworkingexample.mht
Powered by blists - more mailing lists