lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <40D437F0.5010209@egotistical.reprehensible.net>
Date: Sat, 19 Jun 2004 14:56:16 +0200
From: Gadi Evron <ge@...tistical.reprehensible.net>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: USB risks - working autorun example (fwd from pen-test)

Okay, just to put this point at ease, autorun.inf usage on USB drives is 
possible. My concerns are of a different type, a BOF or a backdoor in an 
SDK. Even simple usage of USB for different operational criminal needs...
Still, if the simplest solution (autorun) works (and it does...)... why 
over-complicate like we in the security field tend to do?

Attached is a proof-of-concept as made available by mak_pen@...mail.com 
for using autorun with USB.

This should work. As it was already released, I see nothing wrong with 
relaying it again (with due credit) here.

I'd strongly suggest to people to read the (different) threads on the 
subject on the pen-test list, a lot of questions were answered there.

	Gadi Evron.

-- 
Email: ge@...uxbox.org.  Work: gadie@....gov.il. Backup: ge@...p.mx.dk.
Phone: +972-50-428610 (Cell).

PGP key for attachments: http://vapid.reprehensible.net/~ge/Gadi_Evron.asc
ID: 0xD9216A06 FP: 5BB0 D3E2 D3C1 19B7 2104  C0D0 A7B3 1CF7 D921 6A06
GPG key for encrypted email: 
http://vapid.reprehensible.net/~ge/Gadi_Evron_Emails.asc
ID: 0x06C7D450 FP: 3B88 845A DF1F 4062 E5BA  569A A87E 8DB7 06C7 D450

Download attachment "Re: USB delivered attacks (working example)" of type "message/rfc822" (6844 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ