lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: keydet89 at yahoo.com (Harlan Carvey)
Subject: USB risks - working autorun example (fwd from pen-test)

 
> Attached is a proof-of-concept as made available by
> mak_pen@...mail.com 
> for using autorun with USB.

I haven't been able to get it to work on Win2K or XP,
and the OP doesn't seem to have specified the
manufacturer and model of the device used.

> This should work. As it was already released, I see
> nothing wrong with 
> relaying it again (with due credit) here.

"Should" work?  

The OP also mentions using a Reg file to modify the
NoDriveTypeAutorun Registry key, which by default, is
already configured (0x095, or 149) to NOT allow this
type of thing to work.

> I'd strongly suggest to people to read the
> (different) threads on the 
> subject on the pen-test list, a lot of questions
> were answered there.

Unfortunately, that's not really the case.  A lot of
things are said and claims are made...but not a lot of
questions are answered.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ