From: Chris Zevlas (czevnow@cox.net)
Date: Wed Apr 11 2007 - 04:14:25 EDT
How about you doing a remote image with Encase this way he will never know
what you did.
----- Original Message -----
From: "Shreyas Zare" <shreyas@technitium.com>
To: "Pen-Testing" <pen-test@securityfocus.com>
Sent: Tuesday, April 10, 2007 10:48 PM
Subject: Re: Boot floppy
> Hi,
>
> Try using social engineering. Tell him you are given a job to patch
> all machines in the company for some security update then patch his
> machine with a good rootkit. You may give him the update (infected) in
> any CD or USB media so that he would install it himself. Or use any
> idea which will not look suspicious to the target.
>
> Regards,
>
> On 4/10/07, Mifa <mifa@stangercorp.com> wrote:
>> We have a user who takes a company computer home with them (no its not a
>> lap top). We have a good reason to need to look at their files.
>> However, we want to do so without that employ knowing. They seem to know
>> something about security becasue auto runs is disabled and the
>> workstation is always locked with a third party software. INserting a U3
>> drive will not run a program either. Are there any programs that will
>> boot from a floppy then copy a program to the c drive then wite an auto
>> start entry into the registry? This was the only way I can think of to
>> get the user to install a program..
>>
>> Any other ideas how we maight gain access? It has to be fast (bathroom
>> breaks ect). I dont have time to load a live cd. Further, robooting
>> would cause the user to loose work.
>>
>>
>>
>> ------------------------------------------------------------------------
>> This List Sponsored by: Cenzic
>>
>> Need to secure your web apps?
>> Cenzic Hailstorm finds vulnerabilities fast.
>> Click the link to buy it, try it or download Hailstorm for FREE.
>>
>> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
>> ------------------------------------------------------------------------
>>
>>
>
>
>
> --
> (This e-mail was composed and sent completely using recycled electrons)
>
> Shreyas Zare
> Co-Founder, Technitium
> eMail: shreyas@technitium.com
>
> ..::< The Technitium Team >::..
> Visit us at www.technitium.com
> Contact us at theteam@technitium.com
>
> Technitium Personal Computers
> We belive in quality.
> Visit http://pc.technitium.com for details.
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:43 EDT