From: Antonio Fontes 'Saphyr' (saphyr@nxtg.net)
Date: Tue Jun 01 2004 - 05:03:40 EDT
> > One possible scenario:
> > - Have a USB drive with a few tools on it.
> > - Have an auto-run configured to run pwdump and dump the SAM to the USB
> > drive
Hello everyone,
In order to put some 'practice' on this attack, I ve been trying this night
to effectively use autorun mechanisms and see what could be possible.
After reading the MSDN specs about autorun.inf file creation, I added
an autorun.inf into my USB device along with a little batch script whose
purpose was to copy the 'SAM' table and copy of the 'SET' command
result into a specific folder on the usb device.
Nothing happens... Even after being sure auto-run is enabled. Something
should be missing... are there specific operating systems that disable
auto-run by default ? (I am using windows 2000)
However, burning the batch + autorun file onto a cd-rom and inserting
it into the tray makes the auto-run sequence loading...
So 2-cents question: which os'es do really use USB devices auto-run
and on which USB devices does it work ? (not a usb hard-disk key it
seems)...
-- Antonio Fontes Couche 7 Stratégie de communication et sécurité Web http://www.nxtg.net/couche7 Refs: Creating an auto-run enabled application http://msdn.microsoft.com/library/default.asp?url=/library/en-us/shellcc/platform/shell/programmersguide/shell_basics/shell_basics_extending/autorun/autoplay_intro.asp
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:55 EDT