Re: USB delivered attacks

From: PID4x (pid4x@dodo.com.au)
Date: Wed Jun 02 2004 - 14:36:07 EDT

• Next message: leonardo: "Re: WEP attacks based on IV Collisions"
• Previous message: Jerry Shenk: "RE: USB delivered attacks - lessons learned/summary (so far)"
• In reply to: H D Moore: "Re: USB delivered attacks"
• Next in thread: Fred Gravel: "Re: USB delivered attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Under winXP i had the same results as others, and it has been explained why.

On win98 i use to test my auto run apps on my d: drive (hard drive
partition) before i burnt them to cd , so that leads me to assume that
autorun.inf's may work on usb drives under win9x as well (currently dont
have my laptop at this house, so i couldnt test it).

I was playing with this idea with a combination of a cdrom and usb drive -
inserting the usb drive, then puting in a cd with the commands to run and
dump to my usb drive, but you would have to know some variables, like the
drive letter of your usb drive, etc (or as i did made a simple small c app
to accept the drive letter to dump to, then run the commands i wanted to
run, both with hard coding the commands into the c app, and as well as
telling it to run "x:\start.bat" where 'x' was the drive letter entered).

It works, even if it kind of defeats the purpose (hitting win+r then runing
the bat file/commands would probably be just as fast).

Hope this gives some ideas to anyone out there.

Reguards,
Philip

----- Original Message -----
From: "H D Moore" <sflist@digitaloffense.net>
To: <pen-test@securityfocus.com>
Sent: Wednesday, June 02, 2004 9:39 AM
Subject: Re: USB delivered attacks

> Some friends and I looked into this a while back as a way to bypass the
> security of kiosk machines. We discovered that Windows 2000 (and possibly
> XP as well) will not execute AutoRun scripts on USB or other "removable
> storage" media types. Even though there is a registry key that can be
> changed that "enables" AutoRun, it does not work.
>
> "Autoplay is triggered by a Media Change Notification (MCN) message from
> the CD-ROM driver. If the Windows 2000 interface does not receive this
> message, Autoplay does not operate, regardless of the value of this"
>
> http://www.tburke.net/info/regentry/topics/91525.htm
> http://www.tburke.net/info/regentry/topics/30300.htm
>
> -HD
>
> On Thursday 27 May 2004 21:06, Jerry Shenk wrote:
> > I recently inserted some guy's USB drive into a machine and was a but
> > surprised when it went into an auto-run sequence. I think turning off
> > auto-run is a REALLY good idea. On a USB drive, it seems like it could
>
>

• Next message: leonardo: "Re: WEP attacks based on IV Collisions"
• Previous message: Jerry Shenk: "RE: USB delivered attacks - lessons learned/summary (so far)"
• In reply to: H D Moore: "Re: USB delivered attacks"
• Next in thread: Fred Gravel: "Re: USB delivered attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:55 EDT