Re: Penetration Testing Framework 0.24 released

From: crazy frog crazy frog (i.m.crazy.frog@gmail.com)
Date: Sun Feb 25 2007 - 08:47:18 EST


yeah,i read about this attack somewhere.

On 2/25/07, Liam Downward <ldownward@pervasivesolutions.net> wrote:
> A possible addition for Social Engineering is to gain entrance to a
> network via "Human curiosity" with the use of USB thumb drives that can
> be of any size (64mb, 512mb etc), that can be strategically dropped in
> employee area's like, kitchens, parking lots, and or doctor lounges
> etc...
>
> The USB thumb drive contains a simple application that is hidden and it
> can capture simple information of the network or you can have the
> application install a keylogger to capture usernames/passwords etc... to
> show the company in question how simple it is to gather information
> about the network for an attack or to turn machines into bots
>
> The application is initiated when an employee has found a USB thumb
> drive and their curiosity gets the better of them. Then they plug the
> USB thumb drive into their workstation or laptop to see what is on the
> USB thumb drive. This is when the hidden application on the USB thumb
> drive is executed via two methods:
>
> 1. If the machine in which the USB thumb drive is plugged into has
> AutoRun enabled the app will execute.
> 2. If AutoRun is not enabled then there is shortcuts on the USB thumb
> drive to entice the employee to click, which will execute the hidden
> application. Below are some examples of embedded shortcuts:
>
> Resume.doc
> Company Payscale.xls
> Johnny Cash (I Walk the Line).mp3
>
> The application will encrypt the information captured and email to the
> testers for review, then the application along with the embedded
> shortcuts will delete themselves from the USB thumb drive.
>
>
> Liam Downward
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of crazy frog crazy frog
> Sent: Saturday, February 24, 2007 9:58 AM
> To: toggmeister@vulnerabilityassessment.co.uk
> Cc: pen-test@securityfocus.com
> Subject: Re: Penetration Testing Framework 0.24 released
>
> good work :)
>
> On 23 Feb 2007 11:43:22 -0000,
> toggmeister@vulnerabilityassessment.co.uk
> <toggmeister@vulnerabilityassessment.co.uk> wrote:
> > Hi all,
> > The latest version of the Penetration Test Framework has been
> released and can be found at:
> >
> > http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
> >
> > (Pdf version also available)
> >
> > Any additions/ suggestions would be gratefully received.
> >
> > The next release 0.25 should include a Wireless Pen Test add-on, with
> the assistance from the guys at http://www.wirelessdefence.org and
> hopefully a much extended cisco section that Lee is busy putting
> together.
> >
> > Rgds
> >
> > Toggmeister a.k.a Kev Orrey
> > http://www.vulnerabilityassessment.co.uk
> >
> > ----------------------------------------------------------------------
> > --
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
> > 1600000008bOW
> > ----------------------------------------------------------------------
> > --
> >
> >
>
>
> --
> ---------------------------------------
> http://www.secgeeks.com
> get a blog on secgeeks :)
> register here:-
> http://secgeeks.com/user/register
> rss feeds :-
> http://secgeeks.com/node/feed
> Submit you security articles,send them to secgeek@secgeeks.com
>
> http://www.newskicks.com
> Submit and kick for new stories from all around the world.
> ---------------------------------------
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
> 00000008bOW
> ------------------------------------------------------------------------
>
>

-- 
---------------------------------------
http://www.secgeeks.com
get a blog on secgeeks :)
register here:-
http://secgeeks.com/user/register
rss feeds :-
http://secgeeks.com/node/feed
Submit you security articles,send them to secgeek@secgeeks.com
http://www.newskicks.com
Submit and kick for new stories from all around the world.
---------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:36 EDT