From: Petr.Kazil@eap.nl
Date: Wed May 02 2007 - 14:59:44 EDT
On the Internet there is much talk about hacking through "evil USB sticks"
:
http://www.theregister.co.uk/2007/04/25/usb_malware/
I was inspired by a talk by John Craddock where he told the following
anecdote:
- He would bake a stack of CD's and bring them to a conference. The stack
would gradually "evaporate" as people took a CD - even though the stack
was not marked as "free for taking". When people inserted the CD a tune
would be played. Gradually he would start hearing tunes in the
neighbourhood as people inserted the CD ...
It would be fun to make a few of these CD's and use them during a pentest.
Of course the payload should be more malicious then.
Question: Has anyone tried this before? Did it work?
Greetings, Petr Kazil
I will try to build a CD that will contain a photo viewer and a set of
innocent pictures. But it will try to install a keylogger and send the
collected data to a temporary server that I will install on the network.
My hope is that if I download C++ keylogger source code, modify it a bit
and compile it myself, that I will be able to evade virus checkers. I also
might compile and install a network listener backdoor. At the moment I'm
not even dreaming about rootkits and encrypted channels to the outside
world - that's much too difficult for me.
I don't think it will be able to collect password hashes or Active
Directory passwords because the script and programs will be running as a
normal domain user. But anyway it will be an interesting proof of concept.
I wasn't able to find any exploit details on Google. I just get a lot of
articles about the risks of autorun and ways to disable it ...
This idea has one big risk - suppose someone takes the CD home. Then I
would be committing a criminal act if I exploited his home computer. The
articles about USB-stick pentesting don't mention this risk.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:45 EDT