[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] USB risks - working autorun example (fwd from pen-test)

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] USB risks - working autorun example (fwd from pen-test)
From: Harlan Carvey <keydet89@xxxxxxxxx>
Date: Sat, 19 Jun 2004 09:19:47 -0700 (PDT)

 
> Attached is a proof-of-concept as made available by
> mak_pen@xxxxxxxxxxx 
> for using autorun with USB.

I haven't been able to get it to work on Win2K or XP,
and the OP doesn't seem to have specified the
manufacturer and model of the device used.

> This should work. As it was already released, I see
> nothing wrong with 
> relaying it again (with due credit) here.

"Should" work?  

The OP also mentions using a Reg file to modify the
NoDriveTypeAutorun Registry key, which by default, is
already configured (0x095, or 149) to NOT allow this
type of thing to work.

> I'd strongly suggest to people to read the
> (different) threads on the 
> subject on the pen-test list, a lot of questions
> were answered there.

Unfortunately, that's not really the case.  A lot of
things are said and claims are made...but not a lot of
questions are answered.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] USB risks - working autorun example (fwd from pen-test)
  - From: Gadi Evron

Prev by Date: [Full-Disclosure] Re: Antivirus/Trojan/Spyware scanners DoS [summary]
Next by Date: Re: [Full-Disclosure] Induce Act
Previous by thread: [Full-Disclosure] USB risks - working autorun example (fwd from pen-test)
Next by thread: [Full-Disclosure] server administration
Index(es):
- Date
- Thread