|
Title: Hacking Tools That Run on a USB Drive Post by: don on May 01, 2006, 07:54:29 PM Cool article I ran across:
Quote There have been quite a collection of applications ported to run on USB flash disks. Most of these applications seem innocent enough, however some are deliberatly developed to get around IT software use policies in the workplace, such as P2P filesharing applications, instant messaging applications, FTP clients and podcast managers to name a few. Although these can be seen as a moderate security risk in the wrong hands they are more of a nuisance. However a new breed of applications are making their way to a USB drive near you that you should be more concerned with. Applications which are used by security professionals (and hackers alike) to test the security of their networks and scan for vulnerabilities now have the capability to run independently from a USB flash drive and no longer require that WinPCap or other third-party packet capture drivers to be installed on a system. Applications such as Nmap, Ethereal, Showtraf, TCPDump, Nemesis and John the Ripper are now appearing online via sites in a modified form that contain an internal packet driver that is loaded when the application is launched. What this means is that a hacker no longer needs to even have a laptop with them in order to compromise a network, simply bring a USB flash drive in a company and plug it into the USB drive of an available system. For full story: http://www.watchyourend.com/2006/04/29/hacking-applications-that-run-on-thumb-drive/ Don Title: Re: Hacking Tools That Run on a USB Drive Post by: pcsneaker on May 02, 2006, 11:39:58 AM I didn't have the time to try these apps (you can find them here (http://packetstuff.com/index.htm)), but there are a few things to consider about that story:
Even if you succed in running an app without installing a driver like winpcap you still need admin privileges to get low level access to the hardware - so I can't see the problem, if you have admin privileges you can do whatever you want anyway. I think it's not a good idea to download apps like these from an untrusted source, who knows what changes have been done ? Perhaps I'm a bit paranoid, but would'nt that a perfect way to distribute a trojan ? Title: Re: Hacking Tools That Run on a USB Drive Post by: kwestin on May 02, 2006, 12:57:26 PM I still wouldn't want my employees running these applications. These apps are actually a few of the friendlier ones compared to what you can run off a USB stick.
You can also run nikto from a USB stick. I used to work at a rather large public high tech company that was running their intranet on IIS. While I was doing some work I noticed that it had not been patched in a long time,I sent an email to the admin group and they actually told me not to worry about it as it was behind the firewall! I don't think I need to illustrate a possible scenarios here. Usually there is a lot of confidential data on intranets, much of it left unprotected and open to anyone in the company with the sense of security that if it is behind the firewall. Given that as the article states 70% of data theft occurs behind the firewall it seems that this can really be a weak point. Title: Re: Hacking Tools That Run on a USB Drive Post by: slaughterhed on September 04, 2007, 06:53:50 PM The ones you have here look pretty good,but have any of you
heard of the usb switchblade or hacksaw? :o :o :o Title: Re: Hacking Tools That Run on a USB Drive Post by: slimjim100 on September 04, 2007, 09:01:29 PM USB Hacksaw is more of a Trojan and if you just disable "CD auto-run" you are safe from programs like it. I think you should just put hot glue in all the users USB ports :P (just kidding). Unless you train your users you will always have issues with protable media.
Brian Title: Re: Hacking Tools That Run on a USB Drive Post by: hrp2171 on September 06, 2007, 05:57:48 PM Here at work, we're using a program called Sanctuary that blocks USB drives/keys from being used by employees. We also could not enforce the No-personal-pda policy, so we use Sanctuary to block any Palm devices from being used. But that's all through the installed OS and it kicks in after someone logs in. So, I would worry more about someone walking in with a bootable USB drive with either BartPE or Linux on it, though.
Title: Re: Hacking Tools That Run on a USB Drive Post by: jason on June 25, 2008, 11:12:37 PM My thoughts exactly. Linux booted from a flash drive will get you around most anything short of actually disabling booting from usb.
Title: Re: Hacking Tools That Run on a USB Drive Post by: Andrew Waite on June 26, 2008, 06:52:00 AM My thoughts exactly. Linux booted from a flash drive will get you around most anything short of actually disabling booting from usb. From an end user perspective I don't see an issue with disabling booting from USB. How many legitimate reasons are there for booting from USB? (as an aside are there any BIOSs that boot from USB as standard? all my systems I need to force the option...) Only time I've seen USB booting is either security people with USB toolkit, or someone showing off their 1337 sk1llz. For end user machines I force a boot from harddisk (rather than cd/usb/net/etc,) and lock BIOS. Cause it's not foolproof, but stops most users and still leaves me enough leverage to get in the machine after it's fubar'd ;)
Powered by SMF 1.1.16 |
SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com |