.

Hacking Tools That Run on a USB Drive

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon May 01, 2006 7:54 pm

Hacking Tools That Run on a USB Drive

Cool article I ran across:

There have been quite a collection of applications ported to run on USB flash disks. Most of these applications seem innocent enough, however some are deliberatly developed to get around IT software use policies in the workplace, such as P2P filesharing applications, instant messaging applications, FTP clients and podcast managers to name a few. Although these can be seen as a moderate security risk in the wrong hands they are more of a nuisance. However a new breed of applications are making their way to a USB drive near you that you should be more concerned with.

Applications which are used by security professionals (and hackers alike) to test the security of their networks and scan for vulnerabilities now have the capability to run independently from a USB flash drive and no longer require that WinPCap or other third-party packet capture drivers to be installed on a system. Applications such as Nmap, Ethereal, Showtraf, TCPDump, Nemesis and John the Ripper are now appearing online via sites in a modified form that contain an internal packet driver that is loaded when the application is launched.

What this means is that a hacker no longer needs to even have a laptop with them in order to compromise a network, simply bring a USB flash drive in a company and plug it into the USB drive of an available system.


For full story:
http://www.watchyourend.com/2006/04/29/ ... umb-drive/

Don
CISSP, MCSE, CSTA, Security+ SME
<<

pcsneaker

Jr. Member
Jr. Member

Posts: 73

Joined: Mon Nov 07, 2005 12:23 pm

Post Tue May 02, 2006 11:39 am

Re: Hacking Tools That Run on a USB Drive

I didn't have the time to try these apps (you can find them here), but there are a few things to consider about that story:

Even if you succed in running an app without installing a driver like winpcap you still need admin privileges to get low level access to the hardware - so I can't see the problem, if you have admin privileges you can do whatever you want anyway.

I think it's not a good idea to download apps like these from an untrusted source, who knows what changes have been done ? Perhaps I'm a bit paranoid, but would'nt that a perfect way to distribute a trojan ?
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
<<

kwestin

Newbie
Newbie

Posts: 1

Joined: Tue May 02, 2006 12:41 pm

Post Tue May 02, 2006 12:57 pm

Re: Hacking Tools That Run on a USB Drive

I still wouldn't want my employees running these applications. These apps are actually a few of the friendlier ones compared to what you can run off a USB stick.

You can also run nikto from a USB stick. I used to work at a rather large public high tech company that was running their intranet on IIS. While I was doing some work I noticed that it had not been patched in a long time,I sent an email to the admin group and  they actually told me not to worry about it as it was behind the firewall! I don't think I need to illustrate a possible scenarios here.  Usually there is a  lot of confidential data on intranets, much of it left unprotected and open to anyone in the company with the sense of security that if it is behind the firewall. Given that as the article states 70% of data theft occurs behind the firewall it seems that this can really be a weak point.
<<

slaughterhed

Newbie
Newbie

Posts: 5

Joined: Mon Sep 03, 2007 5:34 am

Post Tue Sep 04, 2007 6:53 pm

Re: Hacking Tools That Run on a USB Drive

The ones you have here look pretty good,but have any of you
heard of the usb switchblade or hacksaw?
:o :o :o
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Tue Sep 04, 2007 9:01 pm

Re: Hacking Tools That Run on a USB Drive

USB Hacksaw is more of a Trojan and if you just disable "CD auto-run" you are safe from programs like it. I think you should just put hot glue in all the users USB ports :P (just kidding). Unless you train your users you will always have issues with protable media.

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

hrp2171

Newbie
Newbie

Posts: 4

Joined: Thu Sep 06, 2007 12:22 am

Post Thu Sep 06, 2007 5:57 pm

Re: Hacking Tools That Run on a USB Drive

Here at work, we're using a program called Sanctuary that blocks USB drives/keys from being used by employees.  We also could not enforce the No-personal-pda policy, so we use Sanctuary to block any Palm devices from being used.  But that's all through the installed OS and it kicks in after someone logs in.  So, I would worry more about someone walking in with a bootable USB drive with either BartPE or Linux on it, though.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Wed Jun 25, 2008 11:12 pm

Re: Hacking Tools That Run on a USB Drive

My thoughts exactly. Linux booted from a flash drive will get you around most anything short of actually disabling booting from usb.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Thu Jun 26, 2008 6:52 am

Re: Hacking Tools That Run on a USB Drive

jason wrote:My thoughts exactly. Linux booted from a flash drive will get you around most anything short of actually disabling booting from usb.


From an end user perspective I don't see an issue with disabling booting from USB. How many legitimate reasons are there for booting from USB? (as an aside are there any BIOSs that boot from USB as standard? all my systems I need to force the option...)

Only time I've seen USB booting is either security people with USB toolkit, or someone showing off their 1337 sk1llz.

For end user machines I force a boot from harddisk (rather than cd/usb/net/etc,) and lock BIOS. Cause it's not foolproof, but stops most users and still leaves me enough leverage to get in the machine after it's fubar'd ;)

Return to /root

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software