Sign in to follow this  
Followers 0
phibroptix

Hacking Possible From Flash Drive?

11 posts in this topic

Hey All,

I am not really to experienced with computers in general. I have some data about "hacking" in general, and the forms. But i was wondering if you guys think its possible if (hypothetically and practically speaking) you had physical access (but limited) to a computer, could you install a keylogger, or a brute-force cracker to try to catch the passwords to various programs the computer user access'?

On the same topic, is it possible install these through a Trojan Horse-type program, which explicitly gets the original user to confirm it. For instance, you put a keylogger on, and a screen pops-up saying, "Your computer has been found containing security weakness. Please click below to update your computer" or something like that.

All comments are appreciated! Thanks!

0

Share this post


Link to post
Share on other sites

The only known good way so far to 'hack' from a flash drive is the auto-play method with U3 Flash Drives as some people call the flash switchblade. The trick is to re-do the built-in emulated disc to run a special utility that's like a command prompt that lacks a display prompt and have it initiate the other programs on the flash. Other than that there's just the standard is it worth taking a risk getting caught running a program. If you have a correct backdoor/trojan you can do anything, even easily by-pass Anti-Virus applications. No fake display like that is nessecary if the user is already infected to that point, unless you're using some browser mal-ware to trick them to do a less-limited payload.

0

Share this post


Link to post
Share on other sites

There is that autoplay thing that friendless mentioned, but if you can run a program from the jump drive, I'm sure there's more than a few privilege escalation attacks that could work.

0

Share this post


Link to post
Share on other sites

USB Switchblade

USB Hacksaw

Hak 5 promised a dev toolkit for this exploit called USB Chainsaw that was supposed to provide a variety of functionality, but by now it should probably be considered vaporware.

Anyway, these applications must be installed on U3 flash drives and will only work against vulnerable Win 2000/XP/Server 2003 boxen (in other words, the owner/admin must have left Autoplay enabled).

Edited by Colonel Panic
0

Share this post


Link to post
Share on other sites
USB Switchblade

USB Hacksaw

Hak 5 promised a dev toolkit for this exploit called USB Chainsaw that was supposed to provide a variety of functionality, but by now it should probably be considered vaporware.

Anyway, these applications must be installed on E3 flash drives and will only work against vulnerable Win 2000/XP/Server 2003 boxen (in other words, the owner/admin must have left Autoplay enabled).

There's always the manual method in which you click a shortcut in the folder (go.exe usually) that starts everything else. That is what I use because then you don't have to worry about autoplay being disabled.

0

Share this post


Link to post
Share on other sites

Thanks for the help! I was wondering, does the auto-run work for installing programs too (trojan)? Wouldn't the user need to expressly chose to run the software? Also, does this work if the machine you are using the flash on doesn't have administrative priv's, as its run from a central server (kinda like remote desktop, but the server controls all the installations, sorta like Fortres)?

Also, what kind of Trojan would be the best, and could you place it normall on a conventional flash drive, or would you need to alter the auto-run program?

0

Share this post


Link to post
Share on other sites

You could always download the latest Backtrack 3 operating system, and boot it from a flash drive. (It's an operating system made for hackers)

0

Share this post


Link to post
Share on other sites
does the auto-run work for installing programs too (trojan)? Wouldn't the user need to expressly chose to run the software?

Yes and No.

Autorun does just what the name suggests. If autorun is enabled, then when an auto-run CD or DVD is loaded into the machine, Windows automatically launches a specific program on the disk without any prompting of the user. Auto-run CDs and DVDs contain a file called autorun.inf, which is just a small text document like an ini file that tells Windows what program on the CD/DVD to run after the disk is mounted.

Now if the current user account is restricted by the admin settings from running that specific kind of file, then a dialog will pop up telling the user that he doesn't have permission to open the file. But as long as the user has sufficient privileges to run it, Windows just goes about the business of running the program and doesn't care if it's a Powerpoint presentation, a software installer, a batch file, or some kind of malware. Remember, in Windows, normal users typically have access to run exe files, but they're restricted from modifying the registry or writing to the C:\WINDOWS directory. So although they can't install software, it is possible for some kinds of malware to run and even infect the machine if it's creepy enough. This is why any administrator worth his salt who's managing a network in a public, educational, or corporate environment will have disabled autorun at the user level on all machines.

Anyway, an autorun.inf file is very simple:

[autorun]
open=program.exe

Type that code into notepad (replacing program.exe with the filename of the program you want to launch) and save it as autorun.inf. Then burn a CD or DVD with that program and the autorun.inf in the CD or DVD's root directory. It's as simple as that.

You can do lots of fun things in an autorun.inf file, like launch batch (.bat) files, specify an icon for Windows to use to represent the CD/DVD, or even open a specific Web page in a browser, like this:

[autorun]
open=firefox.exe "http://www.binrev.com/"
shell\open\command=firefox.exe "http://www.binrev.com/"
useautoplay=1

Here's a nice little tutorial that describes some other parameters you can use to tweak autorun files: http://dailycupoftech.com/usb-drive-autoruninf-tweaking/

It's important to note, however, that Windows doesn't auto-run programs from a USB device the way it does with optical media. With USB storage devices, Windows will pop up a dialog box first, asking the user if she wants to run the program. If you want the program to launch automatically like an auto-run CD, then you'll need a U3 USB thumbdrive. A U3 device is one that is specially partitioned to appear to Windows as a CD or DVD.

In order to make the U3 device autorun a program of your choice, you need to hack its virtual CD drive partition. The only way I know of to do this is to use a program called "Universal Customizer". You can Google that and find plenty of instructions how to use it.

Also, what kind of Trojan would be the best

I usually buy the ribbed ones.

You know... "for her pleasure" naughtyfl1.gif

Edited by Colonel Panic
0

Share this post


Link to post
Share on other sites
Also, what kind of Trojan would be the best

I usually buy the ribbed ones.

You know... "for her pleasure"

I like where this thread is going. :D

0

Share this post


Link to post
Share on other sites

Wow, you spent some time on that post and even left it with a bang.

0

Share this post


Link to post
Share on other sites

Yeah, I posted it and then about 20 minutes later I realized I hadn't addressed his question specifically about how to make a USB drive autorun without prompting. So I went back and added the part about U3 drives and the Universal Customizer utility and the joke about Trojans.

Can you believe, asking us for malware recommendations? What kind of monsters does this guy take us for?

--EDIT--

Now I just went back and edited it again, to clarify my instructions about how to make an autorun.inf file.

I'm never quite happy with my writing on the first draft. I always find fault with it, then go back and re-edit it over and over again. This methodology sucks on the Internets, because everything is so timely and multiple edits tend to look bad.

Edited by Colonel Panic
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0