Re: Boot floppy

["Shreyas Zare" <shreyas () technitium com>]

Hi,

Everyone almost is missing Mifa's statement which is, "Any other ideas
how we maight gain access? It has to be fast (bathroom breaks ect). I
dont have time to load a live cd. Further, robooting would cause the
user to loose work."

This means he has to do it quickly without rebooting the machine and
no live CDs as rebooting would make the target suspicious of the act.
So social engineering will work better in this case.

If he has enough powers, he can trojan the machine as its company's
property. And the target may be a real danger for the company's
security, who knows ?

Regards

On 4/12/07, dcdave () att net <dcdave () att net> wrote:
> I agree with the many legal and ethical points mentioned.
>
> But if you just got to 'git'er'done', and you have physical access, Backtrack v2.0 has been very helpful to me.
> http://www.livedistro.org/release-announcements/gnu/linux-releases/backtrack-v2-0-public-beta-edition
>
> Autorun does not have to be enabled in the operating system, but BIOS has to be set for booting off CD. If this is password 
> locked, then remove the hard drive and attach it on a nother machine which is not BIOS passworded. If there is whole disk 
> encryption, then make a copy of the drive ('dd' is a *LOT* cheaper than ENCASE for one-time uses, although the latter 
> has *MANY* useful tools).
>
> That being said, I hope your reasons for suspecting misuse of corporate tools are strong enough to stand up over simple 
> need for privacy and maintenance of entity-sensitive information with reasonable security if the situation gets out of 
> hand and ends up in court...
>
> Warm Regards,
> Dave Druitt
> --
> CSO
> InfoSec Group
> 703-626-6516
>
>
> -------------- Original message from "Chris Zevlas" <czevnow () cox net>: --------------
>
>
> > How about you doing a remote image with Encase this way he will never know
> > what you did.
> >
> > ----- Original Message -----
> > From: "Shreyas Zare"
> > To: "Pen-Testing"
> > Sent: Tuesday, April 10, 2007 10:48 PM
> > Subject: Re: Boot floppy
> >
> >
> > > Hi,
> > >
> > > Try using social engineering. Tell him you are given a job to patch
> > > all machines in the company for some security update then patch his
> > > machine with a good rootkit. You may give him the update (infected) in
> > > any CD or USB media so that he would install it himself. Or use any
> > > idea which will not look suspicious to the target.
> > >
> > > Regards,
> > >
> > > On 4/10/07, Mifa wrote:
> > >> We have a user who takes a company computer home with them (no its not a
> > >> lap top). We have a good reason to need to look at their files.
> > >> However, we want to do so without that employ knowing. They seem to know
> > >> something about security becasue auto runs is disabled and the
> > >> workstation is always locked with a third party software. INserting a U3
> > >> drive will not run a program either. Are there any programs that will
> > >> boot from a floppy then copy a program to the c drive then wite an auto
> > >> start entry into the registry? This was the only way I can think of to
> > >> get the user to install a program..
> > >>
> > >> Any other ideas how we maight gain access? It has to be fast (bathroom
> > >> breaks ect). I dont  have time to load a live cd. Further, robooting
> > >> would cause the user to loose work.
> > >>
> > >>
> > >>
> > >> ------------------------------------------------------------------------
> > >> This List Sponsored by: Cenzic
> > >>
> > >> Need to secure your web apps?
> > >> Cenzic Hailstorm finds vulnerabilities fast.
> > >> Click the link to buy it, try it or download Hailstorm for FREE.
> > >>
> > >>
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008
> > bOW
> > >> ------------------------------------------------------------------------
> > >>
> > >>
> > >
> > >
> > >
> > > --
> > > (This e-mail was composed and sent completely using recycled electrons)
> > >
> > > Shreyas Zare
> > > Co-Founder, Technitium
> > > eMail: shreyas () technitium com
> > >
> > > ..::< The Technitium Team >::..
> > > Visit us at www.technitium.com
> > > Contact us at theteam () technitium com
> > >
> > > Technitium Personal Computers
> > > We belive in quality.
> > > Visit http://pc.technitium.com for details.
> > >
> > > ------------------------------------------------------------------------
> > > This List Sponsored by: Cenzic
> > >
> > > Need to secure your web apps?
> > > Cenzic Hailstorm finds vulnerabilities fast.
> > > Click the link to buy it, try it or download Hailstorm for FREE.
> > >
> > >
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008
> > bOW
> > > ------------------------------------------------------------------------
> > >
> > >
> >
> >
> >
> > ------------- -----------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008
> > bOW
> > ------------------------------------------------------------------------
> >



--
(This e-mail was composed and sent completely using recycled electrons)

Shreyas Zare
Co-Founder, Technitium
eMail: shreyas () technitium com

..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam () technitium com

Technitium Personal Computers
We belive in quality.
Visit http://pc.technitium.com for details.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------