« previous next »
Pages: [1]

Author Topic: USB hacksaw  (Read 961 times)

Apetrick

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3512
  • Reputation: 90
  • <Apetrick> lank is 1337
  • Badges:
  • iDevices: Ipod Touch 4g
USB hacksaw
« on: November 27, 2012, 08:29:15 pm »
USB hacksaw allows you to attack a computer by simply plugging in a USB and owning it with no popups on screen and it's all automated.
http://ctrlaltnarwhal.wordpress.com/2012/10/31/usb-drives-for-penetration-testing/
I didn't want to copy paste the tutorial here since it already is a great and descriptive tutorial and how to do it, any help you need just ask.
Logged
<%a12danrulz> Idk, but doing a DoS from an apple device is like fighting a bear with a plastic spork

A12danrulz

  • Leader
  • Hero Member
  • *****
  • Posts: 4017
  • Reputation: 216
  • Badges:
Re: USB hacksaw
« Reply #1 on: November 27, 2012, 08:38:17 pm »
Look, I have a book that comprehensively covers all kinds of USB bourne attacks. USB hacksaws had a whole chapter dedicated to them. They are an amazing attack yes, but they are outdated. They rely on autorun being enabled, so that the computer will read autorun.inf in the drive root and read the instruction to execute the payload. Autorun was disabled by default in XP SP3, and on all Windows OSes after. Sorry to burst your bubble.
Logged

OneHappyTaco

  • Sr. Member
  • ****
  • Posts: 404
  • Reputation: 11
  • Who Dares Wins
  • Computers: Mac
  • iDevices: Iphone 4s
Re: USB hacksaw
« Reply #2 on: November 27, 2012, 09:04:53 pm »
+1 great link. I get asked by my roomate how to hack his friends computer when he hangs out with him. I say Why waste your time with SET and Metasploit if you actually have access to the computer? I'll have to show him this link.
Logged

Apetrick

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3512
  • Reputation: 90
  • <Apetrick> lank is 1337
  • Badges:
  • iDevices: Ipod Touch 4g
Re: USB hacksaw
« Reply #3 on: November 27, 2012, 09:17:25 pm »
Quote from: A12danrulz on November 27, 2012, 08:38:17 pm
Look, I have a book that comprehensively covers all kinds of USB bourne attacks. USB hacksaws had a whole chapter dedicated to them. They are an amazing attack yes, but they are outdated. They rely on autorun being enabled, so that the computer will read autorun.inf in the drive root and read the instruction to execute the payload. Autorun was disabled by default in XP SP3, and on all Windows OSes after. Sorry to burst your bubble.
Well you can always open up the USB and execute the payload yourself if it is a none vulnerable machine, I mean its not ideal but you gotta do what you gotta do.
Logged
<%a12danrulz> Idk, but doing a DoS from an apple device is like fighting a bear with a plastic spork

[null]

  • Hero Member
  • *****
  • Posts: 646
  • Reputation: 42
  • the halloween jack is a real cool cat
  • Computers: I have a PC running Windows 7 that was built by my uncle. I also have a Newsmy T3 Android Tablet.
  • iDevices: iPod Touch 4G
Re: USB hacksaw
« Reply #4 on: November 28, 2012, 07:03:05 am »
Awesome share! I have looked into this before, and the USB attack is one of my favorites. I havn't seen this page before though, so thanks!
Logged
__  __           ___    ___          
/\ \/\ \         /\_ \  /\_ \          
\ \ `\\ \  __  __\//\ \ \//\ \     
 \ \ , ` \/\ \/\ \ \ \ \  \ \ \          
  \ \ \`\ \ \ \_\ \ \_\ \_ \_\ \_
   \ \_\ \_\ \____/ /\____\/\____\
    \/_/\/_/\/___/  \/____/\/____/
Don't like seeing ads? Click here to register!

darrenliew96

  • Full Member
  • ***
  • Posts: 135
  • Reputation: 3
Re: USB hacksaw
« Reply #5 on: November 28, 2012, 07:26:59 am »
Awesome! +1 for great finding!
Logged

Godman777

  • Hero Member
  • *****
  • Posts: 984
  • Reputation: 27
  • Have a good day!
  • Computers: Dell Inspiron 560 with HD 5450 silence
  • iDevices: Galaxy Note 2 Rooted
Re: USB hacksaw
« Reply #6 on: November 28, 2012, 10:00:21 am »
Lol, I made a virus like that a while ago! I plugged it into my sister's (it just shuts down the pc) and nothing happened. And then I realized that the script I had written needed auteur enabled. So, yeah. It's kinda a stupid attack. No offense Ape.
Logged
If I assist you please consider giving me a +1.
Pages: [1]
« previous next »