|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Exploit: Windows95/98/ (NT?) Autorun
Matt Hallacy (poptix
INGS.COM)Fri, 22 May 1998 14:08:27 -0500
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Ian Goldberg: "Re: quickie fix to xdm port problem"
- Previous message: Ben Woodard: "Re: nestea2 and HP Jet Direct cards. (Lexmark patches)"
- Next in thread: Aleph One: "Re: Exploit: Windows95/98/ (NT?) Autorun"
Sorry if this has been brought up before, I searched the archives and
didnt find anything.
Problem: Autorun runs even when passworded screensaver is active.
Scenario: Burn a CD-ROM with whatever program you want to run on the
passworded machine, put it in autorun.inf, and just put it in the machine,
this can be used to run and do just about anything, one more reason not to
rely on microsoft for your security :)
I dont suppose this is actually an exploit, but it's exploitable on 80% of
the machines running Windows since not a whole lot of people turn autorun
off, a few friends had a great time going to wal-mart, popping the CD in,
removing the screen savers and a password utility they had on there, then
having full access, this could easily be used to walk over to a machine,
pop a disk in drive A, have it autorun a batch file on the CD to copy
say, Turbo Tax documents, Quicken, (you get the idea :)
Matt Hallacy, poptixEfnet
- Next message: Ian Goldberg: "Re: quickie fix to xdm port problem"
- Previous message: Ben Woodard: "Re: nestea2 and HP Jet Direct cards. (Lexmark patches)"
- Next in thread: Aleph One: "Re: Exploit: Windows95/98/ (NT?) Autorun"