Computer’s could get owned by a USB device

usb_lockUSB Switchblade is a tool that can help you to be a king on the enemies’ land. Hack5 USB Switchblade is the second name for this tool but this does not change anything.

The project consists of several software packages that do a great job for password grabbing and pentesting:

Dump SAM is made for dumping the windows Security Account Manager.

IE/Firefox Password Grabber makes a good job for grabbing browser passwords.

VNC-Service is a hidden installer that helps to add users and monitor the network activity on the victim machine.

On the official sites there are several techniques for using this tool:

1. Max Damage Technique just Plug your U3 Drive in any computer with XP/2000/2003 (Requires Administrator account) and Wait about 20-45 seconds Eject U3 Drive, Go to “Run” in the start menu, Type in “X:\Documents\logfiles”(X = Flash Drive Letter) Press enter, Open the text file with the computer name you got into and you will find what you are looking for.

2. Amish Technique here you start by Downloading the Amish Payload 1.0, Extract the payload to the root of your flash drive, Plug your flash drive in to any computer, Go to “My Computer” double-click (autorun) the USB Drive, Select the “Open Files On Folder” option when inserted into a target computer, Wait about 20-45 seconds, Eject the flash drive, Go to “Run” in the start menu. Type in “X:\Dump”(X = Flash Drive Letter), Press enter , Open the text file with the computer name you got into and that’s it.

3. Gandalf’s technique: the advantage of this technique that you can use it on a USB drive, iPod, local computer, it doesn’t matter you just need to run start.vbs and then you can find the passwords and logs at $backup/%computername%.7z.

This brings a very important issue in the corporate security, disabling the usb ports is vital for the Information system but companies also need to pay attention on educating users about the potential security risks posed by USB flash drives. On the other hand it can be sometimes very useful :-).

make sure you subscribe to my RSS feed!