upon using the pocket knife the tool could open the default browser to files stored locally on the USB drive that are phishing pages for 3 of the top used websites for your target.
For the sake of conversation lets just say
Popular web based email service login page
Popular social networking login page
Another Popular web based mail service
these would be just phishing pages that would dump the inputs into a text file for retrieval later or emailed results. These html pages could be coded to simply redirect to the actual page the target thought they were logging into when the user hits the submit/login button or presses the carriage return.
And even better. Lets say the phishing page is set to xyz.com (A very popular email service), however our target uses abc.com instead. The user types in the correct url (and hopefully doesnt notice the last page was a local file and not an actual website in the URL bar) and pocket knife could dump the history of the web browser so that the attacker can learn what websites the target is using so that the tool could be modified.
Edited by bobtheman, 28 March 2012 - 11:17 AM.
