Jump to content

White hat or sysadmin uses for usb hacksaw & switch blad


nullspace

Recommended Posts

I was just thinking we should encourage our little script kiddies here to focus on more positive uses of the usb hacksaw then fsck with people or illegal uses. I think the usb hacksaw is a cool idea and can be used as a security tool.

Ex: You setup a email account on your LDAP or exchange at work for dumping all the files. Load up all the machines with the registry hack in the usb hacksaw. Use the hack to dump the files into your email and scan the email packages for malicious code or viruses. Or to see if people are carrying company secrets outside of work, or breaking other security codes.

I am sure there are other uses...

any one have some ideas? or security focused mods with this code?

Link to comment
Share on other sites

Why should there be a need to specify 'honest' uses for the tool?

You can do anything, and the populace here being what it is tends to prefer screwing over your machine as viciously as possible.

What is the point in specifying the good uses? To offset the perceived bad uses? Why is that even an issue to discuss? Who cares?

Link to comment
Share on other sites

Just to point out that there two sides to this. Much like everything. Things built for malicious uses can be used for productive uses. Visa versa. I am not calling anything bad or good here just I think some things are better uses of time. I don't think anyone needs to question the ethical uses of this tool.

Yes I agree sometimes its fun to do ethically questionable things to stupid people but I am also tired of every script kiddy who thinks they are hot shit killing the free wireless networks in my city.<rant> At least come up with something interesting or remotely productive like spamming all the IE users on the network with switch to firefox pages. </rant>

essentially it’s my small way of trying to get people to "think" instead of implementing hacks blindly on unsuspecting people just trying to get shit done.

Maybe I should rephrase the question:

What other uses can the community think up of for the usb hacksaw that can be used in everyday uses besides ripping off someones usbdrive.

Link to comment
Share on other sites

If those who use these tools dont want to use it for whitehat uses, its their problem and so they should live with any punishment that may be caused because of it. Its up too them, it has already mentioned in the show that Hak5 do not condole the use of it as a blackhat thing.

Link to comment
Share on other sites

/me thought they did mention the whitehat uses for this and as a side note they briefly talked about the blackhat uses. But in the end it comes down to the end users for what they use it for. Alot of people that watch this show dont have the need to use this as a "whitehat" tool. All i can really say is, if you want to use this tool in a system admin kind of situation, then code something up that can do it and share the program/source with the community and someone might also add some extra features to it.

Link to comment
Share on other sites

What about a U3 drive that auto-installed Windows hot-fixes, applied security polices, killed spyware, updated anti-virus definitions and that sort of thing? Sure you might have an awesome automatic network based distribution system for these types of updates, but what about when you go to your Grandma's or to a small business with ten or so computers that have never run windows update? Pop in your U3 drive and it begins to secure their computer, you could even give the thing to your Grandma and tell her to plug it in herself. I'm always having to do this kind of housekeeping on non-tech savy people's computers, it would be a lot less work to just plug in a flash drive.

I'm thinking this would be particularly useful if for example you had to install an application on all the computers in a network where you have limited acess to the network itself, but physical access to the USB ports (Some admins and companies are rather touchy about outsiders getting access). The U3 Drive can install the app and make any necessary changes to firewall settings etc. The advantage of this type of solution is that anyone can go to 100 computers and plug in a flash drive, all necessary changes wouldn't require any user interaction.

Another possible idea, tracking your flash drive. Each time it's plugged in, it simply contacts your webserver and gives information about the local computer(IP etc) you need and perhaps has an option for remote administration. So you have space shuttle plans on your flash drive and you get mugged, some evil hax0r has your U3 drive, he plugs it into his computer and it contacts your websever giving his IP, you contact the feds and they go bust down his door. Or you loose your drive and a normal person takes it home and plugs it in, you would have a backdoor on their computer that you could use responsibly to tell them that they have your flash drive and to please return it, although this would probably scare most people. This tracking system could also be used as a bit of a social experiment, drop a few U3 drives in the street and see where they end up.

But what about if you have revealing photos on your flash drive that you don't want to risk anyone getting their hands on? You have them in a truecrypt volume and the drive is chained to your wrist but your still paranoid? Why not have a U3 drive that automatically scans the computer its plugged into for some sort of identification, as simple a text file in c: or it could do some kind of handshake with an app running on the computer or whatever. If the drive doesn't detect the computer as authorised computer it securely deletes everything on your flash drive, no more worries about those photos being posted on the internet. This would have to be implemented very carefully though, don't want to delete those photos when you don't mean too, you also don't want to end up deleting everything on a local drive instead of the flash drive.

Sure theres going to be some problems with implementing these ideas and existing solutions might be better in some cases but I'm just trying to show that there are a whole range of ideas that are a bit more legitimate that this technology can be used for. Owning some n00bs box is fun and all, but it's even more fun to come up with innovative uses for technology so you can show off to all the n00bs instead, this is what Technolust is all about.

Link to comment
Share on other sites

The deleting of the files is a nice idea. What i would do though instead of the handshake with another app, have it wait say 10sec for a "password" to be entered in, if the password isnt entered in within that time then start deleting the files, once deleted call back to a server letting you know someone has just pluged your drive in and what not.

Link to comment
Share on other sites

I really like the discussion thats going on here, especially ideas for legit uses. It's been planned for a while to do a segment on whitehat uses for this technology. Just the other day I was deploying a backup solution to notebook computers in my office via U3 since it didn't interupt the work of the user. Unfortunately those machines arent part of a domain so software deployment is a pain, though this made it way easier.

"It's time for your booster shot!" plug in. wait a few seconds. ask about the kids. unplug. make some lame clean computer joke and leave.

Link to comment
Share on other sites

One legit use:

On a network where the use has to have local admin rights to run an application. The domain admin has locked the computer down heavily as a result of this and will not allow registry edits, runas to run, etc.

Domain admin inserts U3 drive. Upon autorun it disables these locks and any type of packet filtering that gets flagged. Domain admin can now do what he needs to do without restrictions. Or worring about the user catching him type in the administrator password.

On a side note, Im working on a way that it will lock the workstation back down based on the gpo when I remove the drive. For now, I have to execute a batch script to turn the locks back on.

Another legit use:

I mainly work off USB drives as I have no idea where Im going to be. When I insert the U3 drive with a hotkey pressed, it auto loads my enviroment I use on an everyday basis (TrueCrypt, Thunderbird, Firefox, VNC, etc).

And lastly:

Im trying a poc to give out U3 drives to users as a way to logon to various roaming profiled machines. I have a lot of kinks to work out, but nothing sets me off more to see passwords written or typed out in clear view or stickies!

If anyone knows of a way I can get rfid readers to logon them in, please speak up. And it has to be reasonable... Im talking about a bunch of people.

Link to comment
Share on other sites

Funny enough, I was just working on a use for this. When I saw it, I was more interested in using the same thing to do a security audit on a PC.

Currently the script I have (manually run) and I'm modding it to work the same way as the switchblade. This is mainly used to audit a PC if it's been hacked into. It uses some bog standard command line tools included with windows and some from sysinternals.

It does the following (with the programs used):

* Enumerate Logged On Users (logonsessions)

* Get Process Information (pslist, tasklist, tlist, wmic)

* Get Loaded Modules for all processes (listdlls, tasklist)

* Enumerate Network Information (netstat, nbtstat)

* Get Service Information (wmic,sc)

* Get Driver Information (wmic, driverquery)

* Get useraccount information (wmic)

* Get MAC times for all files on C: drive (dir c: /a /s /q /[tw,ta,tc])

* List all files on C: drive (duh.. dir)

* Dump Permissions on all files in all directories (cacls)

* Check all files on C: for Alternate Data Streams (lads)

* Dump the registry to file (reg export)

* Dump event logs to file (wmic)

Once this information has been collected (onto the USB stick) it can be looked at later.

ReG

Link to comment
Share on other sites

I work in a hospital and we're quite safe against this kind of hack. We desactivate USB ports on our client machines..

Unfortunately, the last machines we recieve are full USB (keyboard and mouse too) :? .

Sorry to keep mentioning it, but you might want to look at DeviceWall ( http://www.devicewall.com ) it allows admins to specify what devices connected to systems, for example allowing all keyboards and mice, but no USB thumb drives and only read access to iPods etc.

Link to comment
Share on other sites

Arokn,

I don't mind you plugging Device Wall on the forums, I mean, it is good software. But if you are affiliated with the company you should probably make that clear when you post.

http://www.hak5.org/forums/search.php?search_author=arkon

Looking forward to reviewing these types of device security software on the next episode,

Darren

Link to comment
Share on other sites

Arokn,

I don't mind you plugging Device Wall on the forums, I mean, it is good software. But if you are affiliated with the company you should probably make that clear when you post.

http://www.hak5.org/forums/search.php?search_author=arkon

Looking forward to reviewing these types of device security software on the next episode,

Darren

Sorry, didn't mean to mislead, yes I work for the company that makes DeviceWall, should have mentioned that earlier, just added a lit to my profile. I will try not to mention it again...just couldn't help myself when folks are discussing ways of mitigating these tools by shutting down all USB ports, which in most cases is the only way to keep these tools from being run, it causes quite a few problems in terms of convenience....Windows (even Vista) do a poor job of managing removable media devices in a way that provides admins granular control over devices and groups.

Link to comment
Share on other sites

Arkon, have you used DeviceWall? Does it install a service, if yes (most likely), is it slow on USB transfer data?

First, so you know I work for the company that makes DeviceWall. It does install as a service, but I have not noticed the transfer being slower than without it with DeviceWall, it will be a little bit slower if the automatic encryption is enabled however. Try the 30 day trial, I would be interested to hear any feedback.

Link to comment
Share on other sites

intresting ideas ...

hacksaw(modified VNC + emailing small stuff like IP address and maybe make it something besides yougothacked so we can keep the script kiddies out and heck burn it to cd's (doesn't the autorun merely work so well because u3 treats it like a cd) .... email it to the family with a 1 free tech support cuppon easy christmas gift)

sets it up automaticly so that they can easily have you help them with tech support...

Semi Illegail Set it up with that BoINC stuff (SETI and such) that program that uses your computer while in screensaver to scan for aliens and stuff... or can be used for biological research

Nasty spyware/trojan infecting your system/network autofix with u3...

install/update spyware/antivirus..

Edit some reg keys (disable LM hashes, disable baloon tips, speed up boot time, etc)

search for and delete all porn (maybe evil)

Semi Illegail -setting up small proxies for the poor people bound by schools/chinease government/ etc... can access unfiltered unbiased internet

automaticly do stuff such as empty recycle bin, defrag, set up a system restore point etc...

check chat words to make sure they're not a pedophile rapist search for certain codewords... if they're your friend blackmail them (the blackmail may not be legal) (or put kiddie porn and than blackmail them)

I dunno what program would be good for this , but some exchange like program you take some of there files and they get yours (Rpg maker games, projects GPL code.... (or if you want to go blackhat *cough*mp3 stealing*cough*)

my hat is getting dirty I'm going to bed...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...