White hat or sysadmin uses for usb hacksaw & switch blad

[Spartain X]

I work in a hospital and we're quite safe against this kind of hack. We desactivate USB ports on our client machines..

Unfortunately, the last machines we recieve are full USB (keyboard and mouse too) :? .

also i'v heard some government agencies also glue usb ports also the motherboard connectors so their's no hope a usb hack

but there are many uses for the switch blade such as large scale depolments where network connection are not avaliable and just to be used in penetration tests to scare admins and users alike to be aware of security issues and way's to resolve them

[wh1t3 and n3rdy]

I am sure most government agencies have implemented measures to protect their systems against this sort of thing. Then again, it's amazing wat a bit of social engineering will accomplish.

[Spartain X]

i have sen it being done to a extent where there is nothing plugged in beside just a keyboard and mouse using ps/2

and government agencies are taking usb and other storage device as a security threat, imagine a rogue employee pod slurping a couple of gig's of data from a finiacal company

[burn]

One legit use:

On a network where the use has to have local admin rights to run an application. The domain admin has locked the computer down heavily as a result of this and will not allow registry edits, runas to run, etc.

Domain admin inserts U3 drive. Upon autorun it disables these locks and any type of packet filtering that gets flagged. Domain admin can now do what he needs to do without restrictions. Or worring about the user catching him type in the administrator password.

On a side note, Im working on a way that it will lock the workstation back down based on the gpo when I remove the drive. For now, I have to execute a batch script to turn the locks back on.

Another legit use:

I mainly work off USB drives as I have no idea where Im going to be. When I insert the U3 drive with a hotkey pressed, it auto loads my enviroment I use on an everyday basis (TrueCrypt, Thunderbird, Firefox, VNC, etc).

And lastly:

Im trying a poc to give out U3 drives to users as a way to logon to various roaming profiled machines. I have a lot of kinks to work out, but nothing sets me off more to see passwords written or typed out in clear view or stickies!

If anyone knows of a way I can get rfid readers to logon them in, please speak up. And it has to be reasonable... Im talking about a bunch of people.

That's an awesome idea, to automatically elevate your privileges to Domain Admin. You'll have to share that. Currently, I open IE using my Domain Admin creds and am able to do whatever I need from there.

Also, how in the world do you control what payload is executed based on a key that you're pressing?

As to the RFID readers, you can do something similar with Bluetooth. Basically, you connect this dongle to the computer (via USB, ironically) and you carry the "key" with you. When you leave, your computer automatically locks and when you get back, it automatically unlocks (or logs out and back in). I think Thinkgeek sells these, actually. I just did a Google search for similar software and there are a ton of them out there.

http://www.thinkgeek.com/gadgets/security/7e5e/

http://www.thinkgeek.com/gadgets/security/698d/