Learn, hack!

URL

https://media.blackhat.com/bh-dc-11/Larimer/BlackHat_DC_2011_Larimer_Vulnerabiliters_w-removeable_storage-wp.pdf

File name

BlackHat_DC_2011_Larimer_Vulnerabiliters_w-removeable_storage-wp.pdf

File size

1.5 MB

MD5

87f6da55f7d02be1af7d5e7643f86b59

SHA1

47eced410ccf99b5ff690a340de3e4239f0a838a

Malware has been using the AutoRun functionality in Windows for years to spread through removable storage devices. That feature is easy to disable, but the Stuxnet worm was able to spread through USB drives by exploiting a vulnerability in Windows. In this talk, I’ll examine different ways that attackers can abuse operating system functionality to execute malicious payloads from USB mass storage devices without relying on AutoRun. There’s a lot of code that runs between the USB drivers themselves and the desktop software that renders icons and thumbnails for documents, providing security researchers and hackers with a rich set of targets to exploit. Since the normal exploit payloads of remote shells aren’t totally useful when performing an attack locally from a USB drive, we’ll look at alternative payloads that can give attackers immediate access to the system. To show that these vulnerabilities aren’t just limited Windows systems, I’ll provide a demonstration showing how I can unlock a locked Linux desktop system just by inserting a USB thumb drive into the PC.