Author Topic: [idea] Getting a hack CD past guards  (Read 5858 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
[idea] Getting a hack CD past guards
« on: November 14, 2005, 01:07:08 pm »
Let's say you're pen-testing (or breaking into) a business.  You need to install certain software on a computer inside the company, but whenever you enter the building you're searched.  You've tried sneaking in a CD, even a mini-CD, but the guards always find it.  What do you do?

Well, next time, you burn your progarms onto a cd, and write "Thrash metal mix #7" on the disk.  They take the disk away, put it into their CD player, and of course it doesn't work.  It's taken away from you.  Now what?

Well, I was thinking, it would be a cool idea to burn a few choice songs on it, then add a data section with your evil programs.  Then, when they check your disk, they find a thrash metal cd, give it back to you, and let you through. 

That's kind of a neat scenario :)

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [idea] Getting a hack CD past guards
« Reply #1 on: November 14, 2005, 01:27:31 pm »
Let's say you're pen-testing (or breaking into) a business.  You need to install certain software on a computer inside the company, but whenever you enter the building you're searched.  You've tried sneaking in a CD, even a mini-CD, but the guards always find it.  What do you do?

Well, next time, you burn your progarms onto a cd, and write "Thrash metal mix #7" on the disk.  They take the disk away, put it into their CD player, and of course it doesn't work.  It's taken away from you.  Now what?

Well, I was thinking, it would be a cool idea to burn a few choice songs on it, then add a data section with your evil programs.  Then, when they check your disk, they find a thrash metal cd, give it back to you, and let you through. 

That's kind of a neat scenario :)

That is pretty good.  But what if they take away anything that has a risk or the potential to contain malicious data stored on it?  Then you're still screwed. :(

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [idea] Getting a hack CD past guards
« Reply #2 on: November 14, 2005, 01:34:21 pm »
Of course it can't have malicious data, listen, it's a music cd!

It would suck if they weren't dumb :)

Ok, ideas for sneaking in malicious data when they do a full body/cavity search (no concealing or swallowing anything)? 

If you could program a credit card's stripe, then read it when you get there, but you'd need a reader/converter.  *shrug*

Any other ideas?

Offline Hitmen

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 1913
    • View Profile
Re: [idea] Getting a hack CD past guards
« Reply #3 on: November 14, 2005, 03:36:54 pm »
Cell phones? I could fit a thumbdrive or like a compact flash card (micro drive if the software takes up a lot of space) in the battery compartment of my phone if I took the battery out.
How dumb are the gaurds / other workers (social engineering targets?)
What kind of security do they have on their own systems?
Quote
(22:15:39) Newby: it hurts to swallow

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [idea] Getting a hack CD past guards
« Reply #4 on: November 14, 2005, 03:54:10 pm »
Cell phones? I could fit a thumbdrive or like a compact flash card (micro drive if the software takes up a lot of space) in the battery compartment of my phone if I took the battery out.
How dumb are the gaurds / other workers (social engineering targets?)
What kind of security do they have on their own systems?

I'm sure that would be confiscated.  When I went to IBM Almaden research center this summer, they wouldn't even allow disposable cameras, let alone cell phones.  Any company that has concern for this types of things would certainly revoke a cell phone.


Offline Hitmen

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 1913
    • View Profile
Re: [idea] Getting a hack CD past guards
« Reply #5 on: November 14, 2005, 03:57:11 pm »
Most places let you bring in cell phones as long as they aren't camera phones. (hence why they would confiscate a disposable camera)
Quote
(22:15:39) Newby: it hurts to swallow

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [idea] Getting a hack CD past guards
« Reply #6 on: November 14, 2005, 04:01:00 pm »
Most places let you bring in cell phones as long as they aren't camera phones. (hence why they would confiscate a disposable camera)

That research center wouldn't even let us bring carry-on bags in.  We had to be "quick-searched" before we entered.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [idea] Getting a hack CD past guards
« Reply #7 on: November 14, 2005, 04:18:07 pm »
Most places let you bring in cell phones as long as they aren't camera phones. (hence why they would confiscate a disposable camera)

That research center wouldn't even let us bring carry-on bags in.  We had to be "quick-searched" before we entered.

Are you sure he wasn't just attracted to you? ;)

I could see them confiscating cameras, phones (particularly with cameras), tape recorders, and any other kind of recording device.  But a CD might get overlooked. 

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: [idea] Getting a hack CD past guards
« Reply #8 on: November 14, 2005, 04:24:34 pm »

I could see them confiscating cameras, phones (particularly with cameras), tape recorders, and any other kind of recording device.  But a CD might get overlooked. 
Good luck getting access to a computer. :)
And like a fool I believed myself, and thought I was somebody else...

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [idea] Getting a hack CD past guards
« Reply #9 on: November 14, 2005, 04:40:44 pm »
Are you sure he wasn't just attracted to you? ;)

Shh.. that's our little secret.  ;)

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [idea] Getting a hack CD past guards
« Reply #10 on: November 14, 2005, 05:04:54 pm »

I could see them confiscating cameras, phones (particularly with cameras), tape recorders, and any other kind of recording device.  But a CD might get overlooked. 
Good luck getting access to a computer. :)

It's surprisingly easy to tell a secretary that you're from IT and you need to see her computer for a bit, so go grab a coffee I won't be 5 minutes.  Thanks!

Offline Hitmen

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 1913
    • View Profile
Re: [idea] Getting a hack CD past guards
« Reply #11 on: November 14, 2005, 05:08:01 pm »
It's surprisingly easy to tell a secretary that you're from IT and you need to see her computer for a bit, so go grab a coffee I won't be 5 minutes.  Thanks!

How dumb are the gaurds / other workers (social engineering targets?)

Hitmen wins again
Quote
(22:15:39) Newby: it hurts to swallow

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [idea] Getting a hack CD past guards
« Reply #12 on: November 14, 2005, 05:25:04 pm »
It's surprisingly easy to tell a secretary that you're from IT and you need to see her computer for a bit, so go grab a coffee I won't be 5 minutes.  Thanks!

How dumb are the gaurds / other workers (social engineering targets?)

Hitmen wins again

Haha yeah.  Guards tend to be smart enough to find things, but employees are usually pretty dumb :)

trust

  • Guest
Re: [idea] Getting a hack CD past guards
« Reply #13 on: November 14, 2005, 06:11:57 pm »
What about those flash drive pens?

Offline zorm

  • Hero Member
  • *****
  • Posts: 591
    • View Profile
    • Zorm's Page
Re: [idea] Getting a hack CD past guards
« Reply #14 on: November 14, 2005, 10:14:15 pm »
Interesting, at LANL the employee's aren't searched when entering buildings nor do most of the buildings have guards. Then again I suppose the threat of being very lonely in jail for a very long time is more scary than a lawsuit or such.
"Frustra fit per plura quod potest fieri per pauciora"
- William of Ockham