[idea] Getting a hack CD past guards

[iago]

Let's say you're pen-testing (or breaking into) a business.  You need to install certain software on a computer inside the company, but whenever you enter the building you're searched.  You've tried sneaking in a CD, even a mini-CD, but the guards always find it.  What do you do?

Well, next time, you burn your progarms onto a cd, and write "Thrash metal mix #7" on the disk.  They take the disk away, put it into their CD player, and of course it doesn't work.  It's taken away from you.  Now what?

Well, I was thinking, it would be a cool idea to burn a few choice songs on it, then add a data section with your evil programs.  Then, when they check your disk, they find a thrash metal cd, give it back to you, and let you through. 

That's kind of a neat scenario :)

[Sidoh]

Let's say you're pen-testing (or breaking into) a business.  You need to install certain software on a computer inside the company, but whenever you enter the building you're searched.  You've tried sneaking in a CD, even a mini-CD, but the guards always find it.  What do you do?

Well, next time, you burn your progarms onto a cd, and write "Thrash metal mix #7" on the disk.  They take the disk away, put it into their CD player, and of course it doesn't work.  It's taken away from you.  Now what?

Well, I was thinking, it would be a cool idea to burn a few choice songs on it, then add a data section with your evil programs.  Then, when they check your disk, they find a thrash metal cd, give it back to you, and let you through. 

That's kind of a neat scenario :)

That is pretty good.  But what if they take away anything that has a risk or the potential to contain malicious data stored on it?  Then you're still screwed. :(

[iago]

Of course it can't have malicious data, listen, it's a music cd!

It would suck if they weren't dumb :)

Ok, ideas for sneaking in malicious data when they do a full body/cavity search (no concealing or swallowing anything)? 

If you could program a credit card's stripe, then read it when you get there, but you'd need a reader/converter.  *shrug*

Any other ideas?

[Hitmen]

Cell phones? I could fit a thumbdrive or like a compact flash card (micro drive if the software takes up a lot of space) in the battery compartment of my phone if I took the battery out.
How dumb are the gaurds / other workers (social engineering targets?)
What kind of security do they have on their own systems?

[Sidoh]

Cell phones? I could fit a thumbdrive or like a compact flash card (micro drive if the software takes up a lot of space) in the battery compartment of my phone if I took the battery out.
How dumb are the gaurds / other workers (social engineering targets?)
What kind of security do they have on their own systems?

I'm sure that would be confiscated.  When I went to IBM Almaden research center this summer, they wouldn't even allow disposable cameras, let alone cell phones.  Any company that has concern for this types of things would certainly revoke a cell phone.

[Hitmen]

Most places let you bring in cell phones as long as they aren't camera phones. (hence why they would confiscate a disposable camera)

[Sidoh]

Most places let you bring in cell phones as long as they aren't camera phones. (hence why they would confiscate a disposable camera)

That research center wouldn't even let us bring carry-on bags in.  We had to be "quick-searched" before we entered.

[iago]

Most places let you bring in cell phones as long as they aren't camera phones. (hence why they would confiscate a disposable camera)

That research center wouldn't even let us bring carry-on bags in.  We had to be "quick-searched" before we entered.

Are you sure he wasn't just attracted to you? ;)

I could see them confiscating cameras, phones (particularly with cameras), tape recorders, and any other kind of recording device.  But a CD might get overlooked. 

[Blaze]

I could see them confiscating cameras, phones (particularly with cameras), tape recorders, and any other kind of recording device.  But a CD might get overlooked. 

Good luck getting access to a computer. :)

[Sidoh]

Are you sure he wasn't just attracted to you? ;)

Shh.. that's our little secret.  ;)

[iago]

I could see them confiscating cameras, phones (particularly with cameras), tape recorders, and any other kind of recording device.  But a CD might get overlooked. 

Good luck getting access to a computer. :)

It's surprisingly easy to tell a secretary that you're from IT and you need to see her computer for a bit, so go grab a coffee I won't be 5 minutes.  Thanks!

[Hitmen]

It's surprisingly easy to tell a secretary that you're from IT and you need to see her computer for a bit, so go grab a coffee I won't be 5 minutes.  Thanks!

How dumb are the gaurds / other workers (social engineering targets?)

Hitmen wins again

[iago]

It's surprisingly easy to tell a secretary that you're from IT and you need to see her computer for a bit, so go grab a coffee I won't be 5 minutes.  Thanks!

How dumb are the gaurds / other workers (social engineering targets?)

Hitmen wins again

Haha yeah.  Guards tend to be smart enough to find things, but employees are usually pretty dumb :)

[trust]

What about those flash drive pens?

[zorm]

Interesting, at LANL the employee's aren't searched when entering buildings nor do most of the buildings have guards. Then again I suppose the threat of being very lonely in jail for a very long time is more scary than a lawsuit or such.