Archive for the ‘USB’ Category

In this guide, I’ll walk you through setting up a pentesting USB drive that also works well for other IT professionals.

Fortunately, the days of carrying around a CD binder full of your various tools are long gone. With the lower prices of USB drives and their increased capacity, you can easily keep a large number of tools at your disposal.

About this Guide: This guide is intended for educational purposes only. The author of this guide is not responsible for misuse, damaged, loss, altered, files and hardware.

What You’ll Need:

  • A USB drive (The larger the better. You can occasionally find a 128 GB drive for as little as £25)
  • Internet connection (Which I am going to assume that you have if you are reading this)

First let’s head over to grab Yumi. Yumi is a multi-boot loader for USB drives and the primary tool we’ll be using. Yumi allows you to easily add and remove programs without having to wipe out your drive.

Download Yumi at: http://www.pendrivelinux.com/yumi-multiboot-usb-creator/

Next, plug in your USB drive into your computer and launch Yumi

Click on the “I Agree”

Click on the down arrow and select your drive
step 2_zpspjunqz10

On the right side of the menu, we have the option of formatting the USB drive, View, ADD, or Remove distributions. I’m going to assume you have a clean USB drive.

Next, we’re going to click the drop-down arrow listed on Yumi’s “Step 2”. As we can see, there are a large number of programs listed here.

step 12_zpscby51rjc

As this is going to be my penetration testing USB toolkit, and I’m a big fan of Kali Linux, so that’s what I’m going to select first.

With Yumi, you have two options to install these programs to your drive. You can either download the ISO ahead of time, or for convenience, you can click the “open download link” option. This will obviously open the program’s download link for you, saving you time searching for it.

One we have our ISO downloaded click on the “Browse” button:

Click on ISO

Click “Open”

Click the “Create” button

“Yes”to get started

Depending on how large the ISO will determine how much time it takes. You should see a dialogue box telling you how the install is progressing.

Once your ISO is ready, click “Next”

From here, you’ll have the option to load additional ISO’s to your drive. If you decide to load additional programs, simply follow the above steps.

Another great feature about Yumi is that if you have a particular ISO that you want loaded and it’s not listed in their menu, it’s no problem! Follow the instructions as if you were going to install any other ISO, when it’s time to select your ISO scroll to the bottom of the list. The option that I normally select is “Try Unlisted ISO (via SYSLINUX).

We have all the programs we want loaded by way of Yumi. What’s next? Well, we have a pretty good toolset now, but there is always room for improvement.

Keeping with the idea of a portable toolset and keeping the entire thing free (minus the cost of your USB drive), our next stop is Portable apps http://portableapps.com/.

If you never have used this program or heard of it before, Portable apps, as the name implies, is a set of portable tools that can be launched from your USB drive. The great thing about this is you can take all of your favorite apps to another person’s computer without installing it to their machine.

After downloading Portable apps let’s go ahead and launch it.

The initial install is pretty straight forward, so simply click through.

When we reach the “Install Type,” we’re going to choose “Custom Install”.

The next option gives us a wide range of locations to install to.

For this guide, we’re going to choose the first option, “Portable”.

Make sure you have your USB drive selected and click “Next” and “Install” (You may need to turn your anti-virus off for this if it’s set to block autorun.)

After the program installs you will be presented with a list of software. Simply select which programs that you want to install and click “Next”.

To launch the application, open your USB drive and click on “Start”

The last program that we’re going to install is similar to Portable apps. This one is called NirLauncher. The reason I include this one (in addition to Portable apps) is that it has a number of tools that can be useful for penetration testing. It’s also free and updated frequently.

You can download the software at: http://launcher.nirsoft.net/

This one is far easier and faster to setup since the installer has all of the programs pre-installed. Simply download the program and unzip it to your USB drive.

To launch NirLauncher simply open your USB drive and click on “NirLauncher”

step 17_zpsnbnlrzlo

We’ve seen how to launch the other 2 programs; let’s take a look at booting our primary drive. Plug your USB drive into the computer you want to boot off of and have it boot from the USB drive. Depending on how the BIOS is configured, you may need to interrupt the boot sequence and select the drive. If your drive still does not show up or is not a option, you’ll probably need to login to the BIOS and make sure that USB boot is not disabled.

When the drive does boot, you’ll see the menu screen. Simply navigate to the program you want to run and hit the “Enter” key.

Bonus – Customizing Yumi

If you wish to create a custom image for the Yumi menu, open your USB drive and then open the “multiboot” folder. There, you’ll find a .png file called “yumi”. Edit this file however you wish. Make sure the resolution, name and extension match the original.

Yumi is a very powerful tool. We can use it to boot to our own custom OS without touching the host machine. We can use it for data recovery, forensics, password hacking, hardware scanning, etc. – all for the cost of a single USB drive.

Advertisements

Window 7 is the one of the best OS system which is used by the people all over the world and with greater popularity of this OS system every one want to install window 7 in their PC normally everyone know that how to install window 7 using DvD but one of the hottest question which i saw in many forums is “How to Install Windows 7 from a USB Drive” .i will give you the step to step tutorial to install Windows 7 from a USB Drive.

By using this method you can save lots of your valuable time as to Installs from a flash drive tend to take about 75% of the time it takes with a DVD.It will took 20 minutes instead of 30 minute which is took by DVD .
Here we start a process to install Windows 7 from a USB Drive just follow simple steps show below:
1. First of all you have USB Drive,which must be at least 4 GB.
2.Plug the drive into your PC.
3.After that open a command prompt as administrator. (Right click, Open as Admin, or Ctrl+Shift+Click)
4.Get the drive number by typing:
Diskpart => List disk => In my PC USB disk was number 1.
5.After doing just Format the drive by typing:
Select disk 1 => clean => Create partition primary => Select partition 1 => Active => Format fs NTFS => assign => Exit
6.After that mount the Windows 7 beta iso or insert the disk.
7.Then you can copy everything from the Windows 7 installation DVD/iso onto the USB key (a simple drag and drop will do).
8.Now you can insert the thumb drive into the system you want to install Windows 7 onto and boot the system. The installation will now proceed as usual—but faster.
Now wasn’t that easy.

There are tons of awesome live, bootable Linux systems, but what if you need to run OS X? Reader Will shows us how to put a portable version of OS X on a thumb drive and boot it on (most) Intel computers.

People put linux on their flash drives all the time. They also get hackintosh on their hard drives quite often. However, it’d be nice to be able to get the same live experience we get with Linux using OS X. With a distribution of OS X 10.6.2 called iPortable Snow, we can.

You’ll need an actual Mac to create the thumb drive (some Hackintoshes may work; mine didn’t). Search your favorite torrent site for iPortable Snow and download it. While it’s downloading, format your external hard drive or thumb drive (You’ll need at least an 8 GB thumb drive for this). Open up Disk Utility and select the drive you want to put OS X on. Go to the Partition tab and create one partition, formatted as Mac OS Extended (Journaled). Hit Options and make sure you’re using the Master Boot Record option. Then hit Apply to format the drive.

To read more about this fascinating subject have a look at Lifthacker.com

Blockbuster might want to put some extra polish on that new advertising campaign. There’s apparently a new service around the corner called “Flix On Stix” that uses a kiosk model similar to Redbox, only instead of getting a DVD, you simply plug in a USB thumb drive and download the movie rental in seconds. Maybe Redbox should start planning a new advertising campaign too? Or is this new technology destined to go obsolete almost as soon as it begins? Let’s weigh the pros and cons.

 

Pros
·Selection – A kiosk should have room for enough hard drives to store thousands of movies, so hopefully you won’t be limited to new releases of the last few months. If anything can give these kiosks an edge, it will be finding user-friendly ways to exploit this advantage.

·No DVD Rental Headaches – Since the movie deletes itself after the rental period, you don’t have to rush back to return anything. No late fees either. Also, since we’re dealing with data, you won’t end up with a scratched disk and nothing will be checked out. Take that Redbox!

Cons
·Actually Watching What You Rent – According to my research on different online electronics sites, most new Blu-ray players have USB inputs. A little more than half of televisions do, and it’s still a rarity with DVD players. Most likely, these numbers will increase rapidly. Cool! But, what if you didn’t buy a new TV or Blu-ray player in the last few years? Unless you have a cord or some wireless way to beam your computer’s desktop to your television, you’re stuck watching movies on your computer. Fine for some, but not ideal for watching movies with others. Or you can buy a Flix On Stix box, the price of which has not yet been announced.

·The Internet – And here’s the killer. Redbox still makes sense for people who don’t want to mess with newfangled equipment like Rokus and Apple TV and the like. But are those same technology-phobic people going to want to deal with USB drives? Also, not only are most Blu Ray players equipped with USB imports, but almost all models are Wifi ready. That means people can access online streaming and downloading with their home theater, which seems even easier than going to a kiosk.

The Verdict:
It’s a good idea, but if technology keeps developing at it’s current pace, the entire target market for this type of rental will have their internet connected to their home theater soon. With so many streaming, downloading and on-demand options available this way, it seems like Flix On Sticks may be obsolete within a year or so under its current model. Come to think of it, Redbox might want to watch their back too.

But let’s hear your thoughts. Are USB rentals a Godsend or a gimmick that will fade fast?

Whether you’re trying to increase your security at an internet café, tunnel your way to your home computer from your cubicle, or leave no trace on your friend’s borrowed computer, a flash drive turned portable privacy toolkit is invaluable.

Flash drives are enormously handy for carting around files, taking portable applications with you, and serving as a mobile computing base when you’re away from home. They’re also excellent tools for increasing your privacy when you’re away from your home computer. Below I’ll point you toward methods of setting up secure connections with SSH and round up a few of your best options for SSH-friendly applications; then we’ll look into encrypting data, permanently erasing data, and otherwise covering your tracks on any machine you’re using.

Before we begin, a big fat disclaimer is in order. Working from a flash drive privacy toolkit, in most situations, is rife with compromises. There is no way to, for example, set up a totally bulletproof system for browsing privately and anonymously from work. You can dodge IT, you can encrypt and tunnel, you can worm your way around security measures, and you might even be able to do it without getting caught. Doing so is grounds for termination at many company, however, and the IT admins frown heavily on users who punch holes in the firewall. If you absolutely must alleviate the boredom of your workday by streaming music from your home PC or browsing “off record” from your office, your best bet is to bring a netbook and tether it to your cellphone so all your activity occurs completely off the company networks and remains undetectable by your corporate overlords.

All of that said, the following tricks and applications push the limits of what the humble flash drive and non-administrative rights can do. We know you’ll find more than a few tricks that will make life from your flash drive toolkit more secure and your computer activities more private.

Read More

USB Hacking

Posted: 09/08/2010 in Cyber Crime, Hacking, USB
Tags: , ,


Originally posted on www.watchyourend.com

“Hey can I charge my iPod on your laptop for a few minutes? Hey thanks man, have a free USB stick, a friend gave it to me and I already have a ton of these things, oh check out the photo he put on there it’s hillarious!”

iPod Sneakiness

Bruce Schneier discusses an article recently published in the Spring issue of 2600 titled “iPod Sneakiness” where the author mixes a combination of social engineering with an iPod running a *podslurping application. Imagine if you (or your employees) were at a Starbuck’s with your laptop and someone came up to you and innocently asked if they could plug their iPod into your computer to power it up. If that iPod has a podslurping application installed on that iPod they would be sucking more than power from your laptop, they would also be sucking down files and passwords from your system.

I used to work for a large public technology company that actually has a Starbucks on campus. Since the Starbucks is not company owned, anyone can sit in the coffee shop without security badges. The amount of potential information that could be compromised from an attack such as this is beyond comprehension, as engineers, IT staff and top level executives all visit this “hub” with their laptops.

Making a Trojan Clickalicious

In an further discussion of the Dark Reading article discussing a recent penetration test on a credit union, using USB sticks and a Trojan; it appears that Autorun was not used to run the application. Instead the application was masked as a JPEG image using Windows ability to mask extensions, and embed an icon into the executable, so the credit union employees thought they were opening an image, not executing an application.

*Podslurping is a term to describe where a portable storage device such as an iPod is used to illicitly download large quantities of data by directly plugging it in to a computer, where the data is held, or which is on the inside of a firewall where the data is held. As these storage devices get smaller and their storage capacity gets larger it is becoming an increasing security risk to companies and government agencies. Access is gained while the computer is unattended.

For more cool articles try www.watchyourend.com

Within the past 14 years, the Universal Serial Bus (USB) has become the standard interface to connect devices to a computer. Whether it’s an external hard drive, a camera, the mouse, a printer, or a scanner, the physical connection to transfer data between devices generally is a USB cable. The interface is indeed universal.

USB technology has been under development since 1993. The first official definition, USB 1.0, was introduced in 1996. It provides a Low-Speed transfer rate of 1.5 Mbits/s for sub-channel keyboards and mice, and a Full-Speed channel at 12 Mbits/s. USB 2.0, which came in 2001, made a leap to Hi-Speed transfer rates of up to 480 Mbits/s. In 2010, USB 3.0 has finally hit the market.

So what can you expect from USB 3.0 and how will it affect you?

USB 3.0 Specifications

A number of changes have been implemented in USB 3.0 to satisfy the increased demands of external devices. Here is a quick USB technology overview:

  • Transfer Rate
    This new SuperSpeed interface provides realistic transfer rates of around 3,200 Mbits/s or 3.2 Gbits/s. The theoretical top signaling rate is at 4.8 Gbits/s.
  • Data Transfer
    USB 3.0 introduces full duplex data transfer. Two of five lanes are reserved for transmitting data, while another pair is dedicated to receiving data, meaning that USB 3.0 can read and write data simultaneously at full speed. Previous USB specifications did not support bi-directional data transfer.
  • Power
    The unit load has been increased to 150 mA and a configured device can draw up to six unit loads, which adds up to 900 mA. This exceeds USB 2.0 by 80% and leads to faster recharging or powering of more than four devices from a single hub. In addition, the minimum device operating voltage was dropped from 4.4 V to 4 V, which saves energy.
  • Power Management
    USB 3.0 suspends device polling, which is replaced by interrupt-driven protocol. As a result, idle devices won’t experience a power drain since a signal from the device is required to initiate data transfer. With USB 2.0 the host controller used to look for active transfers, slowly draining power. Briefly, USB 3.0 supports idle, sleep, and suspend states, as well as link-, device-, and function-level power management (Wikipedia).
  • Physical Appearance
    The above described specifications are also represented in the physical appearance of USB 3.0. While the cable was previously described to be thicker because it contains four more wires than USB 2.0, this appears not to be the case now. The plug, however, is a dead giveaway for USB 3.0. It contains an additional set of connectors, as illustrated in the image below.

The Good News

New technology is very exciting. But what does it mean? Will you still be able to use your old USB hardware? How will the new USB technology affect your everyday life? What are the benefits?

  • Compatibility
    USB 3.0 is backwards compatible with USB 2.0. So whether you get a new USB 3.0 device or a new computer that supports USB 3.0, your old device will be able to communicate with the new interface. Naturally, it will do so at the old USB 2.0 speed. However, you won’t be able to use a USB 3.0 cable to connect a USB 2.0 device.
  • Transfer Rate
    Now I bet all this Megabit and Gigabit per second numbers sound impressive, but what does it actually translate to? Well, let me give you an example. With USB 3.0 you could transfer a 10 GB file from your computer to an external drive in approximately 25 seconds. With USB 2.0 this would take more than five minutes.
  • Benefits
    The devices that will benefit most from USB 3.0 are those that already outspeed USB 2.0, including HD webcams, Blu-Ray drives, or some external hard drives.
  • Support by Operating Systems
    Windows Vista, Windows 7, and Linux already support USB 3.0. Mac is expected follow. Given its age, Windows XP will probably not receive an update to support the new interface.

The Bad News

I was tempted to report that there is no bad news, but that’s not true. Let’s say bad news is minimal.

  • Cable
    The maximum cable length USB 3.0 supports is reduced to approximately three meters, opposed to five meters with USB 2.0. However, using hubs, the maximum length can be extended to 18 meters.
  • Speed Limit
    Naturally, not all devices will be able to make use of the increased speed in USB 3.0. Magnetic hard drives for example, are limited by their RPM and the corresponding read/write speed. Hence, USB 3.0 will not unfold its full beauty until computers are equipped per default with faster hardware, such as solid state drives. But we all know how speedy progress is in the IT world. Give it a year or two and you will be able to fully benefit from USB 3.0.

Feel like you need more information? Computerworld has an excellent USB 3.0 review (USB 3.0: The new speed limit), including tests of currently available USB 3.0 hardware. Are you craving for even more in depth information? Check out this article at Tech Republic: 10 things you should know about USB 2.0 and 3.0. And have a look at Everything USB’s Super Speed USB 3.0 FAQ.

Now aren’t you looking forward to switching to USB 3.0? And if you have already been using a USB 3.0 device, please let the rest of us know how it feels!