Hi, Plenty of networks use PXE to boot machines and many server vendors put PXE boot priority ahead of other boot media by default on their servers. This attack could certainly work and many networks won't have a DHCP server eliminating the need to DoS the legitimate one.
Jim On 16 January 2012 09:38, Robin Wood <[email protected]> wrote: > I was wondering if this was a new attack vector or if anyone was doing > it already... > > If you find a network which has PXE boot enabled on machines but not > currently in use you kill off the existing DHCP server in some way > (DHCP exhaustion attack probably) and replace it with your own. Your > server then gives them PXE boot information which has them download a > Konboot style payload which silently backdoors the OS as it is booting > but lets it appear as if it boots normally to the users. > > You then know from your DHCP logs all the potentially backdoored > machines or you can have them call back and tell you that it was > successful. > > Has anyone done this? Do organisations use PXE boot on network machines? > > Robin > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
