Jump to content

sn0wfa11

Members
  • Posts

    5
  • Joined

  • Last visited

Recent Profile Visitors

565 profile views

sn0wfa11's Achievements

Newbie

Newbie (1/14)

  1. Having the same issue here. Have not gotten this module to work yet.
  2. Yes, you can run your own python scripts from SSH or from a Meterpreter shell if you set up one of those modules. You can also develop modules for the Turtle that echo out a python script and run it, several of the current modules do just that. However, running a keylogger on the Turtle is not going to do you much good since it would be capturing keystrokes on the Turtle and not the computer it is plugged into. The Turtle gets you onto a target's network, then you can use the Turtle as a pivot point to attack other computers. Or you can do MITM attacks against the computer it is plugged into. You would need a shell on the computer it is plugged into before you can capture keystrokes. - sn0wfa11, OSCP
  3. With the HID drivers in the Bash Bunny, is there any way to read the status of the caps lock, num lock, and scroll lock keys? I ask because with a Teensy 3.2, the status of these keys can be read and it has some nice benefits for the type of HID attacks that can also be done with the Bunny. As in, I've programmed a Teensy to wait until the drivers are loaded before starting an HID attack. It does this by pressing num lock until it registers a status change. Another nice feature is that I have a way to send the Teensy feedback from Metasploit when a shell has been successfully created for the computer that is being attacked so that the Teensy will flash its LED. This would be a nice addition to the Bash Bunny. If anyone knows if these key statuses are accessible, let me know. I'm happy to try to get it working. I'll do some digging around myself as well. Link to my Teensy code is below. https://github.com/sn0wfa11/HID-Attacks - sn0wfa11, OSCP
  4. See my recent post: https://forums.hak5.org/index.php?/topic/35992-meterpreter-reverse-tcp-ducky-injection-using-powershell-and-veil/
  5. Below are instructions for using Veil-Evasion to produce a Windows Powershell payload for a Meterpeter reverse TCP connection and injecting it using a USB Rubber Ducky. This is my first tutorial post, so if my formatting is a bit off... too bad ;) This method has a few benefits over the method provided using the "Simple-Ducky" program. It is injected completely through text input typed in by the Ducky into the Windows Command Shell It does not require the target computer to download a compiled file from a web server to set up the connection. You do not have to host a web server for the payload. (Less open ports on your machine, always a good thing.) Virus scanners are (hopefully) not going to pick this up because it is being entered directly into the Command Shell by Ducky. The flip side is that this is a larger payload for Ducky to type out so you will have to plan accordingly. Initial Setup (If you are running Kali, BlackBox, Backtrack, etc. you are probably almost set up already.) Install and setup Metasploit if you have not already. Install and setup Veil-Evasion (Homepage is here). Veil-Evasion is now available in the Kali repository. Use: apt-get install veil-evasion -y Note on initial install: You need to run veil-evasion after it is loaded by apt-get to set everything up. It says you don't have to run it as root, but you need to run it as root! Setup can take a bit. Set up Ducky Encoder or whatever you choose to use to make your inject.bin. Payload Generation Start veil-evasion. Type "list" to see the list of available payloads. Enter the number for the "powershell/meterpreter/rev_tcp" payload. (Was 22 for me.) Set you LHOST and LPORT the same as you would do setting up a payload in Metasploit. Type "generate". Enter the name you want for the payload. Veil will generate the payload in a .bat file in the "Veil-Output" directory under "source". (Most likely in the /usr/share/ directory.) Veil will also generate a Metasploit resource file for setting up a listener that you can use if you want. However, if you are behind a NAT router you will need to plan accordingly. Find and open the .bat file in the text editor of your choice and copy off the first section of the file as follows: powershell.exe -Nop.....ReadToEnd();" (The first .ReadToEnd() and don't miss the quotation mark at the end, you will need that.) If your target is a 64 bit machine you will need to add "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\" prior to the powershell.exe in order for your payload to work. Set up your Ducky script as you like to account for driver install, etc. Have it open a standard command shell and copy and paste the text you cut out above into the Ducky script as a STRING: Create you inject.bin file and put it on your Ducky.Operation Start a windows/meterpreter/reverse_tcp listener in Metasploit on your machine. (32 bit, not the x64 payload) Plug the Ducky into your target machine and away you go. The Command Shell window will automatically close once the Powershell script begins to execute. You may need to migrate to another x86 process to get full Meterpreter functions. A few notes If you try to run this sever times in quick succession on a target machine the subsequent tries may not go through as Powershell likes to hang on for a bit. Killing the initial process after migrating might fix this. I've tested this on the following:Windows 7 Pro x64 (physical machine with a physical network, through a restrictive firewall... Reverse connections rock!) Windows 8.1 Pro x64 - Virtual Windows 10 Pro x64 Technical Preview - Virtual Windows Server 2008 R2 - Virtual Windows Server 2012 R2 - Virtual Enjoy.
×
×
  • Create New...