Jump to content

Recommended Posts

Posted

Refer to title. With the current reverse shell, there would be no way to handle pwning several boxes at once as netcat cannot juggle multiple connections. Was trying to think if during a physical pentest, you could use the ducky on every pc in sight to set a meterpreter session back to your computer so you have a shell on all of them at once.

Thoughts?

Posted

Refer to title. With the current reverse shell, there would be no way to handle pwning several boxes at once as netcat cannot juggle multiple connections. Was trying to think if during a physical pentest, you could use the ducky on every pc in sight to set a meterpreter session back to your computer so you have a shell on all of them at once.

Thoughts?

Interesting you bring that up! I just started working on getting something like that working about 3 hours ago with the help of SET. I'll report back when I make progress.

Posted

Great! Keep me up to date! :)

I certainly will! It will actually be similar to his Teensy attack from SET. It'll create an inject.bin file that will type out binary in notepad, use some powershell, and run it. I'm running into a SET issue right now with it being finicky about importing 3rd party modules, but I'll definitely keep this thread posted with info

Posted (edited)

I am trying to make my teensy just FTP and download then exec a meterpreter payload.

Just need to make an "AV" friendly one.

Other than that, my code is done.

Edited by Mr-Protocol
Posted

A quick to deploy and effective payload creates a txt file with FTP commands, then schedules an "FTP -S" task to run said commands at a specific time (like after hours when the user is away from their desk) using the AT command.

The SET binary - hex converter will work on the Ducky as does IllWill's encode.vbs and decode,vbs http://dabermania.blogspot.com/2011/03/converting-any-file-to-ascii-for.html

Posted

SET payload is almost done. It's all in python, and this will be my 2nd python script ever, so it's taking some time as I learn the syntax and stuff. Whitespace dependent is not something that is easy to work with, but I'm getting used to it. The script actually runs and works, creates an inject.bin, though it's dependent on duckencoder/jpduckencoder to actually create the bin file. I'm hoping to port the conversion code to python and have it all self contained, and clean up the script. If it gets fully done I'll post it this weekend!

Posted

or just use the single netcat and escalate that to a meterpreter session and pivot and then get multiple sessions? but sticking in a duck and pwning is so much faster than pivoting lol. but thats another option, biggest step is getting your foot in the door and move around from there.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...