overwraith Posted August 16, 2012 Posted August 16, 2012 Hello all, been just watching hak 5 for a while now, finally signed up for an account recently. I was just wondering if anyone had thought of implementing more payloads, possably using Java, or Python as the target for the USB rubber duckey. -Could use the FTP Download / Upload payload to download the interpreter setup.exe -Silent flag for command line would need to be used to install the interpreter, if it exists in the setup, -A java program could be compiled/interpreted/run using the compiler/interpreter, -javaw.exe that is provided in the JDK could be used to run java code withoud a black box showing up. -Apparently use of java GUI stuff would be counter productive, and tip user off that something is up. -Java can be used to implement system stuff like moving/copying files which could be used in an info theft class() Im just getting a little tired of running batch cmds, they just arent very intuitive. There is usually much more control and clarity in a programming language. (Can obfuscate later either in the java/python code using some kind of a syntax scrambler, or at a lower level, like java or python byte code using a downloadable obfuscator. ) ***I do not think I will have time to implement this idea, but wanted to know what the rest of the Hak 5 community thought of it. *** PS.. Havent taken Assembly class yet, so though I understand the concept of buffer overflow, format string exploit, ect I couldnt find exploitable code without the source code. Quote
overwraith Posted August 28, 2012 Author Posted August 28, 2012 In case anyone is still interested I have recently recollected that Java bytecode is portable between computers, and that java class files are frequently smaller than java source files. Provided that there are no nondisplayable characters in java class files, it would be possible to convert the java file to Duck code to type the class file into copy con, thus uploading to the target PC. I have also recollected that almost every computer has the java runtime environment and in that file is java.exe. Because java.exe is in the file, it would be unnecessary to install and compile java code using the Java Developer Kit (JDK) on the target computer when the class file can be simply run using the exe in the jre folder. I wish I had remembed this before I had posted the first time... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.