h4x0r666 Posted March 7, 2013 Share Posted March 7, 2013 (edited) Hello everybody! I wonder.. is there any payload that simply executes something that would work on any OS? (executing a file from the SD, so that program could do the rest since i just read somewhere that there is a max of 4 KB for the inject.bin to be.. not very much) I also wonder if it is possible to bruteforce an logon screen from any windows computer, like bruteforcing an android key which i have seen on the hak5 series. Edited March 7, 2013 by h4x0r666 Quote Link to comment Share on other sites More sharing options...
no42 Posted March 7, 2013 Share Posted March 7, 2013 You could brute-force windows, but then your limited to GPO (Group Policy Restrictions) on typical corporate/institute machines. Quote Link to comment Share on other sites More sharing options...
ApacheTech Consultancy Posted March 7, 2013 Share Posted March 7, 2013 If you want to run a cross-platform program, it would be best written as a Java JAR file. Then, all your worried about is do they have Java installed. But, even then, the execution of that file will be different on each OS. cmd vs. term vs. whatever it is for mac (???) etc. At the moment, there's not a firmware which can detect the OS and run a script based on that detection. Until then, you're best off directing each script towards a specific OS. Quote Link to comment Share on other sites More sharing options...
overwraith Posted March 8, 2013 Share Posted March 8, 2013 "I wonder.. is there any payload that simply executes something that would work on any OS?" More likely people will write specific payloads for launching on different OSs and swap out SD cards based on the OS presented. Need to get myself some more 256, 512, or 1 GB Micro SD cards. I liked the java payload idea. Quote Link to comment Share on other sites More sharing options...
ApacheTech Consultancy Posted March 8, 2013 Share Posted March 8, 2013 Java might be the way to go with malicious payloads tbh. They're rarely blacklisted by corporate firewalls; they're not on the standard executable blacklist; they're not included in any real-time scanning of exectutables by AV; they have their own manifests in them to elevate authorisation; they are cross platform; they're archives in their own right so can be used as "trojan" zip files; they're modular and can replicate on command; they download their own dependecies.Theoretically, because a car's onboard computer runs off Java; if you have a new car with a USB port on the dash, you could create a JAR attack to reset your milometer; or as a security device which totally bricks the car overnight, then flashes the ROM when you want to drive away in the morning. Quote Link to comment Share on other sites More sharing options...
overwraith Posted March 8, 2013 Share Posted March 8, 2013 Can also make executable jar files that execute just like exe's when double clicked. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.