InsOp Posted March 25, 2017 Share Posted March 25, 2017 When inserting the device with switch1/2 it executes all commands in the payload file as expected, however windows then opens the folder of the newly inserted drive. Is there a way to surpress this without changing the attackmode? Quote Link to comment Share on other sites More sharing options...
InsOp Posted March 25, 2017 Author Share Posted March 25, 2017 Sorry, couldnt find the edit button. The problem is that when the device-window is opened, the focus is on it, too. so that Quack commands will be executed while having the wrong window focused. Quote Link to comment Share on other sites More sharing options...
sWeed Posted March 25, 2017 Share Posted March 25, 2017 ALT - TAB is the Answer Quote Link to comment Share on other sites More sharing options...
InsOp Posted March 25, 2017 Author Share Posted March 25, 2017 thanks for the answer, but you cannot be sure whether the user has turned off autorun, so your solution would lead to maybe undesired actions. Quote Link to comment Share on other sites More sharing options...
sWeed Posted March 25, 2017 Share Posted March 25, 2017 Quite hard to answer your question What about asking the registry... if autorun is enabled/disabled.. REG QUERY .....http://www.samlogic.net/articles/autorun-enable-disable-nodrivetypeautorun.htm Give some more infos about your actions you want to execute... Quote Link to comment Share on other sites More sharing options...
InsOp Posted March 25, 2017 Author Share Posted March 25, 2017 thats a better approach. it really doesnt matter what i want to do - as soon as i insert the device the actions i want to execute could be compromised by the popping autorun window Quote Link to comment Share on other sites More sharing options...
JumboPackets Posted March 25, 2017 Share Posted March 25, 2017 I would think that autorun wouldn't activate until you entered "mass storage" mode. Could you start your payload in HID keyboard mode, send the commands to edit the registry to turn off autorun, and THEN switch to mass storage mode? 1 Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted March 26, 2017 Share Posted March 26, 2017 One solution would be to use HID only in stage 1, then switch from HID to just STORAGE in stage 2. Not knowing what payload you're referring to I'm not sure exactly what the stager would look like - so if you can provide any insight on that it would be helpful. 1 Quote Link to comment Share on other sites More sharing options...
InsOp Posted March 26, 2017 Author Share Posted March 26, 2017 just the WiPassDump from the repo. thanks for the replies Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.