Data_Geek Posted March 4, 2019 Share Posted March 4, 2019 Hello, I have a new BB, and just ran the updater and updated the firmware, and performed that on a MacBookPro. I just got it to today, plugged it straight into the Win7 box, and attempted to copy a file, and it failed (blocked - as it should have been). Because we have DLP endpoint software in place running a policy to block all write transactions to USB. I thought the BB was to look like a HID to the machine but it sees it as USB and a write transaction so it got properly blocked. I want to plug the BB into a Windows 7 Pro laptop USB port, and simply copy a file to the device, and it not look like a USB so it can successfully write and bypass the blocking. So now I need to know what I can do to accomplish this pen test task with the BB. I presume there is an existing script somewhere to mod and run in a certain switch mode, to be able to execute a payload and copy a target file or contents to a target folder to the BB device, AND that write transaction to the BB not get blocked by the blocking software so it must not think it's a USB or even not performing a write transaction perhaps. I'm a complete newbie to all this and would greatly appreciate any and all help. Thanks Link to comment Share on other sites More sharing options...
simonRP Posted March 5, 2019 Share Posted March 5, 2019 19 hours ago, Data_Geek said: So now I need to know what I can do to accomplish this pen test task with the BB. I presume there is an existing script somewhere to mod and run in a certain switch mode, to be able to execute a payload and copy a target file or contents to a target folder to the BB device, AND that write transaction to the BB not get blocked by the blocking software so it must not think it's a USB or even not performing a write transaction perhaps. I find it helpful to remember that the BB is a computer in its own right, and that when it is plugged in to the USB port of a victim machine, you need to be conscious of what each computer is doing and how they are communicating with each other. The BB communicates with the victim machine using the ATTACKMODEs that are established - so the BB can appear as a HID device (one way comms), or as STORAGE (two way) or as an ethernet device (again, can be either way), or some specific combinations of some of those things. If the policies of the victim machine prohibit writing to an external USB device, then you have two basic options - you can either try and change the policies on the victim (e.g. by running a script from the BB), or work around the policy restriction by using another method, e.g. exfiltration by network. I don't have a mac, just windows and linux, so can't help with a script that works on a mac, but the technique I would try is to exfiltrate data by establishing a network connection between the BB and the victim computer. The script in library/exfiltration/smb_exfiltrator is for a windows victim, but it shows how to use impacket on the BB and set up an SMB server to listen for the victim sending it files. You can then use the BB in HID mode as well to get the victim machine to execute a script to send a file to that server. You will need to install impacket on your BB. There is a tools topic on here that has links to install impacket, responder and gohttp. Hope that helps Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.