Алексей Мисник - USB устройства для пентеста
-
Upload
hackit-ukraine -
Category
Engineering
-
view
677 -
download
3
Transcript of Алексей Мисник - USB устройства для пентеста
![Page 1: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/1.jpg)
USB HID FOR PENTEST
![Page 2: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/2.jpg)
root # uname -a I’m a security engineer. I like linux and am a big fan of Mr Robot series. I like working on my hobby so I work in security.
![Page 3: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/3.jpg)
AGENDA- Effective attacks with USB - Social experiment at the University of Illinois Urbana-Champaign - Info adbout USB devices - Making USB drop attack effective: PART 1. BadUsb PART 2. USB Ducky PART 3. USB Ethernet PART 4 . Kali Linux NetHunter PART 5. USB Kill 2.0 PART 6. USB keylogger- Practice USB HID attack on Windows 8
![Page 4: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/4.jpg)
PART 1
![Page 5: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/5.jpg)
![Page 6: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/6.jpg)
![Page 7: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/7.jpg)
![Page 8: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/8.jpg)
SOCIAL EXPERIMENT AT THE UNIVERSITY OF ILLINOIS URBANA-
CHAMPAIGN
![Page 9: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/9.jpg)
USB KEYS CONTENT
![Page 10: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/10.jpg)
USB KEYS APPEARANCE
![Page 11: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/11.jpg)
DROP LOCATION TYPE
![Page 12: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/12.jpg)
DROP ACTION
![Page 13: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/13.jpg)
Total Fraction
Dropped 297
Key picked up 290 98%
Key who get home 135 45%
Key returned 54 19%
People answering
survey
62 21%
![Page 14: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/14.jpg)
ANSWERS
- 16% scanned the drive with their anti-virus software - 8% believed that their operating system or security software would protect them, e.g., “I trust my macbook to be a good defence against viruses”
![Page 15: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/15.jpg)
DEMO
USB drop attack demo - Blackhat USA 2016.mp4
![Page 16: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/16.jpg)
INFO ABOUT USB DEVICES
![Page 17: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/17.jpg)
BACKGROUNDUSB is a very versatile interface. Just think how many devices we connect to it Mice, keyboards, printers, scanners, gamepads, modems, access points, webcams, phones, etc. We do not hesitate to insert the connector into the appropriate socket, OS automatically detects the type of device and loads the appropriate drivers.
![Page 18: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/18.jpg)
FLASH DEVICES
In fact, the operating system does not know anything about the connected device. It has to wait until the device itself tells the class to which it belongs. If we take the simplest example, when we stick a flash drive to the USB-connector, the flash drive tells the operating system if it is only storage or other device.
![Page 19: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/19.jpg)
ALGORITHM INITIALIZE USB DEVICES
Purpose USB-devices is determined by the class codes that communicate USB-host to download the necessary drivers. Class codes allow to unify the work with the same type of devices from different manufacturers. Usual bootable flash drive will have a class code 08h (Mass Storage Device - MSD), while a webcam equipped with a microphone, will be characterized by two already: 01h (Audio) and 0Eh (Video Device Class).
![Page 20: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/20.jpg)
CONNECTING THE USB-DEVICE,When connecting the USB-device, it is registered, receives the address and sends a handle / handles to operating system drivers can be loaded and sent back to the desired configuration. After this, the direct interaction with the device. Upon completion of the work going on deregistration device.
![Page 21: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/21.jpg)
USB ATTACK
PART 1. USB keylogger PART 2. USB Kill 2.0
PART 3. Kali Linux NetHunter PART 4. USB Ethernet
PART 5. Bad UsbPART 6. USB Ducky
![Page 22: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/22.jpg)
USB KEYLOGGER
![Page 23: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/23.jpg)
PARAMETERS
- 4MB flash memory stores 2000 pages of text - Work great with all wired USB keyboards and work with all versions of Windows and Linux - No software or drivers needed - National keyboard layout support - Capable of recording ALL keys
![Page 24: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/24.jpg)
PRICE: $64.99KeyLlama records everything typed on a USB keyboard. Absolutely no software is required and KeyLlama is completely invisible to any software. The KeyLlama USB is the stealthiest hardware keylogger in existence - it is impossible to detect!
![Page 25: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/25.jpg)
USB KILL 2.0
![Page 26: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/26.jpg)
As the company explains, when plugged in, the USB Kill 2.0 stick rapidly charges its capacitors via the USB power supply, and then discharges – all in a matter of seconds. The USB stick discharges 200 volts DC power over the data lines of the host machine and this charge-and-discharge cycle is repeated several numbers of times in just one second, until the USB Kill stick is removed.
![Page 27: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/27.jpg)
WHEN AND FOR WHOM USB KILL WOULD BE USEFUL?
USB Kill stick could be a boon for - whistleblowers, - journalists, - activists - cyber criminals (who want to keep their sensitive data - away from law enforcement as well as cyber thieves) The company claims about 95% of all devices available on the market today are vulnerable to power surge attacks introduced via the USB port. However, the only devices not vulnerable to USB kill attacks are recent models of Apple's MacBook, which optically isolate the data lines on USB ports.
![Page 28: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/28.jpg)
PRICE: 49.95 TUGRIKOV☺
![Page 29: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/29.jpg)
KALI LINUX NETHUNTER +
USB ETHERNET
![Page 30: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/30.jpg)
HID KEYBOARD AND ‘BADUSB’ ATTACKS
Our NetHunter images support programmable HID keyboard attacks, (a-la-teensy), as well as “BadUSB” network attacks, allowing an attacker to easily MITM an unsuspecting target by simply connecting their device to a computer USB port. In addition to these built in features, we’ve got a whole set of native Kali Linux tools available for use, many of which are configurable through a simple web interface.
![Page 31: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/31.jpg)
NEXUS 4 & 5 ANDROID PHONE
Nexus 4/5
![Page 32: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/32.jpg)
MITM
![Page 33: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/33.jpg)
A USB DEVICE IS ALL IT TAKES TO STEAL
CREDENTIALS FROM LOCKED PC
USB Ethernet + DHCP + Responder == Creds
Device:
- USB Ethernet - patch cord - laptop Tools:
- Responder - Server dhcp
![Page 34: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/34.jpg)
ATTACK&DEFENCE
![Page 35: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/35.jpg)
TESTED OS
• Windows 98 SE • Windows 2000 SP4 • Windows XP SP3 • Windows 7 SP1 • Windows 10 (Enterprise and Home)
![Page 36: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/36.jpg)
RESPONDER
![Page 37: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/37.jpg)
DATABASE
![Page 38: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/38.jpg)
ATTACK
Lock PC.mp4
![Page 39: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/39.jpg)
PART 2
![Page 40: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/40.jpg)
BAD USB
![Page 41: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/41.jpg)
![Page 42: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/42.jpg)
PHISON 2251-03 (2303) CUSTOM FIRMWARE & EXISTING FIRMWARE
PATCHES
![Page 43: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/43.jpg)
SUPPORTED DEVICES • Patriot 8GB Supersonic • Patriot 8GB Supersonic Xpress • Kingston DataTraveler 3.0 T111 8GB • Silicon power marvel M60 64GB • Patriot Stellar 64 Gb Phison • Toshiba TransMemory-MX USB 3.0 16GB • Toshiba TransMemory-MX USB 3.0 8GB • Kingston DataTraveler G4 64 GB • Patriot PSF16GXPUSB Supersonic Xpress 16GB • Silicon Power 32GB Blaze 30
![Page 44: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/44.jpg)
SOFT • DriveCom -- PC C# application to communicate with Phison drives. • EmbedPayload -- PC C# application to embed Rubber Ducky inject.bin key scripts into custom firmware for execution on the drive. • Injector -- PC C# application to extract addresses/equates from firmware as well as embed patching code into the firmware. • firmware -- this is 8051 custom firmware written in C. • patch -- this is a collection of 8051 patch code written in C. Releases have the following items: • patch -- this is a collection of 8051 patch code written in C. • tools -- these are the compiled binaries of all the tools. • CFW.bin -- this is custom firmware set up to send an embedded HID
payload.
![Page 45: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/45.jpg)
ALL COMANDSC:\fw\Psychson-master\tools\DriveCom.exe /drive=F /action=SetBootMode
C:\fw\Psychson-master\tools\DriveCom.exe /drive=F /action=SendExecutable /burner=C:\fw\fw_bn\BN03V114M.BIN
C:\fw\Psychson-master\tools\DriveCom.exe /drive=F /action=DumpFirmware /firmware=C:\fw\currentfw.bin
java -jar C:\fw\ducky\duckencode.jar -i C:\fw\ducky\hello_world.txt -o C:\fw\ducky\inject.bin
C:\fw\Psychson-master\tools\EmbedPayload.exe C:\fw\ducky\inject.bin C:\fw\Psychson-master\firmware\bin\fw.bin
C:\fw\Psychson-master\tools\DriveCom.exe /drive=F /action=SendFirmware /burner=C:\fw\fw_bn\BN03V114M.BIN /firmware=C:\fw\Psychson-master\firmware\bin\fw.bin
![Page 46: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/46.jpg)
OBTAINING A BURNER IMAGEA burner image is required for dumping or flashing firmware. These burner images are typically named using the following convention: BNxxVyyyz.BIN where xx is the controller version (such as 03 for PS2251-03 (2303)), yyy is the version number (irrelevant), and z indicates the page size. z can be either: • 2KM -- indicates this is for 2K NAND chips. • 4KM -- indicates this is for 4K NAND chips. • M -- indicates this is for 8K NAND chips. All versions of the Patriot 8GB Supersonic Xpress drive (in fact, all USB 3.0 drives) seen so far require an 8K burner. An example of a burner image would be BN03V104M.BIN.
![Page 47: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/47.jpg)
BUILD ENVIRONMENTTo patch or modify existing firmware, you must first set up a build environment. See Setting Up the Environment on the wiki for more information.At a minimum, SDCC needs to be installed to C:\Program Files\SDCC.To run the tools, you need to be on Windows with .NET 4.0 installed.
To set up a build environment, you need to: • Install Visual Studio 201
2 Express (for building the tools). • Install SDCC (Small Device C Compiler) suite to C:\Program Files\SDCC
Run DriveCom as below to obtain information about your drive:
DriveCom.exe /drive=E /action=GetInfo
![Page 48: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/48.jpg)
DUMPING FIRMWARERun DriveCom, passing in the drive letter representing the drive you want to flash, the path of the burner image you obtained, and the destination path for the firmware image:
C:\fw\Psychson-master\tools\DriveCom.exe /drive=F /action=DumpFirmware /firmware=C:\fw\currentfw.bin
where E is the drive letter, BN03V104M.BIN is the path to the burner image, and fw.bin is the resulting firmware dump. Currently, only 200KB firmware images can be dumped (which is what the Patriot 8GB Supersonic Xpress drive uses).
![Page 49: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/49.jpg)
FLASHING CUSTOM FIRMWARE
Run DriveCom, passing in the drive letter representing the drive you want to flash, the path of the burner image you obtained, and the path of the firmware image you want to flash:
C:\fw\Psychson-master\tools\DriveCom.exe /drive=F /action=SendExecutable /burner=C:\fw\fw_bn\BN03V114M.BIN
where E is the drive letter, BN03V104M.BIN is the path to the burner image, and fw.bin is the path to the firmware image.
![Page 50: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/50.jpg)
CREATE PAYLOAD
Create a key script in Rubber Ducky format, then use Duckencoder to create an inject.bin version of it:
java -jar duckencoder.java -i keys.txt -o inject.bin
where keys.txt is the path to your key script. You may notice the delays are not quite the same between the Rubber Ducky and the drive -- you may need to adjust your scripts to compensate.
![Page 51: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/51.jpg)
INSERT HID PAYLOAD IN FIRMWARE &DOWNLOAD THE FIRMWARE EMBEDDED
HID PAYLOAD
C:\fw\Psychson-master\tools\EmbedPayload.exe C:\fw\ducky\inject.bin C:\fw\Psychson-master\firmware\bin\fw.bin
C:\fw\Psychson-master\tools\DriveCom.exe /drive=F /action=SendFirmware /burner=C:\fw\fw_bn\BN03V114M.BIN /firmware=C:\fw\Psychson-master\firmware\bin\fw.bin
![Page 52: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/52.jpg)
RESULT
![Page 53: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/53.jpg)
VIRTUAL KEYBOARD
![Page 54: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/54.jpg)
WORK
![Page 55: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/55.jpg)
RECOVERY
![Page 56: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/56.jpg)
PROOF
BaDusb.webm
![Page 57: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/57.jpg)
USB DUCKY
![Page 58: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/58.jpg)
RUBBER DUCKY, WHEN THE USB IS A USB KEYBOARDThe principle of action of the USB Rubber Ducky key marketed by Hak5, is simple to understand. The USB stick poses as a key to the system and will, at launch, perform actions on the system , with the image of a autorun.exe, except that it will be entering keyboard keys.
![Page 59: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/59.jpg)
RUBBER DUCKY
![Page 60: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/60.jpg)
Ideas: Use bash to create a reverse shell use nohup to spawn the reverse shell as a background process
LINUX PAYLOAD
![Page 61: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/61.jpg)
PAYLOAD
Windows 10
MacOS
![Page 62: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/62.jpg)
AS CREATE PAYLOAD OR ARE YOU SURE THAT YOU CREATE IT?
ducktoolkit-411.rhcloud.com
ducktoolkit.com
![Page 63: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/63.jpg)
YOU CAN
RECON SCRIPT EXPLOIT SCRIPT REPORT SCRIPT
Computer Information USB Information User Information
Shared Drive Information Installed Program
Information Installed Updates User Documents
Network Information Network Scan
Port Scan Wireless Profile Screen Capture Firefox Profile Extract SAM
Disable Firewall Find and FTP a File
Add Administrative User Open Port
Start WIFI Access Point Share C Drive Enable RDP
Reverse Shell Download .exe and Execute
DNS Cache Poison Sticky Keys Swap
Remove Windows Update
Save To USB Upload Report via FTP
Email Report via GMAIL Save To Computer
![Page 64: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/64.jpg)
ENCODE
![Page 65: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/65.jpg)
CREATE PAYLOADhttps://code.google.com/p/simple-ducky-payload-generator/downloads/detail? name=installer_v1.1.1_debian.sh&can=2&q root@kali:~# chmod +x installer_v1.1.1_debian.sh root@kali:~# ./installer_v1.1.1_debian.sh root@kali:~# rm installer_v1.1.1_debian.sh To run the program; root@kali:~# simple-ducky
![Page 66: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/66.jpg)
AUTOMATION
Install ip, port and delay time
![Page 67: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/67.jpg)
REVERSE SHELL
![Page 68: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/68.jpg)
PRACTICAL• Open BEEF in browser • Create Reverse Shell (Avast )
![Page 69: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/69.jpg)
OPEN BEEF IN BROWSER
Beef.mov
![Page 70: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/70.jpg)
CREATE REVERSE SHELL (AVAST )
DNS tunneling.mov
![Page 71: Алексей Мисник - USB устройства для пентеста](https://reader035.fdocuments.net/reader035/viewer/2022062302/58ea19371a28ab064e8b6187/html5/thumbnails/71.jpg)
INFO- https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-jhind-
dns_tunnels_with_ai.pdf - https://github.com/LightWind/malusb/tree/master/payload - http://www.slideshare.net/elie-bursztein/does-dropping-usb-drives-really-work-blackhat-
usa-2016 - https://ducktoolkit.com/encoder/ - https://github.com/brandonlw/Psychson - http://habrahabr.net/thread/1011