| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Apr 2011 05:00:20 +0200 From: xpo xpo <smashxpo@...il.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, pen-test@...urityfocus.com Subject: USBsploit 0.6b - added: Autosploit CLI and customized infections of the original EXE and PDF USB files USBsploit v0.6 changelogs: - Add an option to the replacement module, allowing to try to upload first a custom infected version for each original PDF & EXE files available on the USB target. If not succeeding, generic malicious ones will be used. - Add autosploit CLI to automate the creation of the malicious files & launching multi-handler listeners. Almost all USBsploit options can be now specified via specific switches on the command line and used via scripts. - Internal Metasploit core updated with the one of the last SVN version (metasploit v3.7.0-dev svn r12145 2011.03.26). - Add documentation in the ./readme/doc file (need to svn update after v0.6b installation) - Some bugfixes. The USBsploit v0.6b home page : https://secuobs.com/news/04042011-usbsploit_v0.6b_meterpreter_msf_5.shtml The .run archive: https://www.secuobs.com/usbsploit/usbsploit-0.6-BETA-linux-i686.run sha1sum usbsploit-0.6-BETA-linux-i686.run 2a409aeb409ac9dc4fb194fbe575b1a55d1fcb0c usbsploit-0.6-BETA-linux-i686.run The .tar.gz archive: https://www.secuobs.com/usbsploit/usbsploit-0.6-BETA-linux-i686.tar.gz sha1sum usbsploit-0.6-BETA-linux-i686.tar.gz c69ce7d9999e8e1fe1b1fd32ad5e8a006086c1c5 usbsploit-0.6-BETA-linux-i686.tar.gz SVN repo: https://svn.secuobs.com/svn 80:44:9d:01:ac:6e:69:65:2a:7f:2a:ec:46:c0:a6:6e:d4:16:5a:8e Some new videos: - Video - USBsploit 0.6 BETA: Replace and infect all EXE and PDF with payload embedded into the orignal files http://www.secuobs.com/news/04042011-usbsploit_v0.6b_meterpreter_msf_1.shtml - Video - USBsploit 0.6 BETA: using autosploit CLI to automate the infection of all original EXE & PDF files http://www.secuobs.com/news/04042011-usbsploit_v0.6b_meterpreter_msf_2.shtml - Video - usbsploit.rb 0.6b with MSF: custom infection to replace all the original EXE and PDF files http://www.secuobs.com/news/04042011-usbsploit_v0.6b_meterpreter_msf_3.shtml - Video - usbsploit.rb 0.6b split into 3 scripts with MSF: custom infection to replace all original EXE and PDF http://www.secuobs.com/news/04042011-usbsploit_v0.6b_meterpreter_msf_4.shtml More videos on http://youtube.com/secuobs Resume: PoC to generate Reverse TCP backdoors, malicious PDF and LNK files. But also running Auto[run|play] infections (EXE, PDF, LNK) and dumping all USB files remotely on multiple targets at the same time. A set of extensions for the dump attacks can be specified via a specific file. All EXE, PDF and LNK already available on the USB targets can also be replaced by malicious generic ones. Replacing only the EXE files (or PDF or LNK) can be chosen. USBsploit works through Meterpreter sessions (wmic, railgun, process migration) with a minimal modified version of Metasploit. The interface is a mod of SET (The Social Engineering Toolkit). Note that if wmic's not available on a target, railgun'll be used with GetLogicalDrives(), GetDriveTypeN() and GetVolumeInformationW(). A switch can be activated to always use railgun, even if vmic's available on the targets. With the original Metasploit framework, usbsploit.rb can be used with all options. But also the independent autorun_usbsploit.rb, dump_usbsploit.rb and replace_usbsploit.rb meterpreter scripts. dump_usbsploit.rb has an option to protect the dumped files from being overwritten when trying to dump a malicious file with the same name and size (previously uploaded by replace_usbsploit.rb or autorun_usbsploit.rb). Every scripts can be used with the last original Metasploit Framework (all the options work at least with the 3.7.0-dev). The split scripts can always be found in the archives (.run, .tar.gz) or on the SVN ( https://svn.secuobs.com/svn/lib/msf/split_meterpreter_scripts/ ) in the ./lib/msf/split_meterpreter_scripts/ directory XPO _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists