Results 1 to 3 of 3

Thread: HID attack suggestion

  1. #1
    Join Date
    2014-Oct
    Posts
    29

    HID attack suggestion

    Hi guys it seems you are all working on the keyboard type support for HID attack.

    In related to the playloads, is that possible to allow us programming the payloads by ourselves? And we can select different payloads from web panel to launch on the target.
    Further more, by trade nexus device as an USB storage, the payloads can execute certain program stored in nexus and launch on target machine (like mimikatz) and the result of execution can be saved in nexus.

  2. #2
    Join Date
    2014-Sep
    Posts
    4
    Hi Zerone.v01d,

    If you are talking about Windows cmd "scripts", a feature that would allow saving scripts and browsing/selecting existing scripts could be added quite easily.
    If you are talking of more payloads from metasploit, this would not be straight forward, but still feasible.

    Launching a binary from USB storage would need to blindly guess the right drive letter... I see an easy but "stupid" method to do this :
    1) create on the nethunter device a mimikatz.bat file that launch mimikatz with the output redirection to a file (this file should be on the nethunter device)
    2) create a Nethunter CMD payload that tries every possible value of the nethunter drive letter, moves to this drive letter and blindly launches mimikatz.bat

    EDIT: It seems to be more difficult that I thought. MTP devices don't have a valid drive letter (like "e:")... I haven't found an easy way to access MTP device content from a cmd.exe but I'm still searching.... If anybody knows how to do that (access a file or launch an exe/batch stored on a MTP device), please let me know.


    However, a power shell payload could do this in a more intelligent way I guess :/
    Last edited by uzy; 2014-10-29 at 17:57.

  3. #3
    Join Date
    2014-Sep
    Posts
    4
    I managed to get some quiet (no windows or box) file transfert between my nexus 5 and windows 8.1 through the MTP protocol.

    The following links were very usefull :
    Upload to a device via MTP
    Download from a device via MTP

    My project creates an exe + 2 dll files.
    I don't know how to create a single binary "exe" file, so I had to use iexpress to create an autoextractible archive of an exe + 2 dll files that automatically extract and launch files.
    I guess there is a wiser solution to do that... but that's just a PoC for the moment, and I'm a beginner in Visual studio / C#... any help is welcome !

    So basicly this schema for launching binary from nexus MTP storage seems possible :
    copy an exe on the victim computer from the nexus device via MTP, run it with output redirected to a local file and send back the output file to the nexus device via MTP.

    The initial "iexpress'ed" exe could be pushed to the victim through HID like it seems to be done for meterpreter payload... that's next step for my PoC

Similar Threads

  1. Laptop suggestion for kali?
    By tnraines in forum General Archive
    Replies: 6
    Last Post: 2015-01-22, 19:32
  2. Service Control suggestion
    By unknownpwn in forum NetHunter Suggestions
    Replies: 0
    Last Post: 2014-11-20, 23:12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •