Results 1 to 8 of 8

Thread: HID attacks using metasploit's psh_web_delivery instead of Powersploit

  1. #1
    Junior Member
    Join Date
    Nov 2014
    Posts
    9

    HID attacks using metasploit's psh_web_delivery instead of Powersploit

    Powersploit is an excellent tool but I have found it to be less then reliable when dealing with 64-bit systems (at least with Net Hunter and the HID attack) and when using the powersploit payload for the HID attack you are required to have either Apache running on your net hunter device and hope the target network does not have client separation to prevent the victim from pulling powershell code off your net hunter device or push your own powersploit payload to a server for it to be pulled down from. The problem with this is you can potentially have to spin up two servers to serve up the payload and then receive a connect back shell. A more efficient and flexible option is to use powershell to pull down shellcode from metasploit's exploit/windows/misc/psh_web_delivery and then pass the URL it serves up to Net Hunter to download and run via IEX as you would any powershell payload. The main advantage of this is all outbound traffic goes to only one server (the server that would receive the connect back that would be serving up the payload via a different MSF module) and you can potentially serve payloads other then meterpreter (any powershell code really).

  2. #2
    NetHunter Master
    Join Date
    Sep 2014
    Posts
    176
    I find this idea very interesting. I would love to give a test out when I get some time.

  3. #3
    Junior Member
    Join Date
    Nov 2014
    Posts
    9
    I can confirm that this vector does work on windows 8.1 using exploit/multi/script/web_delivery and meterpreter/reverse_https as the payload and seems to provide a more stable meterpreter connection then the powersploit vector. If anyone wants I can post a tutorial in how to use this vector in the How To section.

  4. #4
    Junior Member
    Join Date
    Nov 2014
    Location
    Sweden
    Posts
    21
    @thesle3p that would be great! Thank you!
    :(){ :|:& };:

  5. #5
    Junior Member
    Join Date
    Feb 2015
    Posts
    24
    Hi, everyone, any news updated?? As I tried to apply this method, but there is no any payload option for windows when using exploits/multi/script/web_delivery.

    Is there anyone having the same issues just like me???

  6. #6
    Junior Member
    Join Date
    Feb 2015
    Posts
    24
    Okay, I am stupid, I just noticed that I need to first set the target to 2 which is for PSH, now I can use windows payload....

  7. #7
    Junior Member
    Join Date
    Nov 2014
    Posts
    9
    Yeah, further testing revealed it works extremely well with exploits/multi/script/web_delivery with what ever windows payload you throw at it, sorry it took so long to return to this.

  8. #8
    What a great idea, it will help a lot for me, thank you very much

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •