Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Алексей Мисник - USB устройства для пентеста

HackIT Ukraine
HackIT Ukraine

USB-устройства, такие как клавиатуры и мыши, могут быть использованы для взлома персональных компьютеров в качестве потенциального нового класса атак, которые обходят все известные механизмы защиты. Я покажу все типы USB атак и вы увидите эффективность USB атак на практике.

Related slideshows

Automotive embedded systems part6 v1
Automotive embedded systems part6 v1Automotive embedded systems part6 v1
Automotive embedded systems part6 v1
 
Hacking The Xbox
Hacking The XboxHacking The Xbox
Hacking The Xbox
 
Automotive embedded systems part6 v2
Automotive embedded systems part6 v2Automotive embedded systems part6 v2
Automotive embedded systems part6 v2
 
1 of 71
Download to read offline
USB HID FOR PENTEST
root # uname -a I’m a security engineer. I like linux and am a big fan of Mr Robot series. I like working on my hobby so I work in security.
AGENDA - Effective attacks with USB
 - Social experiment at the University of Illinois Urbana-Champaign - Info adbout USB devices - Making USB drop attack effective: 
 PART 1. BadUsb
 PART 2. USB Ducky
 PART 3. USB Ethernet
 PART 4 . Kali Linux NetHunter
 PART 5. USB Kill 2.0 PART 6. USB keylogger
 - Practice USB HID attack on Windows 8
PART 1
Алексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентеста
SOCIAL EXPERIMENT AT THE UNIVERSITY OF ILLINOIS URBANA- CHAMPAIGN

USB KEYS CONTENT

USB KEYS APPEARANCE

DROP LOCATION TYPE 

DROP ACTION

Total Fraction Dropped 297 Key picked up 290 98% Key who get home 135 45% Key returned 54 19% People answering survey 62 21%
ANSWERS - 16% scanned the drive with their anti-virus software - 8% believed that their operating system or security software would protect them, e.g., “I trust my macbook to be a good defence against viruses”
DEMO USB drop attack demo - Blackhat USA 2016.mp4
INFO ABOUT USB DEVICES
BACKGROUND USB is a very versatile interface. Just think how many devices we connect to it Mice, keyboards, printers, scanners, gamepads, modems, access points, webcams, phones, etc. We do not hesitate to insert the connector into the appropriate socket, OS automatically detects the type of device and loads the appropriate drivers.
FLASH DEVICES
 In fact, the operating system does not know anything about the connected device. It has to wait until the device itself tells the class to which it belongs. 
 If we take the simplest example, when we stick a flash drive to the USB-connector, the flash drive tells the operating system if it is only storage or other device.
ALGORITHM INITIALIZE USB DEVICES
 Purpose USB-devices is determined by the class codes that communicate USB- host to download the necessary drivers. Class codes allow to unify the work with the same type of devices from different manufacturers.
 Usual bootable flash drive will have a class code 08h (Mass Storage Device - MSD), while a webcam equipped with a microphone, will be characterized by two already: 01h (Audio) and 0Eh (Video Device Class).
CONNECTING THE USB-DEVICE, When connecting the USB-device, it is registered, receives the address and sends a handle / handles to operating system drivers can be loaded and sent back to the desired configuration. After this, the direct interaction with the device. Upon completion of the work going on deregistration device.
USB ATTACK PART 1. USB keylogger PART 2. USB Kill 2.0 PART 3. Kali Linux NetHunter PART 4. USB Ethernet PART 5. Bad Usb
 PART 6. USB Ducky 

USB KEYLOGGER
PARAMETERS - 4MB flash memory stores 2000 pages of text - Work great with all wired USB keyboards and work with all versions of Windows and Linux - No software or drivers needed - National keyboard layout support - Capable of recording ALL keys
PRICE: $64.99 KeyLlama records everything typed on a USB keyboard. Absolutely no software is required and KeyLlama is completely invisible to any software. The KeyLlama USB is the stealthiest hardware keylogger in existence - it is impossible to detect!
USB KILL 2.0
As the company explains, when plugged in, the USB Kill 2.0 stick rapidly charges its capacitors via the USB power supply, and then discharges – all in a matter of seconds.
 The USB stick discharges 200 volts DC power over the data lines of the host machine and this charge-and-discharge cycle is repeated several numbers of times in just one second, until the USB Kill stick is removed.
WHEN AND FOR WHOM USB KILL WOULD BE USEFUL?
 USB Kill stick could be a boon for - whistleblowers, - journalists, - activists - cyber criminals (who want to keep their sensitive data - away from law enforcement as well as cyber thieves) The company claims about 95% of all devices available on the market today are vulnerable to power surge attacks introduced via the USB port. However, the only devices not vulnerable to USB kill attacks are recent models of Apple's MacBook, which optically isolate the data lines on USB ports.
PRICE: 49.95 TUGRIKOV☺
KALI LINUX NETHUNTER 
 +
 USB ETHERNET
HID KEYBOARD AND ‘BADUSB’ ATTACKS
 Our NetHunter images support programmable HID keyboard attacks, (a-la-teensy), as well as “BadUSB” network attacks, allowing an attacker to easily MITM an unsuspecting target by simply connecting their device to a computer USB port. In addition to these built in features, we’ve got a whole set of native Kali Linux tools available for use, many of which are configurable through a simple web interface.
NEXUS 4 & 5 ANDROID PHONE Nexus 4/5
MITM
A USB DEVICE IS ALL IT TAKES TO STEAL
 CREDENTIALS FROM LOCKED PC
 USB Ethernet + DHCP + Responder == Creds Device: - USB Ethernet - patch cord - laptop Tools: - Responder - Server dhcp
ATTACK&DEFENCE
TESTED OS • Windows 98 SE • Windows 2000 SP4 • Windows XP SP3 • Windows 7 SP1 • Windows 10 (Enterprise and Home)
RESPONDER
DATABASE
ATTACK Lock PC.mp4
PART 2
BAD USB
Алексей Мисник - USB устройства для пентеста
PHISON 2251-03 (2303) CUSTOM FIRMWARE & EXISTING FIRMWARE PATCHES
SUPPORTED DEVICES • Patriot 8GB Supersonic • Patriot 8GB Supersonic Xpress • Kingston DataTraveler 3.0 T111 8GB • Silicon power marvel M60 64GB • Patriot Stellar 64 Gb Phison • Toshiba TransMemory-MX USB 3.0 16GB • Toshiba TransMemory-MX USB 3.0 8GB • Kingston DataTraveler G4 64 GB • Patriot PSF16GXPUSB Supersonic Xpress 16GB • Silicon Power 32GB Blaze 30
SOFT • DriveCom -- PC C# application to communicate with Phison drives. • EmbedPayload -- PC C# application to embed Rubber Ducky inject.bin key scripts into custom firmware for execution on the drive. • Injector -- PC C# application to extract addresses/equates from firmware as well as embed patching code into the firmware. • firmware -- this is 8051 custom firmware written in C. • patch -- this is a collection of 8051 patch code written in C. Releases have the following items: • patch -- this is a collection of 8051 patch code written in C. • tools -- these are the compiled binaries of all the tools. • CFW.bin -- this is custom firmware set up to send an embedded HID payload.
ALL COMANDS C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=SetBootMode C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=SendExecutable /burner=C:fwfw_bn BN03V114M.BIN C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=DumpFirmware /firmware=C:fwcurrentfw.bin java -jar C:fwduckyduckencode.jar -i C:fwduckyhello_world.txt -o C:fwduckyinject.bin C:fwPsychson-mastertoolsEmbedPayload.exe C:fwduckyinject.bin C:fwPsychson-masterfirmwarebin fw.bin C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=SendFirmware /burner=C:fwfw_bn BN03V114M.BIN /firmware=C:fwPsychson-masterfirmwarebinfw.bin
OBTAINING A BURNER IMAGE A burner image is required for dumping or flashing firmware. These burner images are typically named using the following convention: BNxxVyyyz.BIN where xx is the controller version (such as 03 for PS2251-03 (2303)), yyy is the version number (irrelevant), and z indicates the page size. z can be either: • 2KM -- indicates this is for 2K NAND chips. • 4KM -- indicates this is for 4K NAND chips. • M -- indicates this is for 8K NAND chips. All versions of the Patriot 8GB Supersonic Xpress drive (in fact, all USB 3.0 drives) seen so far require an 8K burner. An example of a burner image would be BN03V104M.BIN.
BUILD ENVIRONMENT To patch or modify existing firmware, you must first set up a build environment. See Setting Up the Environment on the wiki for more information. At a minimum, SDCC needs to be installed to C:Program FilesSDCC. To run the tools, you need to be on Windows with .NET 4.0 installed. To set up a build environment, you need to: • Install Visual Studio 201 2 Express (for building the tools). • Install SDCC (Small Device C Compiler) suite to C:Program FilesSDCC Run DriveCom as below to obtain information about your drive: DriveCom.exe /drive=E /action=GetInfo
DUMPING FIRMWARE Run DriveCom, passing in the drive letter representing the drive you want to flash, the path of the burner image you obtained, and the destination path for the firmware image: C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=DumpFirmware /firmware=C:fw currentfw.bin where E is the drive letter, BN03V104M.BIN is the path to the burner image, and fw.bin is the resulting firmware dump. Currently, only 200KB firmware images can be dumped (which is what the Patriot 8GB Supersonic Xpress drive uses).
FLASHING CUSTOM FIRMWARE
 Run DriveCom, passing in the drive letter representing the drive you want to flash, the path of the burner image you obtained, and the path of the firmware image you want to flash: C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=SendExecutable / burner=C:fwfw_bnBN03V114M.BIN where E is the drive letter, BN03V104M.BIN is the path to the burner image, and fw.bin is the path to the firmware image.
CREATE PAYLOAD
 Create a key script in Rubber Ducky format, then use Duckencoder to create an inject.bin version of it: java -jar duckencoder.java -i keys.txt -o inject.bin where keys.txt is the path to your key script. You may notice the delays are not quite the same between the Rubber Ducky and the drive -- you may need to adjust your scripts to compensate.
INSERT HID PAYLOAD IN FIRMWARE &
 DOWNLOAD THE FIRMWARE EMBEDDED HID PAYLOAD
 C:fwPsychson-mastertoolsEmbedPayload.exe C:fwduckyinject.bin C:fw Psychson-masterfirmwarebinfw.bin C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=SendFirmware / burner=C:fwfw_bnBN03V114M.BIN /firmware=C:fwPsychson-master firmwarebinfw.bin
RESULT
VIRTUAL KEYBOARD

WORK
RECOVERY
PROOF BaDusb.webm
USB DUCKY
RUBBER DUCKY, WHEN THE USB IS A USB KEYBOARD The principle of action of the USB Rubber Ducky key marketed by Hak5, is simple to understand. The USB stick poses as a key to the system and will, at launch, perform actions on the system , with the image of a autorun.exe, except that it will be entering keyboard keys.
RUBBER DUCKY
Ideas: Use bash to create a reverse shell use nohup to spawn the reverse shell as a background process LINUX PAYLOAD
PAYLOAD Windows 10 MacOS
AS CREATE PAYLOAD OR ARE YOU SURE THAT YOU CREATE IT? ducktoolkit-411.rhcloud.com ducktoolkit.com
YOU CAN RECON SCRIPT EXPLOIT SCRIPT REPORT SCRIPT Computer Information USB Information User Information Shared Drive Information Installed Program Information Installed Updates User Documents Network Information Network Scan Port Scan Wireless Profile Screen Capture Firefox Profile Extract SAM Disable Firewall Find and FTP a File Add Administrative User Open Port Start WIFI Access Point Share C Drive Enable RDP Reverse Shell Download .exe and Execute DNS Cache Poison Sticky Keys Swap Remove Windows Update Save To USB Upload Report via FTP Email Report via GMAIL Save To Computer
ENCODE
CREATE PAYLOAD https://code.google.com/p/simple-ducky-payload-generator/downloads/detail? name=installer_v1.1.1_debian.sh&can=2&q root@kali:~# chmod +x installer_v1.1.1_debian.sh root@kali:~# ./installer_v1.1.1_debian.sh root@kali:~# rm installer_v1.1.1_debian.sh To run the program; root@kali:~# simple-ducky
AUTOMATION Install ip, port and delay time
REVERSE SHELL
PRACTICAL • Open BEEF in browser • Create Reverse Shell (Avast )
OPEN BEEF IN BROWSER
 Beef.mov
CREATE REVERSE SHELL (AVAST )
 DNS tunneling.mov
INFO - https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-jhind- dns_tunnels_with_ai.pdf - https://github.com/LightWind/malusb/tree/master/payload - http://www.slideshare.net/elie-bursztein/does-dropping-usb-drives-really-work-blackhat- usa-2016 - https://ducktoolkit.com/encoder/ - https://github.com/brandonlw/Psychson - http://habrahabr.net/thread/1011

More Related Content

Алексей Мисник - USB устройства для пентеста

  • 1. USB HID FOR PENTEST
  • 2. root # uname -a I’m a security engineer. I like linux and am a big fan of Mr Robot series. I like working on my hobby so I work in security.
  • 3. AGENDA - Effective attacks with USB
 - Social experiment at the University of Illinois Urbana-Champaign - Info adbout USB devices - Making USB drop attack effective: 
 PART 1. BadUsb
 PART 2. USB Ducky
 PART 3. USB Ethernet
 PART 4 . Kali Linux NetHunter
 PART 5. USB Kill 2.0 PART 6. USB keylogger
 - Practice USB HID attack on Windows 8
  • 8. SOCIAL EXPERIMENT AT THE UNIVERSITY OF ILLINOIS URBANA- CHAMPAIGN

  • 13. Total Fraction Dropped 297 Key picked up 290 98% Key who get home 135 45% Key returned 54 19% People answering survey 62 21%
  • 14. ANSWERS - 16% scanned the drive with their anti-virus software - 8% believed that their operating system or security software would protect them, e.g., “I trust my macbook to be a good defence against viruses”
  • 15. DEMO USB drop attack demo - Blackhat USA 2016.mp4
  • 16. INFO ABOUT USB DEVICES
  • 17. BACKGROUND USB is a very versatile interface. Just think how many devices we connect to it Mice, keyboards, printers, scanners, gamepads, modems, access points, webcams, phones, etc. We do not hesitate to insert the connector into the appropriate socket, OS automatically detects the type of device and loads the appropriate drivers.
  • 18. FLASH DEVICES
 In fact, the operating system does not know anything about the connected device. It has to wait until the device itself tells the class to which it belongs. 
 If we take the simplest example, when we stick a flash drive to the USB-connector, the flash drive tells the operating system if it is only storage or other device.
  • 19. ALGORITHM INITIALIZE USB DEVICES
 Purpose USB-devices is determined by the class codes that communicate USB- host to download the necessary drivers. Class codes allow to unify the work with the same type of devices from different manufacturers.
 Usual bootable flash drive will have a class code 08h (Mass Storage Device - MSD), while a webcam equipped with a microphone, will be characterized by two already: 01h (Audio) and 0Eh (Video Device Class).
  • 20. CONNECTING THE USB-DEVICE, When connecting the USB-device, it is registered, receives the address and sends a handle / handles to operating system drivers can be loaded and sent back to the desired configuration. After this, the direct interaction with the device. Upon completion of the work going on deregistration device.
  • 21. USB ATTACK PART 1. USB keylogger PART 2. USB Kill 2.0 PART 3. Kali Linux NetHunter PART 4. USB Ethernet PART 5. Bad Usb
 PART 6. USB Ducky 

  • 23. PARAMETERS - 4MB flash memory stores 2000 pages of text - Work great with all wired USB keyboards and work with all versions of Windows and Linux - No software or drivers needed - National keyboard layout support - Capable of recording ALL keys
  • 24. PRICE: $64.99 KeyLlama records everything typed on a USB keyboard. Absolutely no software is required and KeyLlama is completely invisible to any software. The KeyLlama USB is the stealthiest hardware keylogger in existence - it is impossible to detect!
  • 26. As the company explains, when plugged in, the USB Kill 2.0 stick rapidly charges its capacitors via the USB power supply, and then discharges – all in a matter of seconds.
 The USB stick discharges 200 volts DC power over the data lines of the host machine and this charge-and-discharge cycle is repeated several numbers of times in just one second, until the USB Kill stick is removed.
  • 27. WHEN AND FOR WHOM USB KILL WOULD BE USEFUL?
 USB Kill stick could be a boon for - whistleblowers, - journalists, - activists - cyber criminals (who want to keep their sensitive data - away from law enforcement as well as cyber thieves) The company claims about 95% of all devices available on the market today are vulnerable to power surge attacks introduced via the USB port. However, the only devices not vulnerable to USB kill attacks are recent models of Apple's MacBook, which optically isolate the data lines on USB ports.
  • 29. KALI LINUX NETHUNTER 
 +
 USB ETHERNET
  • 30. HID KEYBOARD AND ‘BADUSB’ ATTACKS
 Our NetHunter images support programmable HID keyboard attacks, (a-la-teensy), as well as “BadUSB” network attacks, allowing an attacker to easily MITM an unsuspecting target by simply connecting their device to a computer USB port. In addition to these built in features, we’ve got a whole set of native Kali Linux tools available for use, many of which are configurable through a simple web interface.
  • 31. NEXUS 4 & 5 ANDROID PHONE Nexus 4/5
  • 32. MITM
  • 33. A USB DEVICE IS ALL IT TAKES TO STEAL
 CREDENTIALS FROM LOCKED PC
 USB Ethernet + DHCP + Responder == Creds Device: - USB Ethernet - patch cord - laptop Tools: - Responder - Server dhcp
  • 35. TESTED OS • Windows 98 SE • Windows 2000 SP4 • Windows XP SP3 • Windows 7 SP1 • Windows 10 (Enterprise and Home)
  • 42. PHISON 2251-03 (2303) CUSTOM FIRMWARE & EXISTING FIRMWARE PATCHES
  • 43. SUPPORTED DEVICES • Patriot 8GB Supersonic • Patriot 8GB Supersonic Xpress • Kingston DataTraveler 3.0 T111 8GB • Silicon power marvel M60 64GB • Patriot Stellar 64 Gb Phison • Toshiba TransMemory-MX USB 3.0 16GB • Toshiba TransMemory-MX USB 3.0 8GB • Kingston DataTraveler G4 64 GB • Patriot PSF16GXPUSB Supersonic Xpress 16GB • Silicon Power 32GB Blaze 30
  • 44. SOFT • DriveCom -- PC C# application to communicate with Phison drives. • EmbedPayload -- PC C# application to embed Rubber Ducky inject.bin key scripts into custom firmware for execution on the drive. • Injector -- PC C# application to extract addresses/equates from firmware as well as embed patching code into the firmware. • firmware -- this is 8051 custom firmware written in C. • patch -- this is a collection of 8051 patch code written in C. Releases have the following items: • patch -- this is a collection of 8051 patch code written in C. • tools -- these are the compiled binaries of all the tools. • CFW.bin -- this is custom firmware set up to send an embedded HID payload.
  • 45. ALL COMANDS C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=SetBootMode C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=SendExecutable /burner=C:fwfw_bn BN03V114M.BIN C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=DumpFirmware /firmware=C:fwcurrentfw.bin java -jar C:fwduckyduckencode.jar -i C:fwduckyhello_world.txt -o C:fwduckyinject.bin C:fwPsychson-mastertoolsEmbedPayload.exe C:fwduckyinject.bin C:fwPsychson-masterfirmwarebin fw.bin C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=SendFirmware /burner=C:fwfw_bn BN03V114M.BIN /firmware=C:fwPsychson-masterfirmwarebinfw.bin
  • 46. OBTAINING A BURNER IMAGE A burner image is required for dumping or flashing firmware. These burner images are typically named using the following convention: BNxxVyyyz.BIN where xx is the controller version (such as 03 for PS2251-03 (2303)), yyy is the version number (irrelevant), and z indicates the page size. z can be either: • 2KM -- indicates this is for 2K NAND chips. • 4KM -- indicates this is for 4K NAND chips. • M -- indicates this is for 8K NAND chips. All versions of the Patriot 8GB Supersonic Xpress drive (in fact, all USB 3.0 drives) seen so far require an 8K burner. An example of a burner image would be BN03V104M.BIN.
  • 47. BUILD ENVIRONMENT To patch or modify existing firmware, you must first set up a build environment. See Setting Up the Environment on the wiki for more information. At a minimum, SDCC needs to be installed to C:Program FilesSDCC. To run the tools, you need to be on Windows with .NET 4.0 installed. To set up a build environment, you need to: • Install Visual Studio 201 2 Express (for building the tools). • Install SDCC (Small Device C Compiler) suite to C:Program FilesSDCC Run DriveCom as below to obtain information about your drive: DriveCom.exe /drive=E /action=GetInfo
  • 48. DUMPING FIRMWARE Run DriveCom, passing in the drive letter representing the drive you want to flash, the path of the burner image you obtained, and the destination path for the firmware image: C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=DumpFirmware /firmware=C:fw currentfw.bin where E is the drive letter, BN03V104M.BIN is the path to the burner image, and fw.bin is the resulting firmware dump. Currently, only 200KB firmware images can be dumped (which is what the Patriot 8GB Supersonic Xpress drive uses).
  • 49. FLASHING CUSTOM FIRMWARE
 Run DriveCom, passing in the drive letter representing the drive you want to flash, the path of the burner image you obtained, and the path of the firmware image you want to flash: C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=SendExecutable / burner=C:fwfw_bnBN03V114M.BIN where E is the drive letter, BN03V104M.BIN is the path to the burner image, and fw.bin is the path to the firmware image.
  • 50. CREATE PAYLOAD
 Create a key script in Rubber Ducky format, then use Duckencoder to create an inject.bin version of it: java -jar duckencoder.java -i keys.txt -o inject.bin where keys.txt is the path to your key script. You may notice the delays are not quite the same between the Rubber Ducky and the drive -- you may need to adjust your scripts to compensate.
  • 51. INSERT HID PAYLOAD IN FIRMWARE &
 DOWNLOAD THE FIRMWARE EMBEDDED HID PAYLOAD
 C:fwPsychson-mastertoolsEmbedPayload.exe C:fwduckyinject.bin C:fw Psychson-masterfirmwarebinfw.bin C:fwPsychson-mastertoolsDriveCom.exe /drive=F /action=SendFirmware / burner=C:fwfw_bnBN03V114M.BIN /firmware=C:fwPsychson-master firmwarebinfw.bin
  • 54. WORK
  • 58. RUBBER DUCKY, WHEN THE USB IS A USB KEYBOARD The principle of action of the USB Rubber Ducky key marketed by Hak5, is simple to understand. The USB stick poses as a key to the system and will, at launch, perform actions on the system , with the image of a autorun.exe, except that it will be entering keyboard keys.
  • 60. Ideas: Use bash to create a reverse shell use nohup to spawn the reverse shell as a background process LINUX PAYLOAD
  • 62. AS CREATE PAYLOAD OR ARE YOU SURE THAT YOU CREATE IT? ducktoolkit-411.rhcloud.com ducktoolkit.com
  • 63. YOU CAN RECON SCRIPT EXPLOIT SCRIPT REPORT SCRIPT Computer Information USB Information User Information Shared Drive Information Installed Program Information Installed Updates User Documents Network Information Network Scan Port Scan Wireless Profile Screen Capture Firefox Profile Extract SAM Disable Firewall Find and FTP a File Add Administrative User Open Port Start WIFI Access Point Share C Drive Enable RDP Reverse Shell Download .exe and Execute DNS Cache Poison Sticky Keys Swap Remove Windows Update Save To USB Upload Report via FTP Email Report via GMAIL Save To Computer
  • 65. CREATE PAYLOAD https://code.google.com/p/simple-ducky-payload-generator/downloads/detail? name=installer_v1.1.1_debian.sh&can=2&q root@kali:~# chmod +x installer_v1.1.1_debian.sh root@kali:~# ./installer_v1.1.1_debian.sh root@kali:~# rm installer_v1.1.1_debian.sh To run the program; root@kali:~# simple-ducky
  • 68. PRACTICAL • Open BEEF in browser • Create Reverse Shell (Avast )
  • 69. OPEN BEEF IN BROWSER
 Beef.mov
  • 70. CREATE REVERSE SHELL (AVAST )
 DNS tunneling.mov
  • 71. INFO - https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-jhind- dns_tunnels_with_ai.pdf - https://github.com/LightWind/malusb/tree/master/payload - http://www.slideshare.net/elie-bursztein/does-dropping-usb-drives-really-work-blackhat- usa-2016 - https://ducktoolkit.com/encoder/ - https://github.com/brandonlw/Psychson - http://habrahabr.net/thread/1011