Type : Tutorial

Level : Easy (especially if you've already read and practice this tutorial before)

If my previous tutorial about Adobe PDF escape EXE social engineering talking about sending malicious PDF via e-mail and then the victim execute the file, today we will learn about how if we attack the victim via USB?

As you know, USB was very famous and also very popular, maybe from 10 people 9 of them have USB stick for external storage or some people use it for transfer data from one to another computer. Maybe when you hear someone talk to another like this "Hey, can I copy the last picture we go together with class? here I give you my USB, please copy it inside" I think you should know what they doing

Here in this tutorial we will not learn to copy and paste picture, but how to make someone open our malicious file inside our USB. Okay….let's start!

Requirements :

1. Metasploit Framework

2. Operating System Windows or Linux (In Backtrack 5, metasploit already included inside)

Step By Step :

1. Open your console/terminal (CTRL+ALT+T) and then change your working directory to /pentest/exploits/set.

cd /pentest/exploits/set

2. Run your Social Engineering Toolkit using ./set command.

3. Choose number 3 Infectious Media Generator, and then for the next step you can choose File-Format Exploits because we won't use straight executables exploit.

Enter IP Address for Reverse Connection –> fill in with your IP Address(Attacker IP Address)

4. Select the file format exploit you want :

Actually you can choose what exploit you want to use, but in this case I'm using the default one number 11 "Adobe PDF EXE Social Engineering"

5. The next option is choose your PDF.

If you have your own PDF it was better, maybe you can use something that interest another people curious to open it, in this case I'm using my PDF Algebra-Final-Exam.pdf because I think it was really interesting file name

You also can leave this option blank to use blank PDF attack, but I think it's better to use your own PDF so you can measure your victim.

6. The next step you need to choose which payload you want to use. As usual I like to choose Meterpreter reverse TCP payload

7. Enter the port to conneck back on. In this step, I choose port 80 because port 80 was magic port that always allowed by firewall

There should be a question "Do you want to create a listener right now? [yes|no]" choose YES.

Open new console/terminal (CTRL+ALT+T) and check your file inside autorun folder(see picture below) :

There's two file autorun.inf and template.pdf inside the folder. If you see the filename, it's not impossible the victim suspicious to that file because the name was really awful .

8. Let's change a little bit the autorun.inf and template.pdf to make it more friendly

Change your working directory to autorun folder

cd /pentest/exploits/set/autorun

9. Do the following command :

pico autorun.inf

10. Inside autorun.inf, change the template.pdf to your desired file name :

[autorun]
open=Algebra-Final-Exam.pdf
icon=autorun.ico

then press CTRL + O to save and CTRL + X to exit.

To rename the PDF into our desired filename, do the following command :

mv template.pdf Algebra-Final-Exam.pdf

It's finish now, and you should copy the content to your USB.

9. When the victim plug our malicious USB and the autorun working (view previous tutorial on step 5), we have their shell now

PWNED!

Countermeasure :

1. Use firewall to detect inbound or outbound traffic…(remember : antivirus is not enough)

2. If there's an error message, read it carefully.

3. Turn off your autorun/autoplay (see tutorial here how to do that).

Hope you enjoyed it!

Vishnu Valentino Computer Security, Blogger Nothing Secure... BANDUNG - INDONESIA CHANGCHUN - CHINA

Follow @vishnuvalentino