Hi all,
I found this tutorial in the hackingtutorial website, works great:
Requirements :
2. Operating System Windows or Linux (In Backtrack 5, metasploit already included inside)
Step By Step :
1. Open your console/terminal (CTRL+ALT+T) and then change your working directory to/pentest/exploits/set.
cd /pentest/exploits/set
2. Run your Social Engineering Toolkit using ./set command.
3. Choose number 3 Infectious Media Generator, and then for the next step you can choose File-Format Exploits because we won’t use straight executables exploit.
Enter IP Address for Reverse Connection –> fill in with your IP Address(Attacker IP Address)
4. Select the file format exploit you want :
Actually you can choose what exploit you want to use, but in this case I’m using the default one number 11 “Adobe PDF EXE Social Engineering”
5. The next option is choose your PDF.
If you have your own PDF it was better, maybe you can use something that interest another people curious to open it, in this case I’m using my PDF Algebra-Final-Exam.pdf because I think it was really interesting file name
You also can leave this option blank to use blank PDF attack, but I think it’s better to use your own PDF so you can measure your victim.
6. The next step you need to choose which payload you want to use. As usual I like to choose Meterpreter reverse TCP payload
7. Enter the port to conneck back on. In this step, I choose port 80 because port 80 was magic port that always allowed by firewall
There should be a question “Do you want to create a listener right now? [yes|no]” choose YES.
Open new console/terminal (CTRL+ALT+T) and check your file inside autorun folder(see picture below) :
There’s two file autorun.inf and template.pdf inside the folder. If you see the filename, it’s not impossible the victim suspicious to that file because the name was really awful .
8. Let’s change a little bit the autorun.inf and template.pdf to make it more friendly
Change your working directory to autorun folder
cd /pentest/exploits/set/autorun
9. Do the following command :
pico autorun.inf
10. Inside autorun.inf, change the template.pdf to your desired file name :
[autorun] open=Algebra-Final-Exam.pdf icon=autorun.ico
then press CTRL to save and CTRL + X to exit.
To rename the PDF into our desired filename, do the following command :
mv template.pdf Algebra-Final-Exam.pdf
It’s finish now, and you should copy the content to your USB.
9. When the victim plug our malicious USB and the autorun working (view previous tutorial on step 5), we have their shell now
PWNED!
Countermeasure :
1. Use firewall to detect inbound or outbound traffic…(remember : antivirus is not enough)
2. If there’s an error message, read it carefully.
3. Turn off your autorun/autoplay (see tutorial here how to do that).
Hope you enjoyed it!