Scribd
Upload
11 views1 page

Gray Hat Hacking 113

Chapter 4 discusses the creation of a remote access Trojan using VBScript and ISO files. It details the process of modifying an autorun.inf file and incorporating scripts into an ISO image for deployment on a flash drive. The chapter emphasizes the stealth and complexity of such attacks, encouraging experimentation with more advanced payloads.

Uploaded by

digapo7593
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views1 page

Gray Hat Hacking 113

Chapter 4 discusses the creation of a remote access Trojan using VBScript and ISO files. It details the process of modifying an autorun.inf file and incorporating scripts into an ISO image for deployment on a flash drive. The chapter emphasizes the stealth and complexity of such attacks, encouraging experimentation with more advanced payloads.

Uploaded by

digapo7593
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Chapter 4: Social Engineering Attacks

85
The preceding script is documented step by step in the comments. VBScript is used
as opposed to batch files because it gives more control over what the user sees on the
screen. This example is configured to run silently even if it encounters multiple errors
and cannot continue. It uses Windows environment variables to determine where the
Windows directory is so that it can easily find the command shell binary cmd.exe on
multiple versions of Windows. It uses the same technique to determine the default
Window temp directory.

PART II
Now that we have our autorun.inf file modified and our go.vbs script written, it’s
time to put them into the ISO file the LPInstaller application is about to write to the
flash drive. Using the ISO Commander application with the LPInstaller ISO file still
open, drag and drop the edited autorun.inf file into the root of the image file system.
Then, using either a right-click, the toolbar, or pull-down menus, create a new folder
named cruzer. In ISO Commander, each method creates a folder titled New Folder,
which must be renamed. Drag and drop the go.vbs and nc.exe files into the cruzer di-
rectory, save your changes, and exit ISO Commander before continuing.
Continue by clicking the Next button on the LPInstaller application, and the edited
ISO image will be written to the flash drive. In the preceding example, an IP address is
specified in the local network for testing purposes. From the command prompt on the
machine that will receive the command shell from the target machine, instruct netcat
to listen on TCP port 443 as follows:
C:\nc -l -p 443

Port 443 is a common port to use as it is difficult to proxy and monitor, as the legiti-
mate traffic that would typically flow over it is encrypted. If everything works, you will
receive a command prompt with the drive letter that the U3 file system was assigned by
the target machine when it was inserted, as shown here:

This example used very simple tools to create a remote access Trojan. In reality, the
attack contained on the USB drive can be vastly more complex and stealthy. Once you
are comfortable making and writing your own ISO images to the flash drive, you can
experiment with more complex payloads. It’s even possible to create a Trojan execut-
able to replace the LaunchU3.exe application in the event the user has autorun turned

You might also like