Hacking Windows Using USB Stick + Social Engineering Toolkit

Hacking Windows Using USB Stick + Social Engineering Toolkit


Type : Tutorial

Level : Easy (especially if you've already read and practice this tutorial before)

If my previous tutorial about Adobe PDF escape EXE social engineering talking about sending malicious PDF via e-mail and then the victim execute the file, today we will learn about how if we attack the victim via USB?

As you know, USB was very famous and also very popular, maybe from 10 people 9 of them have USB stick for external storage or some people use it for transfer data from one to another computer. Maybe when you hear someone talk to another like this "Hey, can I copy the last picture we go together with class? here I give you my USB, please copy it inside" I think you should know what they doing ๐Ÿ™‚

Here in this tutorial we will not learn to copy and paste picture, but how to make someone open our malicious file inside our USB. Okay….let's start!

Requirements :

1. Metasploit Framework

2. Operating System Windows or Linux (In Backtrack 5, metasploit already included inside)

Step By Step Hacking Windows Using USB Stick + Social Engineering Toolkit:

1. Open your console/terminal (CTRL+ALT+T) and then change your working directory to /pentest/exploits/set.

cd /pentest/exploits/set

2. Run your Social Engineering Toolkit using ./set command.

Hacking Windows Using USB Stick + Social Engineering Toolkit

3. Choose number 3 Infectious Media Generator, and then for the next step you can choose File-Format Exploits because we won't use straight executables exploit.

Enter IP Address for Reverse Connection –> fill in with your IP Address(Attacker IP Address)

Hacking Windows Using USB Stick + Social Engineering Toolkit

4. Select the file format exploit you want :

Hacking Windows Using USB Stick + Social Engineering Toolkit

Actually you can choose what exploit you want to use, but in this case I'm using the default one number 11 "Adobe PDF EXE Social Engineering"

5. The next option is choose your PDF.

Hacking Windows Using USB Stick + Social Engineering Toolkit

If you have your own PDF it was better, maybe you can use something that interest another people curious to open it, in this case I'm using my PDF Algebra-Final-Exam.pdf because I think it was really interesting file name ๐Ÿ™‚

You also can leave this option blank to use blank PDF attack, but I think it's better to use your own PDF so you can measure your victim.

6. The next step you need to choose which payload you want to use. As usual I like to choose Meterpreter reverse TCP payload ๐Ÿ™‚

Hacking Windows Using USB Stick + Social Engineering Toolkit

7. Enter the port to conneck back on. In this step, I choose port 80 because port 80 was magic port that always allowed by firewall ๐Ÿ™‚

Hacking Windows Using USB Stick + Social Engineering Toolkit

There should be a question "Do you want to create a listener right now? [yes|no]" choose YES.

Open new console/terminal (CTRL+ALT+T) and check your file inside autorun folder(see picture below) :

Hacking Windows Using USB Stick + Social Engineering Toolkit

There's two file autorun.inf and template.pdf inside the folder. If you see the filename, it's not impossible the victim suspicious to that file because the name was really awful ๐Ÿ˜› .

8. Let's change a little bit the autorun.inf and template.pdf to make it more friendly ๐Ÿ™‚

Change your working directory to autorun folder

cd /pentest/exploits/set/autorun

9. Do the following command :

pico autorun.inf

10. Inside autorun.inf, change the template.pdf to your desired file name :


then press CTRL + O to save and CTRL + X to exit.

To rename the PDF into our desired filename, do the following command :

mv template.pdf Algebra-Final-Exam.pdf

It's finish now, and you should copy the content to your USB.

9. When the victim plug our malicious USB and the autorun working (view previous tutorial on step 5), we have their shell now ๐Ÿ™‚

Hacking Windows Using USB Stick + Social Engineering Toolkit


Countermeasure :

1. Use firewall to detect inbound or outbound traffic…(remember : antivirus is not enough)

2. If there's an error message, read it carefully.

3. Turn off your autorun/autoplay (see tutorial here how to do that).

Hope you enjoyed it! ๐Ÿ™‚

(Visited 35,701 times, 1 visits today)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web.
Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • jouj

    it's amazing tutorial  but is that will work on win 7 or vista ?i will try it now

  • Uncle

    Say I want to  create a listener right now but use it later how would one go about doing so (because the victim isn't always online

  • Uncle

    Thanks I learned A LOT from your tutorials #Keep it up

    • v4L

      You’re welcome ๐Ÿ™‚

  • Pingback: Social Engineering Tabnabbing Attack + Ettercap Local DNS Poisoning | Vishnu Valentino Hacking Tutorial, Tips and Trick()

  • hii… how to use with dial up connection i get reply in local vmware os but cant being able to do outside my pc ๐Ÿ™

  • thanks dear for replying … i know about that ๐Ÿ™‚ but vpn and vos ares also not working anyways thanks i need a static ip i think ๐Ÿ˜€

    • v4L

      I don’t think so it’s not work, because on my vps mine work nice…maybe you should set up your payload to connect back to another port that allowed by victim firewall ๐Ÿ™‚

  • versailles

    what backtrack should i use ?
    backtrack 5 or backtrack 5 R1 ?
    which one is better ?
    btw nice tutorial sir ๐Ÿ˜€

    • v4L

      You can use both of them. ๐Ÿ™‚

  • sir, i’ a beginner for backtrack so i need the shortcut keyname & it’s function details so pls send it to my mail sir plssss….

    • v4L

      I don’t understand which shortcut? all command in backtrack was the same as linux you just need to define your search on google whether you use KDE or GNOME for your desktop environment.

  • Bob

    I have 2 problems.

    1. When I’m going through the filepaths to autorun I get up to exploits and I cant get in the set folder. I checked out the directory in the console to find set isnt even there. Then I viewed the file system visually and it WAS there… Ive always had problems with ls and cd commands to specific locations…

    2. When you say “copy the content to your USB, what folder do you mean? Do you mean the autorun folder? Could you please specify the file locations?

    • v4L


      1. You can double press the tab key to show the folder content match with your prefix e.g: ls /pentest/ex[do the double tab]

      2. The content of autorun folder

    • godofweapons

      you need to type in like this– cd /pentest/exploits/set/autorun
      dont forget slash after “cd /” but if its in same dir that you are then you dont need “/”..

      you can do pico but i prefer touch he said to make a autorun.inf file and write those 3 lines of codes but the name after “open=” should be same as of the malware you created.. at last copy those autorun.inf and your malware to a usb stick then you are good to go.

      icon=autorun.ico – See more at:
      icon=autorun.ico – See more at:

  • henrie t

    so i am fairly new to hacking but would love to learn more, what exactly is this tutorial for i dont really get it when you said we own their shell.

    • v4L

      #henrie t

      that’s mean that we already inside victim computer through exploit and payload we used. View more tutorial how to own victim here http://www./category/hacking-tutorial/

      • henrie t

        So once we own it then what can we do with it?

  • How do you create a back door for that exploit

  • shahmir alikhan

    awwsm trick work for me amazing blog….

  • Mer Di

    Great tutorial, but Ihave one question:

    If I create the exe, and open it un the attaceked computer, do I need to sabe the exe un the vรญctimas to computer, or is it enough with opening the exe?
    Afer using metaxploit, as I am waiting for the vรญctim to open the exe, can I turn off the attcker computer where I am running Kali Linux? I will I lopse the attaceked?Could I sabe it somehow? Afer the vict opems the exe, if he turns off the vรญctimas computer, will I lopse the attack?
    If I can enter a USB in teh vรญctimas computer, is creating a backdoor the easiest Way to access his computer, or is there any other easier Way?
    Thank you for your help!