[Full-disclosure] USBsploit 0.6b - added: Autosploit CLI and customized infections of the original EXE and PDF USB files

USBsploit v0.6 changelogs:

- Add an option to the replacement module, allowing to try to upload
first a custom infected version for each original PDF & EXE files
available on the USB target. If not succeeding, generic malicious ones
will be used.

- Add autosploit CLI to automate the creation of the malicious files &
launching multi-handler listeners. Almost all USBsploit options can be
now specified via specific switches on the command line and used via

- Internal Metasploit core updated with the one of the last SVN
version (metasploit v3.7.0-dev svn r12145 2011.03.26).

- Add documentation in the ./readme/doc file (need to svn update after
v0.6b installation)

- Some bugfixes.

The USBsploit v0.6b home page :


The .run archive:

sha1sum usbsploit-0.6-BETA-linux-i686.run
2a409aeb409ac9dc4fb194fbe575b1a55d1fcb0c usbsploit-0.6-BETA-linux-i686.run

The .tar.gz archive:

sha1sum usbsploit-0.6-BETA-linux-i686.tar.gz
c69ce7d9999e8e1fe1b1fd32ad5e8a006086c1c5 usbsploit-0.6-BETA-linux-i686.tar.gz

SVN repo: https://svn.secuobs.com/svn

Some new videos:

- Video - USBsploit 0.6 BETA: Replace and infect all EXE and PDF with
payload embedded into the orignal files


- Video - USBsploit 0.6 BETA: using autosploit CLI to automate the
infection of all original EXE & PDF files


- Video - usbsploit.rb 0.6b with MSF: custom infection to replace all
the original EXE and PDF files


- Video - usbsploit.rb 0.6b split into 3 scripts with MSF: custom
infection to replace all original EXE and PDF


More videos on http://youtube.com/secuobs


PoC to generate Reverse TCP backdoors, malicious PDF and LNK files.
But also running Auto[run|play] infections (EXE, PDF, LNK) and dumping
all USB files remotely on multiple targets at the same time. A set of
extensions for the dump attacks can be specified via a specific file.
All EXE, PDF and LNK already available on the USB targets can also be
replaced by malicious generic ones. Replacing only the EXE files (or
PDF or LNK) can be chosen.

USBsploit works through Meterpreter sessions (wmic, railgun, process
migration) with a minimal modified version of Metasploit. The
interface is a mod of SET (The Social Engineering Toolkit). Note that
if wmic's not available on a target, railgun'll be used with
GetLogicalDrives(), GetDriveTypeN() and GetVolumeInformationW(). A
switch can be activated to always use railgun, even if vmic's
available on the targets.

With the original Metasploit framework, usbsploit.rb can be used with
all options. But also the independent autorun_usbsploit.rb,
dump_usbsploit.rb and replace_usbsploit.rb meterpreter scripts.
dump_usbsploit.rb has an option to protect the dumped files from being
overwritten when trying to dump a malicious file with the same name
and size (previously uploaded by replace_usbsploit.rb or
autorun_usbsploit.rb). Every scripts can be used with the last
original Metasploit Framework (all the options work at least with the

The split scripts can always be found in the archives (.run, .tar.gz) or on
the SVN ( https://svn.secuobs.com/svn/lib/msf/split_meterpreter_scripts/
) in the ./lib/msf/split_meterpreter_scripts/ directory


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages