Step 2: Setup the VPS & Install MetasploitĪ virtual private server (VPS) is needed to host the Metasploit listener. You could use keys from a portable lock or house keys that come with new door knobs - any kind can work if you want to attach keys. However, the acquisition of keys is optional. A local hardware store might be a good place to start looking for stock and inexpensive keys. The addition of keys attached to the USB's keyring will likely increase the likeliness of the USB stick being picked up and used. On Amazon: 10-Pack ALMEMO 128 MB USB 2.0 Flash Drives, Swivel, Black, for $21 + Free Prime Shipping You could go for some larger storage capacities, such as 16 GB, to really sell the idea that a movie is on there, but chances are, the user won't even notice the size unless it's written right on the stick, so a smaller, cheaper one will work just fine. Keep in mind, these prices and deals will change over time. I found it's usually possible to find 10 USB thumb drives for roughly $20 USD. At the time of this writing, USB sticks can be purchased in bulk using websites like Amazon, Best Buy, and Newegg. Image by Sergey Jarochkin/ 123RF Step 1: Purchase the USB Drives & KeysĪt least one USB flash drive is required for this attack. This attack was performed against a Windows 10 Enterprise machine with Avast antivirus installed The point is to label the USB stick and fill it with content the intended victim will find hard to ignore. In that scenario, loading the USB stick with content inspired by The Walking Dead or something by an acclaimed horror movie filmmaker would make more sense. During a reconnaissance phase, it may be discovered that a target user is wildly obsessed with zombie movies and TV shows. This type of attack does not have to use the Star Wars franchise as a theme, I'm just a big an of the movies. But what if the target Wi-Fi router isn't located at a university? It exploited their gullibleness to believe a student could lose their USB flash drive on school property. The researchers' experiment was targeted at university students and professors. Don't Miss: Use a Pi as a Dead Drop for Anonymous Offline Comms.The addition of keys and label is something to consider when performing USB drops. The data also suggests that USB sticks labeled "Pictures" or "Winter Break Pictures" are more likely to be inserted by the victim. The presence of keys, no doubt, reinforced the belief that the keys and USB stick were lost and not placed on the ground by a hacker. The data showed that attaching keys to the USB's keyring increased the likeliness of the flash drive being inserted into a computer. Nearly 50% of the USB thumb drives were picked up, and at least one file on each of those USB drives was clicked on. a study was conducted that involved 300 malicious USB sticks being dropped by researchers on a university campus in Illinois. This is a good opportunity to discuss how hackers can use media hype (in this case, Hollywood movie hype) to disarm an unsuspecting Windows user into inserting an evil USB stick into their computer.Ī long time ago, in a galaxy far, far away. The latest Star Wars movie, Solo: A Star Wars Story, has grossed almost $350 million worldwide during its first month in theaters.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |