PoC to generate Reverse TCP backdoors (x86, x64, all ports), malicious LNK and PDF files with fileformat exploits. It can also help to run Auto[run|play]/[EXE|LNK|PDF] USB remote infections and dumping all USB files remotely on multiple targets (and multiple USB drives) at the same time. A set can be specified to dump only files with specific extensions. USBsploit works through Meterpreter sessions with a light (31MB) modified version of Metasploit (3.4.2-dev). The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework (3.5.1-dev). The USBsploit v0.4b home page : http://secuobs.com/news/27102010-usbsploit_v0.4b_meterpreter_msf_3.shtml The .svn https://svn.secuobs.com/svn The .run https://www.secuobs.com/usbsploit/usbsploit-0.4-BETA-linux-i686.run The .tar.gz https://www.secuobs.com/usbsploit/usbsploit-0.4-BETA-linux-i686.tar.gz Some videos: - Auto[run|play]/PDF infection: http://secuobs.com/news/27102010-usbsploit_v0.4b_meterpreter_msf_1.shtml - Auto[run|play]/LNK infection: http://secuobs.com/news/12102010-usbsploit_v0.3b_meterpreter_msf_1.shtml - Auto[run|play]/EXE infection: http://secuobs.com/news/14072010-usbsploit_v0.2b_meterpreter_msf_3.shtml - Reverse TCP backdoor and USB files dumping using a specific set of extensions http://secuobs.com/news/14072010-usbsploit_v0.1b_meterpreter_msf_2.shtml - Reverse TCP backdoor and all USB files dumping http://secuobs.com/news/14072010-usbsploit_v0.1b_meterpreter_msf_1.shtml Some other videos about using the usbsploit.rb script with the original Metasploit Framework are available on http://youtube.com/secuobs XPO
