This post is all about how I created a PowerShell script to automate the process of generating USB sticks used in a Social engineering attack. The goal with the attack was to measure if the employees inserted the USB sticks and opened any documents. It was not a goal to exploit the users.
The Manual way
So how do we do this manually? I found out that an easy method of checking if a user is opening an Excel spreadsheet is to load an image from an external webserver that I controlled. How do you do that? Well, to be honest I am not the best in the world in Excel, but you can do the following:
- Insert – Pictures
- Then fill out the image from your webserver (http://server.com/image.png):
- Click the arrow next to insert and choose Link to File:
- Save the document and you have your very own Excel spreadsheet where you can check if someone opens.
When I do Social Engineering tests I use Kali linux and Apache2 since it is very convenient. Just fire up Apache2 and you can check the access logs under /var/log/apache2/access.log
Maybe you also want to measure if they click on links inside the Excel spreadsheet? A great way of doing that is to do the following:
- Create some text in the spreadsheet explaining that the content has been moved and they need to use the link to access it.
- Make sure you are active standing in the cell beneath the text and go to Insert and choose Hyperlink:
- Fill it out like this:
- Before you click okay, make sure you click on the Screen tip button and fill it out like this:
- It should now look like this in Excel:
So now I have you showed you how to use Excel to measure if the user opens the spreadsheet and if he clicks on the link. You can now see it in the Apache2 access.log file under the /var/log/apache2/ folder on the Kali machine. That’s cool, but how do we automate it and make a lot of USB sticks and make sure that each has its own unique ID? Let’s say you are generating 20 memory sticks and you want to be able to uniquely identify them, then you cannot use the same link or the same picture. This is where PowerShell is nice. 🙂
The Automated way
Prior to writing the script that automates the process of creating USB sticks I had generated 20 white picture files named tracker1.jpg to tracker20.jpg and these were uploaded to the /var/www/html/ folder on my Kali machine.
The script does the following:
-
Temporary create files to your local hard drive inside a folder you specify
- Creates a subfolder for each USB stick
-
Generates the number of excel spreadsheet that you want create based on the $NumberOfMemsticks variable.
- Inserts picture from the url you specify
- Create some text and inserts a LINK pointing to where you want
-
Copies the Excel spreadsheet from the folder named 1 to the current USB stick
- Remove the temporary copy on local harddrive
- Pauses script and asks you to insert next stick and press enter
- Copies spreadsheet from folder named 2 and continuous the loop.
Unfortantly there is no way to remove and insert a new USB stick with a script (without a robot at least), so a little physical labor must be done…. 🙂
It is not a very polished script, but it does the job and can be found here:
https://github.com/api0cradle/PowershellScripts/blob/master/Security/Generate-PhishingBait.1.0.ps1