The power of dynamic socket injection: WSUS command execution as [NT AUTHORITY/SYSTEM]
Context Some time ago we published an important update to Syphoon, featuring the new dynamic socket injection system. In short, this allows using Ruby code to generate content on the fly for context-dependent injections. Taking things further To demonstrate the power of dynamic injections, we thought we'd publish a new release of Syphoon, this time including some new scripts. Specifically, two new scripts are provided to attack the Windows Update system (WSUS) when configured to use HTTP. wsus-inject-cmd This first script simply allows running commands (through cmd.exe) as 'NT AUTHORITY/SYSTEM' on any client machine requesting WSUS through HTTP. This is...
Pwn harder with dynamic injection in Syphoon 1.4.0
The best socket injection system just got better Socket injection is big fun for sure. Easily drop XSS-based attacks on victim browsers with a simple regex, inject payloads within SMTP/POP emails, or simply embed raccoon pictures in every web page. However, static strings can only take us so far. There comes a point when we start thinking it would be nice for the string to be a bit more flexible, maybe even dependent on specific conditions for each injection. This is taking us into the realm of dynamic injection. Introducing dynamic injection Instead of simply asking Syphoon to insert some...
A new USB injection tool
USB injection is such a pleasure: find an open session, plug in, loot. Operational constraints can make it difficult though: not knowing the keyboard layout of the victim for example. Whenever flexibility is key, our signature injector Azban is able to deploy payloads on virtually any OS and keyboard layout combination. However to achieve this Azban requires the victim workstation to be connected to the Internet. While this is not an issue in many cases, there are situations where an offline injection is actually required, such as tightly-restricted corporate network environments. Thus, a new solution presents itself in the form...
Syphoon - Raccoon-in-the-Middle
Weapons-grade MitM Syphoon is a MitM (Man-in-the-Middle) tool - it abuses the network to redirect communications from other hosts through itself. This allows sniffing as well as manipulation of communications between hosts on the network. Beat the network into submission When thinking about MitM, the first thing that comes to mind is often sniffing passwords out of clear-text exchanges. This is a gross oversimplification of what Syphoon is capable of. MitM is only the beginning - Syphoon offers a wide range of tools to extract information, manipulate exchanges, strip SSL, redirect network flows and more. Written exclusively in C and optimized...
Meet the Sparkplug - a tiny injector for those pesky PoE devices
A delicate situation Sometimes you need to hook something behind a device in a corporate network. Unfortunately, sometimes that device turns out to be an IP phone or video camera only powered through PoE. Unless there's a spare power supply lying around that just happens to match the device, this can mean the difference between a successful intrusion or an embarrassing moment. An easy solution The solution to this is the Sparkplug - a tiny PoE injector capable of powering devices up to 15W. On one side, hook up the included wall adapter and the PoE device. On the other...
- 3D print
- Swiss day