Feature #700
Meterpreter script to enumate USB storage registry entries
| Status: | Closed | Start date: | 12/18/2009 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | HD Moore | % Done: | 100% |
|
| Category: | meterpreter - win32 | |||
| Target version: | Metasploit 4.3.0 | |||
| Resolution: | How To Use: | |||
| Release Note: |
Description
History
Updated by Rob Fuller about 2 years ago
Would this be better to pull 'drives' and then check if they are USB? Where the reverse (check the registry for all (previously/currently connected USB mass storage devices) might be nice is to pull the last few connected devices and que a write to them.
Updated by HD Moore about 2 years ago
This is for audit purposes - similar functionality to other tools for determining where/when a drive was inserted - for folks using meterpreter in conjunction with network-wide automation tasks this could be useful for finding where a usb drive was first inserted, and what other machines it was then moved to.
Updated by Jacob Hammack almost 2 years ago
- File usbenum.rb added
Here is my stab at completing this ticket. I didn't implement the setup api stuff as it is far more intensive than just reading the registry. If that is needed I can add it. I tested it on a Windows 2k vm with metasploit r9056
Thanks!
Updated by James Lee over 1 year ago
- Target version changed from Metasploit 3.4.0 to Metasploit 3.5.0
Updated by James Lee about 1 year ago
- Target version changed from Metasploit 3.5.0 to Metasploit 3.6
Updated by Tod Beardsley 4 months ago
- Status changed from New to HavePatch
- Target version changed from Open Backlog to Metasploit 4.3.0
- 10 set to 0
Updated by sinn3r . 3 months ago
- Status changed from HavePatch to Resolved
- % Done changed from 0 to 100
The following modules do this:
source:/modules/post/windows/gather/enum_devices.rb
source:/modules/post/windows/gather/usb_history.rb
Updated by Jonathan Cran about 1 month ago
- Status changed from Resolved to Closed