support

Notice: This attack's implementation is dated and is not effective in a modern environment.

USB/CD AutoPlay Attack

Cobalt Strike's USB/CD AutoPlay attack helps you turn a CD-ROM or USB drive into an attack against Windows XP and Windows Vista systems. Cobalt Strike creates an autorun.info that adds an AutoPlay action and hooks several of the shell commands for the drive. These hooks will allow the user to inadvertently run an executable you specify when they try to view the contents of the drive

To create a malicious USB drive, go to Attacks -> Packages -> USB/CD AutoPlay

Specify a name for your drive in the Media Label field.

Provide the AutoPlay Action text. This will be shown to the user at the top of the list of actions when the drive is plugged in. Also, make sure you place several legitimate files that support your ruse on the drive. Windows presents actions to the user based on the types of files it sees on the drive.

Specify an AutoPlay Icon. You may reference a file on the drive or specify an icon in a standard location.

Finally, choose the executable that you want to run. You may generate an executable through Cobalt Strike or use another one if you need to.

Press Launch and choose a location to save the files to. The files should end up on the root of the drive for this attack to work.

This attack works best against Windows XP systems. Parts of it work on Windows Vista. This attack does not work against Windows 7.