Kautilya 0.3.0 Released – Breaking Mac OS X with USB HID

Kautilya 0.3.0 Released – Breaking Mac OS X with USB HID

Kautilya is a toolkit which provides various payloads for Teensy device which may help in breaking in a computer. The toolkit is written in Ruby.

  • The Windows payloads and modules are written mostly in powershell (in combination with native commands) and are tested on Windows 7.
  • The Linux payloads are mostly commands in combination with little Bash scripting. These are tested on Ubuntu 11.

You need a Teensy++ from pjrc.com to use this.

This version adds “support” for Mac OS X pwange (tested on Lion running on VMWare virtual machine) and many new payloads for Windows and Linux. Update your repositories and enjoy!!

  CHANGELOG for 0.3.0

– Added “Get Target Credentials” payload for Windows.
– Added “DNS TXT Code Execution” payload for Windows.
– Added “Tracking Target Connectivity” payload for Windows.
– Added “Speak” payload for Windows.
– Added “Wait for Command” payload for Windows.
– Added “DNS TXT Code Execution” for Linux.
– Added “Perl Reverse Shell (MSF)” for Linux.
– Added payloads for Mac OS X, tested on OS X Lion runnning on a VMWare.
– Added “Download and Execute” for  OS X.
– Added “DNS TXT Code Execution” for  OS X.
– Added “Perl Reverse Shell (MSF)” from OS X
– Added “Ruby Reverse Shell (MSF)” for OS X
– Fixed a minor bug in “code execution using powershell” payload.
– An excepti0n is added to Windows firewall for bind shell in “Rogue AP” payload
– Fixed a major bug in “Connect to Hotspot and Execute code”. The SSID key was being stored in encrypted format which doesn’t work (Windows seem to encrypt WLAN keys using some machine specific key). Now the key is stored in plain and WLAN profile import works on other systems too.
– Fixed a bug in “Hashdump and upload to pastebin” payload. The powershell command was being called from the dumpaste.vbs script without bypassing executionpolicy. This means password hashes were being dumped but not pasted to pastebin..
– Removed TYPESPEED from every payload which was being used as good luck mark and was borrowed from SET 🙂
– Implemented Left + Enter as a method to say yes to UAC prompt, previously it was Alt + Y. Thanks to Paul who commented this on my blog.
– Increased the delay at the beginning to 25 seconds.
– Replaced the older “linux_codeexec.ino” (which had hardcoded shellcode) with proper file.
– Minor improvements in some lonux payload. Files written to disk are now written in /tmp.


NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"