If you haven’t already, make sure to see my previous article on
setting up the live USB and payload USB. Otherwise, you might get a little confused if you don’t know where the USB flash drives came from in the steps below.
Once that’s out of the way, you can follow through the rest of the attack here, where the two USB flash drives will be inserted into the powered-off target computer, Windows Defender and other security software will be aggressively removed, and the payload will be saved in the right spot.
And as always, whether you’re a white hat, pentester, security researcher, or just a regular old Windows 10 user, some preventative measures will be discussed near the bottom of this guide.
Step 1 Boot the Target Device with the Live USB
Since two USB ports will be used eventually in this attack, if there’s only one USB port, you might have to carry around a
USB hub so you can connect both the live USB and payload USB.
With the target computer completely powered off, all USBs and external hard drives that may be connected to the computer should be removed. Then, insert
the live USB that was created with Etcher into the Windows 10 laptop.
To access the boot manager,
F12, F10, Fn+ F2, or some combination of keys will need to be pressed as the target computer is booting. As every computer manufacturer handles bootloaders differently, there’s no reliable way for me to demonstrate this. Below is an image of a typical boot manager displaying boot options, but the target’s boot manager may appear much differently.
The “USB boot” option should be selected.