Time
2 hours 25 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:01
So as you can see, there's really nothing malicious going on. It's just a bit scary for the person.
00:06
Um,
00:07
so they really
00:09
I have nothing to worry about. Maybe they should worry about picking up strange USB devices,
00:14
but nothing bad will happen. So let's go ahead and save this
00:18
and we'll save on that flash drive.
00:23
So drive and we'll save this as
00:28
well. This is this is gonna be the file that's gonna be actually hidden,
00:33
so you can really name it whatever way want, because in all likelihood, the person is not going to see it.
00:39
So we're gonna make this a batch file and the extension name is dot b a T bat. So once we have that, make sure you get under there,
00:49
I'm gonna save it.
00:50
And this is This is why I like no pad plus plus is because it it actually shows you, like in different colors, commands based on the type of file. So it's it's just a batch file, and it knows to actually
01:07
color those commands and what's nice. As you can see, I do this sort of on purpose just to show you that
01:12
you gotta be careful what you put in a batch Files. So you we really want to do on exclamation point here? Because that's an actual command that will probably ruin the Thistle batch file. So, uh, looks like we're okay there, So let's re save that again up here.
01:32
Okay, now that we made our batch file, let's go ahead and hide it and create that shortcut link to it.
01:38
So let's go ahead to in order to hide the file we're going to right, Click on it, go down two properties,
01:47
then we're gonna select this check check box next to hidden.
01:49
Let's say OK,
01:52
now, as you should have made it possible to see files, it's not gonna actually hide the file from your view, but it is gonna gray out the icon next to it. That's how you know it's hit.
02:05
Now let's make a short cut to this hidden file. So to do that, we're gonna right click,
02:12
go to create shortcut.
02:15
And now you got a somewhere looking shortcut that says shortcut in. And we don't want that We wanted to say something or be something tempting. So the first thing we're gonna do is we're gonna rename this. So let's rename it to something someone may may be curious about.
02:36
So let's say 2017
02:39
x return because a taste here in America tax returns have a lot of sensitive information, So we'll name it that.
02:49
So now that we named that, we want to change this icon because this to most people is a strange looking icon. They will probably be cautious of that. So let's go ahead and change it icon. In order to do that, we're going to right click on this
03:04
and we're going to go to properties.
03:07
And what's wrong? The properties we're going to select change icon
03:12
that window should throw up a warning message. Don't worry about it.
03:17
And we're gonna get all these icons to select from. But I think what we'll do is just select a text icon icon that corresponds to a text file.
03:30
So So what will select this one? See? Okay,
03:32
Okay. Again.
03:35
And bam. That should apply to it. So that looks pretty convincing right there. So now let's go ahead
03:42
and we'll just hide, hide this file, make it see what the victim see. If so, we're gonna go back up here to file for to the EU tab.
03:51
And over here, two options
03:53
back to you on this one.
03:55
We'll go to don't show hidden files, folders or drives.
04:00
It's like that. See? Okay,
04:01
So this is exactly what I would say. 99% of people are going to see unless unless their computer has it. So they conceive hidden files, But this is what the vast majority people are going to see.
04:15
Okay, Now, I think if I want to show you this, I'm going to have to run this in my other screen. So let me go ahead and get that set up real quick
04:25
of this.
04:29
Okay? So let's go ahead and run it. So this
04:32
when a victim picks us up, this is most likely what they're going to see. So they're gonna say, Oh, what's this? Tax returns. Let's go ahead. Click on that. Run it.
04:41
Uh oh. Looks like we haven't ever. So let's go back. So let's unhygienic file.
04:48
This happens all the time when you're making scripts, so don't don't feel bad about it. I mean, I make bad files all the time. Look, it's that I made a mistake, So let's go ahead and edit this. Okay?
05:02
Yes, I made him stay here. So I put the slash in the wrong place, and I forgot to add a splash of four. No brakes. So if you made your
05:14
you're bad file the same way I did. Uh, this should be the correct one. I don't see any more mistakes, so this should be correct.
05:24
And I'll make sure in the course notes that everything is nice and polish so you can copy and paste that
05:31
we haven't saved this. Say that. Close that,
05:35
and we'll re hide the files back to re hiding your show.
05:42
Okay, now it's dry, so I double click that
05:46
Bam. I was activated of o
05:48
oh, looking for files to steal. That's not good.
05:54
Here's a strange oh, sensitive files found. No.
06:00
Oh, no. He's putting hackers. What am I gonna do?
06:04
Uh oh.
06:09
And hope thanking me, at least. And so this is gonna just stay here for about another 20 seconds.
06:15
And I You could kind of see why, like, clearing the other screen, Because when it does that directory command, it can have a lot of files, and it may may be distracting for this next section of pop up, and they might not be paying attention to it. And so this this is all the batch file does. So nothing malicious, just a bit scary.
06:35
And, uh,
06:36
and, uh, they really show person that they really should plug in strange USB devices.

Up Next

USB Drop Attack

Malicious devices are everywhere these days, whether you can see them or not.

Instructed By

Instructor Profile Image
Shawn Briere
Information Security Analyst
Instructor