Get full access to Metasploit Penetration Testing Cookbook - Third Edition and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Start your free trial

How it works...

After generating the encoded malicious file, the Metasploit listener starts waiting for back connections. The only limitation to this attack is that the removable media must have autorun enabled; otherwise, manual trigger will be required.

This type of attack vector can be helpful in situations where the target user is behind a firewall. Most antivirus programs nowadays disable autorun, which in turn renders this type of attack useless. The pentester, along with autorun-based attacks, should also ensure that a backdoor, legitimate executable/PDF is provided, along with the media. This will ensure that the victim invariably executes one of the payloads.

Get Metasploit Penetration Testing Cookbook - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now