Hey there! Back to blogger after long time.. These days i am working with kali linux. It's fun if to use kali if you are agree with me on following points.
- Using terminal instead of GUI is fun.
- We are the penetration testers & network security is a myth. :p
Anyway, Before talking too much technical & geeky stuff, let's keep it short and sweet! Kali is a great distribution of Debian linux, Specially customized for penetration testing with thousands of tools. Let me assume that you know what Kali is and you are familiar with basic kali interface and metasploit framework. If you dont know about it still it's not a big deal, google is your friend!
BadUSB is basically a USB device that looks like a pendrive but works like an automatic keyboard. Yes, for operating systems its just an USB HID keyboard.
How does it works?
Working principle of badUSB can be simply explained as :
- BadUSB looks like keyboard to Operating system.
- Human uses keyboard. He/She is a master.
- Computers trust humans & listen their every order through keyboard.
By taking advantage of these things, one can simply automate a keyboard to force computer to execute given task. Imagine.. an automatic robot is sitting front of computer and typing instructions using keyboard. Computer will never know this is not a human!
- 99% Computer around me are windows machines.
- Any windows can be easily hacked by having physical access to victim machine just for 5 seconds.
- Any Anti-virus or Anti-malware software can't detect that badUSB is really something bad & it's not a keyboard.
- Meterpreter [The reverse internet connection that talks to hacker's computer secretly without any indication to victim user] can be easily handled with in-built metasploit framework on kali linux.
- Arduino can be easily used to make your own badUSB device.
Let's Make it..!
Things we are going to use:
- ATmega328 (bare chip with arduino bootloader or Arduino board if you want)
- 3v6 zener diodes
- couple of resistors, capacitors
- USB male type-A connector (Obviously!)
All we are going to build is just an automatic keyboard that can open a command prompt in windows machine, type a long string with tremendous speed that opens reverse meterpreter connection from victim's IP to your Kali machine with metasploit, execute it & close the command prompt like nothing is happened.. [commonly know as shellcode injection method]
For easy programming, i wrote my own BadUSB.h file by using previously available UsbKeyboard library for Arduino. [Thanks to V-USB for AVR :) ]
Circuit diagram & PCB Layout:
Generating powershell payload to execute automated attack:
To invoke a reverse meterpreter connection berween victim's machine and your kali machine, some specific commands must be inserted into windows cmd prompt. Well, here i am not going to describe the whole procedure for payload creation. Lot of results available if you searched it on the internet.. the keywords are [powershell, payload, shellcode injection, metasploit, meterpreter, backdoor, msfvenom etc..]
Once payload for your desired IP configuration (which will be different for every one) is generated for both 32 & 64bit windows machine. Simply copy paste the strings into example arduino code given in the library & burn the program into ATmega328.
- Fire up metasploit console on your kali machine.
- Initialize the reverse listener on desired port [the port you provided during payload generation].
- insert the bad usb into victim's machine
BOOM..!! You are in..! You will see the meterpreter session is opened on your metasploit console. Now you can do anything you want with your victim's machine. Just make sure that you have admin privileges by using privilege escalation techniques, you can create a persistent backdoor inside your vicitim's machine so that connection with victim's machine will be maintained even after victim reboots his system.
Hope you Know what are doing before exploiting anyone, make sure you won't violate any law intentionally or even by mistake!
Happy hacking, Keep exploiting! :)