Skip to main content

BadUSB : DIY tool for digital exploitation

Hey there! Back to blogger after long time..  These days i am working with kali linux. It's fun if to use kali if you are agree with me on following points.

  • Using terminal instead of GUI is fun.
  • We are the penetration testers & network security is a myth. :p
Anyway, Before talking too much technical & geeky stuff, let's keep it short and sweet! Kali is a great distribution of Debian linux, Specially customized for penetration testing with thousands of tools. Let me assume that you know what Kali is and you are familiar with basic kali interface and metasploit framework. If you dont know about it still it's not a big deal, google is your friend!

What's BadUSB?

BadUSB is basically a USB device that looks like a pendrive but works like an automatic keyboard. Yes, for operating systems its just an USB HID keyboard.

How does it works?

Working principle of badUSB can be simply explained as :
  • BadUSB looks like keyboard to Operating system.
  • Human uses keyboard. He/She is a master.
  • Computers trust humans & listen their every order through keyboard.
By taking advantage of these things, one can simply automate a keyboard to force computer to execute given task. Imagine.. an automatic robot is sitting front of computer and typing instructions using keyboard. Computer will never know this is not a human!

Why BadUSB?

  1. 99% Computer around me are windows machines.
  2. Any windows can be easily hacked by having physical access to victim machine just for 5 seconds.
  3. Any Anti-virus or Anti-malware software can't detect that badUSB is really something bad & it's not a keyboard.
  4. Meterpreter [The reverse internet connection that talks to hacker's computer secretly without any indication to victim user] can be easily handled with in-built metasploit framework on kali linux.
  5. Arduino can be easily used to make your own badUSB device.

Let's Make it..!

Things we are going to use:

  1. ATmega328 (bare chip with arduino bootloader or Arduino board if you want)
  2. 3v6 zener diodes
  3. couple of resistors, capacitors
  4. USB male type-A connector  (Obviously!)
All we are going to build is just an automatic keyboard that can open a command prompt in windows machine, type a long string with tremendous speed that opens reverse meterpreter connection from victim's IP to your Kali machine with metasploit, execute it & close the command prompt like nothing is happened.. [commonly know as shellcode injection method]

For easy programming, i wrote my own BadUSB.h file by using previously available UsbKeyboard library for Arduino. [Thanks to V-USB for AVR :) ]



Circuit diagram & PCB Layout:

Circuit Diagram

PCB Layout

Generating powershell payload to execute automated attack:


To invoke a reverse meterpreter connection berween victim's machine and your kali machine, some specific commands must be inserted into windows cmd prompt. Well, here i am not going to describe the whole procedure for payload creation. Lot of results available if you searched it on the internet.. the keywords are [powershell, payload, shellcode injection, metasploit, meterpreter, backdoor, msfvenom etc..]

Once payload for your desired IP configuration (which will be different for every one) is generated for both 32 & 64bit windows machine. Simply copy paste the strings into example arduino code given in the library & burn the program into ATmega328.

Performing Attack:

  1. Fire up metasploit console on your kali machine.
  2. Initialize the reverse listener on desired port [the port you provided during payload generation].
  3. insert the bad usb into victim's machine
BOOM..!! You are in..! You will see the meterpreter session is opened on your metasploit console. Now you can do anything you want with your victim's machine. Just make sure that you have admin privileges by using privilege escalation techniques, you can create a persistent backdoor inside your vicitim's machine so that connection with victim's machine will be maintained even after victim reboots his system.
Hope you Know what are doing before exploiting anyone, make sure you won't violate any law intentionally or even by mistake!
Happy hacking, Keep exploiting! :)

Comments

Popular posts from this blog

Let's make an Arduino T-copter from scratch!

STEP-1 Starting up...Hi people, I am back after few months.. I decided to build something "productive" from ATmega chips laying around in my drawer, collecting dust. Still my final exam is not completed, i am busy in my studies.. but i am updating my idea as early as possible on this blog. From the first day, when i saw a multi-rotor UAV i was passionate to build my own multi copter.. And yes, build it from scratch rather than building it using ready made flight controllers like multiwii, kk multicopter etc... I am going make my own RF remote control rather than using a ready made multichannel  transmitters & receivers.. Hope my tricopter will fly as early as possible..
Basic Design (just created in paint):
I am going buy require components after my final exam... lot of work to do.. software, hardware & calculations...!!
so stay tuned to build your very own tricopter with me... 
(PS. I am trying to understand mathematical algorithm for flight stabilization and error dete…

ESP8266: Super compact WiFi Snipper for DeAuth attack

Introduction: Hello world! Few years ago, a new chip came to the market which started a new revolution! Yes, i am talking about the ESP8266. This chip is  way more powerful in terms of CPU architecture, clock frequency, flash size and power consumption if we compare it with existing arduino boards that usually contains Atmel's AVR controllers.
Actually i bought this ESP-01 modules few years back which was originally flashed with good old serial AT command firmware. Over the time, I figured out that the same chip can be directly programmed through the Arduino IDE. This feature is so amazing that you can practically use all existing arduino libraries and the same IDE to program the ESP8266 according to your need by flashing your own arduino sketch. (Word of caution: It will remove your existing AT commands firmware from the chip)
Okay, but why DeAuth?[ First of all you must read this, if you don't know anything about deauthentication attack. ]
After experimenting a lot with typical…

Wireless gesture Controlled Robot Using AT89S52

ACCELEROMETER  BASED  WIRELESS  GESTURE CONTROLLED  ROBOT  USING 8051 (ATMEL’S  AT89S52)
The gesture controlled robot is a special kind of robot which works with your hand gestures. It is possible to control the movement of robot in desired
direction just with your hand gestures. You just need to wear a small transmitting
device in your hand which included an acceleration meter. This will transmit an
appropriate command to the robot so that it can do whatever we want.
This robot is mainly divide into 2 parts:

1. Transmitter – The gesture device.
2. Receiver – The Robot.

Now let’s discus about transmitter first.
The transmitter consist of following analog and digital components:
1. Analog accelerometer ( motion sensor )
2. Comparator (LM324 OP-AMP)
3. 4-bit Encoder (HT12E)
4. RF transmitter (remote control )
THE GESTURE (TRANSMITTER) DEVICE:

THE TRANSMITTER SCHEMATIC:

THE TRANSMITTER PCB: The accelerometer: An Accelerometer is a kind of sensor which gives an analog data while moving in X,Y,Z dir…