Arduino based hid attacks by Brendan Hohenadel Why you should listen to me



Download 10.04 Mb.
Date06.11.2019
Size10.04 Mb.
#54250
session5-brendanh-hid

Arduino based HID Attacks

by Brendan Hohenadel

Why you should listen to me*

  • Cyber Forensic Analyst at U of G
  • I like to hack stuff
  • I’m cheap
  • I dream of Red Teaming
  • I have letters after my name: OSCP, OSCE, CISSP
  • I wrote OverThruster: https://github.com/RedLectroid/OverThruster
  • On Twitter @bhohenadel (sorry, no Mastadon)

    • *You shouldn’t listen to me. Now’s your chance for a smoke break. Go now.  I’ll pause and wait.

Presentation Schedule

  • Title Slide
  • Personal Introduction Slide
  • This Slide
  • Rest of the presentation

A Little History Lesson

USB Rubber Ducky

USB Ducky Scripts

DELAY 3000 GUI r DELAY 500 STRING notepad DELAY 500 ENTER DELAY 750 STRING Hello World!!! ENTER

PHUKD

Programmable HID USB

Keyboard Dongle by

Adrien Crenshaw aka

IronGeek at DefCon 18

  • Built on Teensy 2.0
    • too expensive
  • Looks suspicious…

USBdriveby

Samy Kamkar

  • Modifies DNS
  • Teensy 3.1
    • Too expensive
  • Designed for OSX
  • Looks suspicious…

Lots of others

- Offensive Security’s Peensy

- NetHunter (Android phone based)

- Kautilya by Nikhil Mittal

- Lots more in GitHub, all based on Teensy

So I bought Teensy 3.1

  • Started learning Powershell
  • started making payloads
  • Discovered LED_STATUS
  • Still not happy about the cost...

Elie Bursztein at BlackHat 24

Elie Bursztein at BlackHat 24

AliExpress to the Rescue!

My Cost


Mini SS Micro Arduino (testing/keychain)

$6

Pro Micro Arduino x10

$32

USB Type A Connector x 10

$0.70

USB case x 10

$18

TOTAL

$50.70

Cost per device

$5.07

Testing, Learning, Testing, Learning

  • Arduino keyboard library is different than Teensy…
  • Arduino keyboard library is more limited than Teensy…
  • (these) Arduinos have no reset/program button like the Teensy…
  • LET’S AUTOMATE THIS!!!

OverThruster was Born

  • Inspired by the one of the greatest

    • Sci-Fi film ever made

  • Menu driven python script
  • ONLY standard python libraries
  • Generates Arduino sketches for

    • various payloads

  • Highly customizable
  • Multiple UAC bypass methods
  • Optional notification bubble to

    • distract the user

  • helper functions that work

    • with some of the payloads

Demo Time!!

  • How the tool works, a simple payload and the listerner
  • Poppin’ a shell
  • Mimikatz with UAC Bypass
  • Poppin’ a shell on OSX

Problems to still work out

  • NicoHood’s keyboard library isn’t detected properly in OSX
    • Maybe it is...
  • Need a Python version of netcat for windows users
  • Less dependency on timing/delays

Future Plans

  • Add SD Card/local storage functionality
  • Clean up the code/add comments
  • More payloads
  • FIND A SUITABLE CASE (maybe resin casting?)

Until my DIY is done...

  • 5 for $25
  • Arduino Pro Micro based
  • But no storage...

Questions?

Or maybe a minute or two of awkward silence before I slowly walk away...


Download 10.04 Mb.

Share with your friends:



The database is protected by copyright ©ininet.org 2024
send message
    Main page
Guide
Instructions
Report
Request
Review