Usb key advanced get
This might be a good thing if you are doing a study like we did.
Social engineering attacks are very obvious, as you have files with HTML extensions. Stealth: The third aspect to consider is how stealthy the attack is and how much suspicion it will trigger. 0-day keys are likely to be very reliable for a specific OS version. However, they require a lot of testing to get the times between commands correct. A HID key can be made to be very reliable as it will trigger the attack as soon as the key is plugged in. The social engineering approach is the least reliable attack because it requires the user not only to plug the key in but also to click on a file and then fill in the phishing form. Reliability: The second aspect to take into account is how reliable the attack will be.
#Usb key advanced get code#
The elusive 0-day-based keys are likely much harder to make as they require finding a 0-day vulnerability, implementing the low-level code to exploit it, and creating a realistic-looking key to deliver it. HID-based keys are moderately difficult to create as off-the-shelf hardware must be programmed and their appearance customized. Social engineering keys are the easiest to create as they use simple HTML files. Here is a brief discussion of the trade-offs.Ĭomplexity and Cost: The first aspect to consider is how difficult and costly it is to create each type of key. To assess which type of attack is best suited for a drop attack, we evaluated the strengths and weaknesses in the four areas reported in the table above. The strengths and weaknesses Attack vector AFAIK, none of those have been publicly discussed.
#Usb key advanced get driver#
As we will see later in the post (spoiler alert!), with a bit of work and ingenuity, we will create a HID device that spawns a reverse TCP shell that will give us full remote control over the victims computer.Ġ-day: Those rumored keys are likely to use custom hardware that exploits a vulnerability in a USB driver to get direct control of a computer as soon as it is plugged in. The keystrokes are a set of commands that compromise the victims computer. This fake keyboard injects keystrokes as soon as the device is plugged into the computer. HID (Human Interface Device) spoofing: HID spoofing keys use specialized hardware to fool a computer into believing that the USB key is a keyboard. Lets briefly discuss the various types of attack as well as their strengths and weaknesses, so that it is clear why HID spoofing keys are the way to go for our use case. In our case, we want to create the best key possible for a drop attack for a reasonable budget. Therefore, the first question to answer is which type of attack will best meet our needs. There are three classes of malicious USB keys, each with their own set of advantages and disadvantages.
Understanding malicious USB attack vectors This post, as my other blog posts, are only for educational purposes and not an invitation to hack systems that don't belong to you. You can get the slides here and the related code here.īefore getting started, here is a demo of the key in action, to give you a sense of what the end result looks like:ĭisclaimer: USB attacks should be carried out only against systems that you own or have permission to attack.
#Usb key advanced get how to#
After discussing the pros and cons of the three types of malicious USB keys, this post will walk you through how to create a spoofed HID keys like the one I demoed at the Blackhat conference during my talk on USB drop attacks:ĭoes dropping usb drives in parking lots and other places really work? - Blackhat USA 2016 This blog post follows up on the study by showing how reliable and realistic-looking malicious USB keys can be created. Dropping a malicious USB key in a parking lot is an effective attack vector, as demonstrated by our recent large-scale study.