uzy
2014-10-29, 03:02
Hi,
It would be nice if we could manage to create an HID attack that runs at the right moment :
1) Attacker select and "activate" HID payload he wants to inject to victim
2) Attacker get physical access to victim's computer (but this computer is locked or shutdown) and plugs his nethunter powered device(c) in the victim's computer usb port
3) Attacker leaves the building and party all night
4) Victim come back in the morning, doesn't notice that a device is plugged in the usb port and logs on his computer
5) HID payload executes itself right on time after the victim's logon
6) The story doesn't tell what happens to the Nethunter device at the end...
In order to do this, Nethunter should be able to test and confirm that it can interact with the OS/cmd and that it is not "locked" in a login/unlock prompt.
This could be possibly done by periodicaly testing write access to the USB storage of the nethunter device (e.g. running something like "echo 'ok lets launch real operations' > d:\flag.txt") and checking on the Nethunter device the creation of the "flag.txt" file. Once this file is created, the selected HID payload could be launched.
There might be another way to detect user login by detecting on the Nethunter device that the OS try to access to files like autorun.inf or device icon (supposing this kind of access to USB storage is only done when the user is logged in ?).
Any thought on how to do this in an efficient way ?
Cheers
uzy
It would be nice if we could manage to create an HID attack that runs at the right moment :
1) Attacker select and "activate" HID payload he wants to inject to victim
2) Attacker get physical access to victim's computer (but this computer is locked or shutdown) and plugs his nethunter powered device(c) in the victim's computer usb port
3) Attacker leaves the building and party all night
4) Victim come back in the morning, doesn't notice that a device is plugged in the usb port and logs on his computer
5) HID payload executes itself right on time after the victim's logon
6) The story doesn't tell what happens to the Nethunter device at the end...
In order to do this, Nethunter should be able to test and confirm that it can interact with the OS/cmd and that it is not "locked" in a login/unlock prompt.
This could be possibly done by periodicaly testing write access to the USB storage of the nethunter device (e.g. running something like "echo 'ok lets launch real operations' > d:\flag.txt") and checking on the Nethunter device the creation of the "flag.txt" file. Once this file is created, the selected HID payload could be launched.
There might be another way to detect user login by detecting on the Nethunter device that the OS try to access to files like autorun.inf or device icon (supposing this kind of access to USB storage is only done when the user is logged in ?).
Any thought on how to do this in an efficient way ?
Cheers
uzy