Page 1 of 2 12 LastLast
Results 1 to 50 of 61

Thread: HID Keyboard Attack development

  1. #1
    Join Date
    2014-Jan
    Posts
    71

    HID Keyboard Attack development

    I like this attack so how can we upgrade/develop this?
    I think we need to make lot keyboard support, and how we can add more command? like persistence, or disable UAC without notification?

    Where i need to start? i want to add hungarian keyboard support/layout, and Binky said we need to edit sdcard/files/modules/keyseed.py but i dont know how .. :/

  2. #2
    Join Date
    2014-Sep
    Posts
    23
    Hi,

    I am looking for implementing French keyboard layout.
    To achieve this, what I plan to do as POC is to change the hid-keylog line 39:
    $scancode = $getKey::MapVirtualKey($vkey, $MAPVK_VSC_TO_VK_EX)
    To use the MapVirtualKeyEx that allow to set a locale:
    http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx

    My 2 cents on this, I have not tested already.

    Edit: Simply inputting the correct scancode depending on the localle wanted in sdcard/files/modules/keyseed.py should work but seems heavy (but inevitable though)
    Last edited by aemaeth2501; 2014-10-02 at 16:10.

  3. #3
    Hi aemaeth2501,

    Keep us posted on your progress!

  4. #4
    Join Date
    2014-Sep
    Posts
    23
    Hi muts,

    I will for sure but:
    - I could only look at this lightly for the next 2 weeks since my OSCP exam is the october 17th
    - I am far from being an expert, but will be highly interested in contributing to this awesome project !

    Keeps you posted

  5. #5
    Join Date
    2014-Sep
    Posts
    23
    Hi all,
    I managed to compile a quick SDL program that retrieve the scancode according to a keystroke.
    From there I got the scancode list for the keyseed.py file for french layout.
    Regarding this, what would be the best way to manage multiple locales in this file? Harcode switches by layout value? Use the java hashtable equivalent in python ?
    Once this is defined, i'll add a locale list to the PHP file that calls the keyseed.py.
    I might be able to send the SDL (and excel file) to anyone willing to implement another keyboard layout support. Just PM me.

  6. #6
    Hi aemaeth2501, this is great news!
    I suspect that adding a drop-down to the web interface where users can select their layouts would be the best idea. We will be swapping out the web interface soon, but having all the scripts and logic in place will help us when we port the web interface to a native anrdoid app... Please feel free to share the code!

  7. #7
    Join Date
    2014-Sep
    Posts
    23
    Hi muts,

    Here is the keyseed.py script modified. It has not been tested fully from the interface but by forcing the locale in the script it works well (needs to adjust the AltGr modifier key scancode though), since I'm not familiar with all the chain from php to this script in order to pass the right argument. As this was the more tedious task I prefer to give out the code, in case of someone has time in the next week to have a look to.

    Also, the code for the SDL application outputing the correct scancode is attached. Beware : A and a will output the same scancode value. The modifier needs to be added in the keyseed.py.
    keyseed.zip
    Source.zip
    Note:
    On a french keyboard, the Ctrl+Alt+Key is required to type in some special characters (ex: []@\`). The modifier I used before does not seems to work. I removed those to avoid inputting trash. Though, considering the possibility for multiple layout, it has to be taken in account that all characters might not be acceptable for HID typing on different layout than US (unless, for the french layout case, that someone came up with the right scancode for the AltGr key).
    Last edited by aemaeth2501; 2014-10-08 at 15:17. Reason: Changed keyseed.py after bug resolution (tests on FR system)

  8. #8
    Join Date
    2014-Jan
    Posts
    71
    Hy aemaeth250!

    Can you make this foe hungarian layout pls? or can you make a tutorial or video how to make it for more layout?
    Last edited by beloadjoker; 2014-10-09 at 21:53.

  9. #9
    Join Date
    2014-Sep
    Posts
    23
    Hi,

    Unfortunately I got no more time since I have to prepare a certification exam (beside my actual job work).
    Though, I can give you my methodology.

    DISCLAIMER: I know that this seems tedious, I might not have used the best methodology, and using excel and such might seem lame but it does work

    Refer to the excel file in attachment :printable_ascii.zip
    - Compile the SDL source code, with SDL2.0 or later
    - Open the Excel file
    - The column SymbolUS indicates which character you have to type in the SDL executable windows
    - It will output a scancode value that you should enter in the "Returned scancode" field
    - If a modifier key is required (Shift, Alt or other), indicate it in the "Modifier Needed" column (keep the formatting and case)

    From there, the "Scancode FR" and "New dict" column will be automatically calculated. Beware : I only implemented the Shift and AltGr modifier (the latter will return a void scancode since I did not already find the modifier code).

    Once done, copy the content of the "New dict" column and add the following to the keyseed.py (replace XX by the layout identifier)
    dict_XX = {
    (Content of the "New dict column", with the latest comma removed)
    }

    Add the following line in findinlist method:
    Code:
            elif locale=="XX" : print '''echo -ne "''' +dict_XX[byte]+ '''" > /dev/hidg0'''
    And If needed, add the following line in the win7cmd_elevated method (the "X" should be raplaced by the input key in US format used to confirm execution)
    Code:
    elif locale=="XX" : print '''echo --left-alt X | hid-keyboard /dev/hidg0 keyboard'''
    For the moment, I only changed the win7cmd_elevated method, but same treatment will be applied to the other ones.

    To test the overall, you need to change the keyseed.py (remove the local argument from methods, force the locale value to be the one you want to test) and you can use the following file (output on the computer should be the same as input).hid-cmd.conf.zip
    Last edited by aemaeth2501; 2014-10-10 at 07:14.

  10. #10
    Join Date
    2014-Sep
    Posts
    176
    aemaeth2501,

    Great write up! I've uploaded the excel file here:
    https://docs.google.com/a/nethunter....gid=1163672638

    For those who are a bit nervous/paranoid/scared about opening excel files...

    Thank you for taking the time to do that and to provide detailed instructions on how you were able to port over the language.

  11. #11
    Join Date
    2014-Sep
    Posts
    23
    Hi binkybear,

    Here is a final version for the FR layout dictionnary (I finally found the AltGr modifier, equivalent to Ctrl+Alt). keyseed.zip
    Though, I removed 2 characters from it : the ~ and ` as they have tendecy to mangle the next character (both require a space to be printed). Ex: '`'then 'a' gives ''.
    As those might not be used in payload delivery, it is not an issue imho.

    I cannot test on windows XP and 8 thoug (to understand how the cmd is popped principally).

    Regarding integration to the UI, any information about the status of the Android application replacing the webserver ?

    Note: In the previous post, do not forget to integrate the following lines at the end of the new dictionnary :
    Code:
    "\x0a": "\\x00\\x00\\x00\\x28\\x00\\x00\\x00\\x00",
    "\x0d": "\\x00\\x00\\x00\\x28\\x00\\x00\\x00\\x00"

  12. #12
    Join Date
    2014-Sep
    Posts
    176
    Hey aemaeth2501,

    Thanks for the update, I pushed your changes to the french-keyboard branch on the github repo. One thing that prevents me from merging into the main branch is figuring out how to incorporate both layouts (EN/FR) into Nethunter. I'm unsure if we need to make two separate keyseed. Maybe have two layout files then copy each to keyseed.py on selection? Any thoughts?

    The android application is still being worked on but I imagine "soon" is a good answer.

  13. #13
    Join Date
    2014-Sep
    Posts
    23
    Hi binkybear,

    The best would be to have a dropdown list in the php page, as for the OS selection (win7/win8). I did not made this since I could not find the php page corresponding (and lack of time). Indeed, this is why I used dictionnary feature in the latest keyseed.py file, and change the signature of the method to pass also the locale as parameter (for the moment, "us" or "fr").

    (I promise, if I succeed at my OSCP exam and find time, I'll learn git and use it to facilitate your work)

    Keep the good work !

  14. #14
    Join Date
    2014-Oct
    Posts
    29
    Hi guys it seems you are all working on the keyboard type support.
    In related to the playloads, is that possible to allow us programming the payloads by ourselves? And we can select different payloads from web panel to launch on the target.
    Further more, by trade nexus device as USB storage, the payloads can execute certain program stored in nexus and launch on target machine (like mimikatz) and the result of execution can be save in nexus.

  15. #15
    Join Date
    2013-Mar
    Posts
    47
    Hi and thanks for aemaeth2501 and binkybear. I going to trying compile Source.cpp because i want make spanish hid-keyboard and i give this compilation error. Help please:

    Code:
    root@LINUX:~/Descargas# i686-w64-mingw32-gcc source.cpp 
    /tmp/cc0ug0wH.o:source.cpp:(.text+0x23): undefined reference to `_SDL_Init'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0x57): undefined reference to `_SDL_CreateWindow'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0x75): undefined reference to `_SDL_CreateRenderer'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0x8c): undefined reference to `_SDL_RWFromFile'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0x9c): undefined reference to `_SDL_LoadBMP_RW'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0xb1): undefined reference to `_SDL_CreateTextureFromSurface'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0xbf): undefined reference to `_SDL_FreeSurface'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0xea): undefined reference to `_SDL_SetRenderDrawColor'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0xf7): undefined reference to `_SDL_WaitEvent'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0x132): undefined reference to `_SDL_DestroyTexture'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0x13d): undefined reference to `_SDL_DestroyRenderer'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0x148): undefined reference to `_SDL_DestroyWindow'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0x14d): undefined reference to `_SDL_Quit'
    /tmp/cc0ug0wH.o:source.cpp:(.text+0x17e): undefined reference to `_SDL_GetKeyName'
    /usr/lib/gcc/i686-w64-mingw32/4.6/../../../../i686-w64-mingw32/lib/../lib/libmingw32.a(lib32_libmingw32_a-crt0_c.o): In function `main':
    /build/mingw-w64-RGpMuZ/mingw-w64-2.0.3/build/i686-w64-mingw32/all/mingw-w64-crt/../../../../mingw-w64-crt/crt/crt0_c.c:18: undefined reference to `_WinMain@16'
    collect2: ld returned 1 exit status

  16. #16
    Join Date
    2014-Sep
    Posts
    23
    Hi discipuloosho,

    To be able to compile this Source, you have to setup correctly the SDL 2 library. There is plenty of tutorials on how to perform this on Linux (I did it on Windows, using VS Express).
    You might find a sarting lead here : http://stackoverflow.com/questions/1...e-sdl-in-linux.

  17. #17
    Join Date
    2013-Mar
    Posts
    47
    Thanks very much @aemaeth2501 . Here aemaeth2501's keymap program compiled for Win_x86 and for Linux_x64:

    https://www.dropbox.com/sh/9y8n0zeq0...XeEnOquFa?dl=0

  18. #18
    Join Date
    2013-Mar
    Posts
    47
    Aemaeth2501, your windows's program shows altgr modifier as 0xE6 as rigth alt, but the linux version shows it as 0x6A as F15.

  19. #19
    Join Date
    2014-Sep
    Posts
    23
    Quote Originally Posted by discipuloosho View Post
    Aemaeth2501, your windows's program shows altgr modifier as 0xE6 as rigth alt, but the linux version shows it as 0x6A as F15.
    Hi,

    Regarding the AltGr case, I noticed odd behaviour too (considered as LCtrl+LAlt). I finally found that the modifier's scancode is 0X05, and tested it against specific characters ('@' for example, but also '[',']', etc) and this modifier output the correct character.

    Globally, the program outputs "base scancodes" => modifier should set after (I used the excel file for this purpose)

  20. #20
    Join Date
    2013-Mar
    Posts
    47
    Ok ok. but @binkybear don't already support for your keyseed.py file in github project. True?

  21. #21
    Join Date
    2013-Mar
    Posts
    47

    Smile

    I just saw frech-keyboard github branch, congratulations . Now, I've finished the spanish-keyboard keyseed.py file. Here is keyseed.zip, @binkybear.Thanks @aemaeth2501.
    Last edited by discipuloosho; 2014-10-22 at 13:23. Reason: clarification

  22. #22
    Join Date
    2014-Sep
    Posts
    23
    Hi @binkybear,

    Here is a quick example on how I was thinking about implementing new locales in the menu (hid-locale.zip) with the new keyseed.py (the one provided by @discipuloosho with french and spanish layout) . I saw a lead on the github dedicated branch that based the target locale on the default browser one, but I though providing directly a choice via a dropdown menu would make a more volatile solution.
    I will look closer a it this weekend (****, got a job :/) since I need to setup an environment to build and test more easily. And to learn the basics of git...

    Have a nice day.

  23. #23
    Join Date
    2014-Sep
    Posts
    176
    @discipuloosho & @aemaeth2501 - Thank you for all the hard work. I will talk to muts about implementing this into the upcoming app.

  24. #24
    Join Date
    2013-Mar
    Posts
    47
    Thank for you @binkybear

  25. #25
    Join Date
    2014-Sep
    Posts
    4
    Hi !

    Despite my absolute lack of knowledge on this subject (and on github usage), I worked on french keyboard for HIB on github and proposed the initial version of the "french keyboard branch".
    Good to see more people involved with a more generic approach that helps to develop other languages "keyseeds"

    aemaeth2501, would you please check my keyseed version and see how you think some of the french characters missing in your version could be integrated ? (e.g. '' aka latin small letter e with acute)
    https://github.com/uzyfr/kali-nethun...les/keyseed.py
    For some "special characters", I had to manage a two steps approach using a "global_last_char" variable.
    (Just for the record, my approach was only to specify in the "french" dictionnary only the characters that differs from the english one (lots of characters are similar).)

    Last point concerning the locale : I proposed to use the default browser locale because I guess french people would mostly use this attack on computers using french layout.
    However, to extend aemaeth2501's proposal, a dropdown menu that select by default the browser locale and allows user to specify the one he wants to use may be a good solution ?

    See you soon !

  26. #26
    Join Date
    2014-Sep
    Posts
    23
    Hi !
    Quote Originally Posted by uzy View Post
    aemaeth2501, would you please check my keyseed version and see how you think some of the french characters missing in your version could be integrated ? (e.g. '' aka latin small letter e with acute)
    I asked myself the '', '' and other french specificities questions. My conclusion was based on the fact that those characters would not be intergrated in any payload (powershell or raw Base64 encoded). But it is possible to integrate them in the dictionnary for completeness purposes.

    Quote Originally Posted by uzy View Post
    (Just for the record, my approach was only to specify in the "french" dictionnary only the characters that differs from the english one (lots of characters are similar).
    I tried this approach with the use of python dictionnaries, and finally I prefered working fully on the charset than 'by delta' vs. US layout. This clarifies (imo) the new locale dictionnary creation.

    Quote Originally Posted by uzy View Post
    Last point concerning the locale : I proposed to use the default browser locale because I guess french people would mostly use this attack on computers using french layout.
    However, to extend aemaeth2501's proposal, a dropdown menu that select by default the browser locale and allows user to specify the one he wants to use may be a good solution ?
    That is a good idea at first, since indeed frenchs pops frenchs boxes But for example, in my personnal case, I work for a company having multiple nationalities, hence layouts.

    For now, I will wait for the android app. At least, the tedious scancode identification job is now done.

  27. #27
    Join Date
    2014-Nov
    Posts
    41
    Hi, here is a keyseed.zip with a german layout. Umlauts won't work but are probably not needed. the rest should be fine, but isn't thoroughly tested.
    Feel free to use and/or edit it.

  28. #28
    Join Date
    2014-Sep
    Posts
    23
    Hi stinkybit,


    I added the scancodes provided in the attached file as a new dictionnary in the actual keyseed file.
    Just a question : on a windows machine (german OS), what is the confirmation keystroke you need to perform to confirm the "run as admin" (on english one, it is the alt+y for "yes", on french one it is the alt+o for "oui").

  29. #29
    Join Date
    2014-Nov
    Posts
    41
    Hi aemaeth2501,

    sorry, i didn't consider this part so far. It would be alt+j for "ja".

  30. #30
    Join Date
    2014-Sep
    Posts
    23
    Quote Originally Posted by stinkybit View Post
    Hi aemaeth2501,

    sorry, i didn't consider this part so far. It would be alt+j for "ja".
    Thanks, it is integrated on my side.
    I am working on the complete integration of the locale through the UI (as a dropdown near the platform one).

    For the moment I am testing the overall and will issue a pull request of the entire locale management files (including FR, ES and DE locales).

  31. #31
    Join Date
    2014-Jan
    Posts
    71
    Can anyone make a tutorial video how to make new keyseed.py? I want to make hun layout
    /sry for my bad eng/

  32. #32
    Join Date
    2014-Sep
    Posts
    176
    @aemaeth2501 - I have pulled the keyboard layout branch into development branch. Also, we have the source available for the nethunter android application: https://github.com/offensive-security/nethunter-app

    We don't currently have a dropdown/selection within the app to choose a language. I think the original thought was to have a dropdown on the web interface which would pass the locale, but the web interface is now removed. I think the idea is that we should have an option before launching to choose the language, but I assume the $LANG variable is the only thing that needs to be passed?

  33. #33
    Join Date
    2014-Sep
    Posts
    23
    @binkybear - Hi, I am currently testing a wrap-up of the locale selection functionnality. Unfortunately, it is not possible (from my point of view of low-level programmer) to pass the locale as parameter in the different py scripts (e.g. start-hid-cmd.sh). And doooh, it could be passed through an anvironment variable indeed.

    For the moment, I am using a configuration file as for the payload (hid-cmd-locale.conf placed on the sdcard/file folder). Works well when unit testing but I have different behavior between the unit tests (Windows machine) and the Nexus. (in a nutshell : findinlist output is correct in Windows but not in Nethunter - fixed : minors bugs linked to deployment method).

    To sum-up the integration of new locale:
    This keyseed file is the final one (integrating German) keyseed.zip, and the only thing to achieve local management is to change the hid-cmd-*.py scripts to pass the locale 2 digit code to the different functions (findinlist, wincmd, win7cmd_elevated and win8cmd_elevated) using either:
    - an environment variable (not tested)
    - a configuration file, writable from the app
    keyseed.zip

    Since the Android app keeps the "same mechanics" as the web interface did, it should be easier to use the local configuration file instead of an env variable I think.
    Last edited by aemaeth2501; 2014-12-01 at 07:40.

  34. #34
    Join Date
    2014-Sep
    Posts
    176
    https://github.com/offensive-securit...743d30e6c3117e <-- I believe I have a working script with your keyseed.py. Need to test with nethunter-app but I was finally able to spend an hour or two on it.

  35. #35
    Join Date
    2014-Sep
    Posts
    23
    Quote Originally Posted by binkybear View Post
    https://github.com/offensive-securit...743d30e6c3117e <-- I believe I have a working script with your keyseed.py. Need to test with nethunter-app but I was finally able to spend an hour or two on it.
    Awesome ! Thanks you very much

  36. #36
    Join Date
    2014-Nov
    Location
    Sweden
    Posts
    21
    Quote Originally Posted by aemaeth2501 View Post
    Hi,

    Unfortunately I got no more time since I have to prepare a certification exam (beside my actual job work).
    Though, I can give you my methodology.

    DISCLAIMER: I know that this seems tedious, I might not have used the best methodology, and using excel and such might seem lame but it does work

    Refer to the excel file in attachment :printable_ascii.zip
    - Compile the SDL source code, with SDL2.0 or later
    - Open the Excel file
    - The column SymbolUS indicates which character you have to type in the SDL executable windows
    - It will output a scancode value that you should enter in the "Returned scancode" field
    - If a modifier key is required (Shift, Alt or other), indicate it in the "Modifier Needed" column (keep the formatting and case)

    From there, the "Scancode FR" and "New dict" column will be automatically calculated. Beware : I only implemented the Shift and AltGr modifier (the latter will return a void scancode since I did not already find the modifier code).

    Once done, copy the content of the "New dict" column and add the following to the keyseed.py (replace XX by the layout identifier)
    dict_XX = {
    (Content of the "New dict column", with the latest comma removed)
    }

    Add the following line in findinlist method:
    Code:
            elif locale=="XX" : print '''echo -ne "''' +dict_XX[byte]+ '''" > /dev/hidg0'''
    And If needed, add the following line in the win7cmd_elevated method (the "X" should be raplaced by the input key in US format used to confirm execution)
    Code:
    elif locale=="XX" : print '''echo --left-alt X | hid-keyboard /dev/hidg0 keyboard'''
    For the moment, I only changed the win7cmd_elevated method, but same treatment will be applied to the other ones.

    To test the overall, you need to change the keyseed.py (remove the local argument from methods, force the locale value to be the one you want to test) and you can use the following file (output on the computer should be the same as input).hid-cmd.conf.zip
    I've added Swedish to keyseed.py according to your instructions and made a pull request on github to the development branch. Here's the excel document with the Swedish scancodes: https://docs.google.com/spreadsheets...it?usp=sharing

    Please let me know if there's anything else I can help out with
    Best Regards,
    Si
    :(){ :|:& };:

  37. #37
    Join Date
    2014-Nov
    Posts
    41
    Quote Originally Posted by binkybear View Post
    https://github.com/offensive-securit...743d30e6c3117e <-- I believe I have a working script with your keyseed.py. Need to test with nethunter-app but I was finally able to spend an hour or two on it.
    Hi binkybear,

    I just had a look at the code.
    Code:
    elif locale=="de" : print '''echo --left-alt y | hid-keyboard /dev/hidg0 keyboard'''  #to be confirmed
    should probably be replaced with:
    Code:
    elif locale=="de" : print '''echo --left-alt j | hid-keyboard /dev/hidg0 keyboard'''

  38. #38
    Join Date
    2014-Sep
    Posts
    176
    New nethunter release includes all changes by everyone who contributed. Feel free to leave feedback if something is broken or works. Thanks everyone!

  39. #39
    Join Date
    2014-Mar
    Posts
    81
    Quote Originally Posted by binkybear View Post
    New nethunter release includes all changes by everyone who contributed. Feel free to leave feedback if something is broken or works. Thanks everyone!
    New release? I didn't see anything new on download page.. Never mind, just didn't look in the right place.
    Last edited by AWV; 2015-01-07 at 01:55.

  40. #40
    Join Date
    2014-Nov
    Posts
    41
    @binkybear:
    I haven't tested every single key, but UAC bypass works great with a german keyboard and win7.

    Love the new UI and I am looking forward to check out the new features. Great work!!

  41. #41
    Join Date
    2014-Nov
    Location
    Sweden
    Posts
    21
    Quote Originally Posted by binkybear View Post
    New nethunter release includes all changes by everyone who contributed. Feel free to leave feedback if something is broken or works. Thanks everyone!
    Great job on the new release! I'm working on getting all the hid language attacks working, if anyone got any input on that please give me a shout!
    Thanks,
    Si
    :(){ :|:& };:

  42. #42
    Join Date
    2014-Sep
    Posts
    23
    Quote Originally Posted by binkybear View Post
    New nethunter release includes all changes by everyone who contributed. Feel free to leave feedback if something is broken or works. Thanks everyone!
    Thanks for this new release.
    HID CMD works fully for unelevated and W7 elevated with FR layout from my side.

  43. #43
    Join Date
    2014-Nov
    Posts
    42
    hey i was wondering if this was possible, so at my school if a teacher takes away your phone they sometimes give it to the princpal and he tries cracking the password. he has done this on ios and android, and i was thinking if it was possible that if he were to connect my phone to his PC that a script would run and trash it like a Fork bomb or a drive wiper, would this work or does this fall under badusb.


    Edit:
    Swearing
    Last edited by g0tmi1k; 2015-03-31 at 09:34. Reason: Swearing

  44. #44
    Join Date
    2014-Nov
    Posts
    41
    Quote Originally Posted by ping View Post
    hey i was wondering if this was possible, so at my school if a teacher takes away your phone they sometimes give it to the princpal and the **** tries cracking the password. he has done this on ios and android, and i was thinking if it was possible that if he were to connect my phone to his PC that a script would run and trash it like a Fork bomb or a drive wiper, would this work or does this fall under badusb.
    I actually like the idea of offensively defending my device.

    Haven't tested it, but maybe it works with an event-trigger app (like AutomateIt) and running the hid-attack python script within a terminal...

    Not sure if windows7/8 are vulnerable against fork bombs - IMHO a modern operating system should limit the number of processes per user. Also, not sure if a "format c:" or similar would work even in an elevated session. But I'm sure, a "funny" payload isn't the problem.

    My guess is, that starting cmd from your nethunter device is too slow, since your principal is most probably not just sitting in front of his computer and watches start menu and cmd popping up but kind of interacts with his pc, which would "disturb" the whole process of the hid-attack.

  45. #45
    Join Date
    2014-Nov
    Posts
    42
    hmm.. thanks for your feedback, would a badUSB attack work better then since it executes silently.

  46. #46
    Join Date
    2013-Mar
    Posts
    95
    I agree its an interesting idea, incorrect pin/password to unlock. Executes script. Although id rather it connect to a waiting msf listener and be more for if device was lost/stolen.

  47. #47
    Join Date
    2014-Nov
    Posts
    41
    Quote Originally Posted by ping View Post
    hmm.. thanks for your feedback, would a badUSB attack work better then since it executes silently.
    badUSB is intercepting network traffic and not an "active" attack on the target itself. Maybe you could work with BDF-Proxy or something, but this would require your principal to download and execute a file while your device is connected.

  48. #48
    Join Date
    2014-Nov
    Posts
    42
    yo devs what do you think? would a self defence type thing be cool or a wast of time.

  49. #49
    Join Date
    2013-Mar
    Posts
    47
    Quote Originally Posted by unknownpwn View Post
    Great job on the new release! I'm working on getting all the hid language attacks working, if anyone got any input on that please give me a shout!
    Thanks,
    Si
    Thanks for your corrections.

  50. #50
    Join Date
    2014-Jan
    Posts
    71
    Anyone can make a tutorial video, how to make a new keyseed.py? I want to make hungarian layout for hid attack

Similar Threads

  1. HID Keyboard attack issues
    By ahkarhul in forum NetHunter General Questions
    Replies: 1
    Last Post: 2014-11-18, 06:54
  2. HID Keyboard Attack
    By beloadjoker in forum NetHunter General Questions
    Replies: 3
    Last Post: 2014-09-27, 22:45

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •