Member
hey i was wondering if this was possible, so at my school if a teacher takes away your phone they sometimes give it to the princpal and he tries cracking the password. he has done this on ios and android, and i was thinking if it was possible that if he were to connect my phone to his PC that a script would run and trash it like a Fork bomb or a drive wiper, would this work or does this fall under badusb.
Edit:
Swearing
Last edited by g0tmi1k; 2015-03-31 at 09:34. Reason: Swearing
Member
I actually like the idea of offensively defending my device.Originally Posted by ping
Haven't tested it, but maybe it works with an event-trigger app (like AutomateIt) and running the hid-attack python script within a terminal...
Not sure if windows7/8 are vulnerable against fork bombs - IMHO a modern operating system should limit the number of processes per user. Also, not sure if a "format c:" or similar would work even in an elevated session. But I'm sure, a "funny" payload isn't the problem.
My guess is, that starting cmd from your nethunter device is too slow, since your principal is most probably not just sitting in front of his computer and watches start menu and cmd popping up but kind of interacts with his pc, which would "disturb" the whole process of the hid-attack.
Member
hmm.. thanks for your feedback, would a badUSB attack work better then since it executes silently.
Member
badUSB is intercepting network traffic and not an "active" attack on the target itself. Maybe you could work with BDF-Proxy or something, but this would require your principal to download and execute a file while your device is connected.
Posting Permissions
Reply With Quote
