Rubber Ducky Over Wifi – HID Attack Over Wifi using Arduino MKR1000

Share this now

Today I have an Arduino MKR1000 which is a board with built-in wifi chipset specially designed for IOT projects. Recently I came to know that, this little board can act as a Human Interface Device such as a keyboard or a mouse. So I thought of using it for some HID attacks over WiFi.

In this video, I will show you a small demo of some basic attacks. Click the subscribe button down this video.

Here, the board is programmed in such a way that, whenever I power it up, it will connect to my mobile phones WiFi network and starts a web server at port 80, which can be accessed from any web browser in my phone. So  what I can do is connect this board to my victim PCs back USB port and walk away so that the victim wont be suspicious. Now I can open up a browser, go to MKR1000 board’s IP address and wait for the victim to walk away from his computer. When he is away from the computer, if the PC is not locked, we can easily do HID attacks remotely.

One advantage of this is we can store multiple commands in this baord and we can issue one by one from our phone whenever we want. Which means, we can use this same for multiple devices without uploading the code each time for each purposes.

How To Do It?

 Video Tutorial

Download, Install and Setup Arduino IDE

First thing to do is download and install Arduino IDE from Here.
Once you install it, now its time to add Arduino MKR1000 board to the board manager. Then you have to install WiFi101 library from the library manager.
 
Download the Code
The code is available in the github. You can download it from Here.

This was written as experimental code and it is not well written. I have plans to update the code with support for other OS and more complicated attacks
in the future.

Editing the Code

Now all you have to do is do some basic modifications in the downloaded code. Just change the ESSID and Password. Now connect the board and upload the code to your board.
And thats it.

 

 

 

 

Share this now

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *