Get a reverse shell within 15 seconds on both Windows and Unix based systems, using the digispark developement board. The board acts as a keyboard, then does all the magic!
-
Get the
digisparkdevelopment board, it costs about 6 USD. -
Setup your IDE (Arduino) to deploy the code on the
digispark: https://www.arduino.cc/en/Guide/HomePage -
Get and configure the required libraries from this guide: https://digistump.com/wiki/`digispark`/tutorials/connecting
-
CnCserver (on cloud or on the victim network) - ubuntu/centos server is recommended with port forwarding enabled for (443 & 80).
- Upload the RS.ino script using Arduino IDE.
- Configure the CnC server with apache, nginx or any web server to listen on port 443 only (you can configure a free SSL certificate by following this guide: https://letsencrypt.org/getting-started/)
- Edit the payload RS.ps1 by replacing your domain with your server IP/Domain, then put the file under:
/var/www/html/ - Listen on port 80 at the CnC with a something of your choice. For demo purposes we can use netcat:
nc -lvp 80 - Note: the use of
443and80ports grantee not blocking the connection by proxy/IDS, it seems like normal web traffic! - Plug the USB in the asset [assuming the owner forgot to lock the desktop] and the
digisparkwill deploy a reverse shell within 15 seconds. - Remove the
digisparkand happy hacking!
- Try the new feature for collecting all WiFi credentials from any windows machine within 18 seconds!!
- Generate a random string of 32 characters that will be used as a token.
- Add the token to wifi.php then put it on the CnC under:
/var/www/html/ - Edit the token parameter in the wifi-collect.ino. then Upload it using Arduino IDE.
- Plug the USB in the asset [assuming the owner forgot to lock the desktop again!]
- The data will be transfered through a POST request on 443. Then the WiFi credentials will be found under
loot.txtfile on the CnC.
This project is developed for learning and security assessments purposes only. Use these at your own discretion, the author cannot be held responsible for any damages caused. Using this project for attacking assets without prior mutual consent is illegal. The author is not responsible for any misuse or damage caused.
Thanks to my fellow hackers @karemfaisal and @reb311ion.