Skip to content

Black1hp/Bad-USB

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Bad USB IoT Project

Overview

This project demonstrates the functionality of a Bad USB using the Digispark board. The system is designed to simulate a USB device (keyboard or mouse) that, when plugged into a target machine, executes a reverse shell payload. The payload downloads a malware script from GitHub, which creates a backdoor on the system for remote access.

This project was developed as part of an educational initiative in the field of IoT Security and Penetration Testing. It serves as a demonstration of the security vulnerabilities inherent in USB devices and the importance of securing IoT devices.

Demo Video

This demo video demonstrates the full attack flow, starting from plugging in the Digispark USB to successfully obtaining a reverse shell on the target machine.

Bad.USB.Project.Video.mp4

Team Members

Supervisors

Project Description

This project leverages the Digispark board to create a Bad USB device that mimics a keyboard or mouse when plugged into a system. The payload executed by this USB device connects back to an attacker-controlled server, granting remote access to the target machine.

Components:

  • Digispark Board: A small, inexpensive USB microcontroller used to simulate a keyboard or mouse.
  • Payload Script: A PowerShell or Bash script downloaded from GitHub that performs actions like downloading and executing additional malware (reverse shell).
  • Listener Script: A Python-based listener that waits for incoming reverse shell connections from compromised machines.

How It Works

  1. Plugging in the Digispark: When the Digispark USB device is connected to the target machine, it mimics a keyboard or mouse.
  2. Command Execution: The Digispark runs a pre-programmed script that executes a command to download a malicious payload from a GitHub repository.
  3. Reverse Shell: Once the payload is downloaded and executed, it establishes a reverse shell connection back to the attacker's listener script.
  4. Remote Control: The attacker can then interact with the compromised system through the reverse shell.

Installation

To set up the project on your local machine, follow these steps:

1. Set up Digispark Board

  • Download and install the Arduino IDE.
  • Install Digispark support in the Arduino IDE (follow this guide).
  • Upload the digispark.ino code to the board.

2. Set up the Payload Script

  • Clone this repository to your local machine:
    git clone https://github.com/your-username/bad-usb-project.git
  • Modify the PowerShell or Bash payload scripts if needed (located in the payloads/ directory).

3. Run the Listener

  • Install the necessary library:
    pip install requests
  • Run the listener script to wait for incoming reverse shell connections:
    python listener.py

Security Warning

This project is intended strictly for educational purposes and ethical hacking in controlled environments (such as penetration testing labs or red teaming exercises). Do not use this project on unauthorized systems or networks.

Contributing

We welcome contributions to improve the project. Feel free to fork the repository and submit pull requests for new features or improvements.

Guidelines for contributing:

  • Fork the repository
  • Create a new branch for your feature or bug fix
  • Test your changes thoroughly
  • Submit a pull request with a description of your changes

License

This project is licensed under the MIT License - see the LICENSE file for details.


Contact

For any questions or feedback, feel free to reach out to the project team through their LinkedIn profiles listed above.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors