Automatic HID attack

[uzyfr]

Hi,

It would be nice if we could manage to create an HID attack that runs at the right moment.

1. Attacker select and "activate" HID payload he wants to inject to victim
2. Attacker get physical access to victim's computer (but this computer is locked or shutdown) and plugs his nethunter powered device(c) in the victim's computer usb port
3. Attacker leaves the building and party all night
4. Victim come back in the morning, doesn't notice that a device is plugged in the usb port and logs on his computer
5. HID payload executes itself right on time after the victim's logon
6. The story doesn't tell what happens to the Nethunter device at the end...

In order to do this, Nethunter should be able to test and confirm that it can interact with the OS/cmd and that it is not "locked" in a login/unlock prompt.
This could be possibly done by periodicaly testing write access to the USB storage of the nethunter device (e.g. running something like "echo 'ok lets launch real operations' > d:\flag.txt") and checking on the Nethunter device the creation of the "flag.txt" file. Once this file is created, the selected HID payload could be launched.
There might be another way to detect user login by detecting on the Nethunter device that the OS try to access to files like autorun.inf or device icon (supposing this kind of access to USB storage is only done when the user is logged in ?).

I'll post this enhancement idea on the forums too.

Cheers
uzy

[offensive-security]

I don't see this being a practical attack vector for a penetration test and doubt we will invest time to get a feature like this working. You are welcome to submit your own patches though.