You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 25, 2019. It is now read-only.
It would be nice if we could manage to create an HID attack that runs at the right moment.
Attacker select and "activate" HID payload he wants to inject to victim
Attacker get physical access to victim's computer (but this computer is locked or shutdown) and plugs his nethunter powered device(c) in the victim's computer usb port
Attacker leaves the building and party all night
Victim come back in the morning, doesn't notice that a device is plugged in the usb port and logs on his computer
HID payload executes itself right on time after the victim's logon
The story doesn't tell what happens to the Nethunter device at the end...
In order to do this, Nethunter should be able to test and confirm that it can interact with the OS/cmd and that it is not "locked" in a login/unlock prompt.
This could be possibly done by periodicaly testing write access to the USB storage of the nethunter device (e.g. running something like "echo 'ok lets launch real operations' > d:\flag.txt") and checking on the Nethunter device the creation of the "flag.txt" file. Once this file is created, the selected HID payload could be launched.
There might be another way to detect user login by detecting on the Nethunter device that the OS try to access to files like autorun.inf or device icon (supposing this kind of access to USB storage is only done when the user is logged in ?).
I'll post this enhancement idea on the forums too.
Cheers
uzy
The text was updated successfully, but these errors were encountered:
I don't see this being a practical attack vector for a penetration test and doubt we will invest time to get a feature like this working. You are welcome to submit your own patches though.
Hi,
It would be nice if we could manage to create an HID attack that runs at the right moment.
In order to do this, Nethunter should be able to test and confirm that it can interact with the OS/cmd and that it is not "locked" in a login/unlock prompt.
This could be possibly done by periodicaly testing write access to the USB storage of the nethunter device (e.g. running something like "echo 'ok lets launch real operations' > d:\flag.txt") and checking on the Nethunter device the creation of the "flag.txt" file. Once this file is created, the selected HID payload could be launched.
There might be another way to detect user login by detecting on the Nethunter device that the OS try to access to files like autorun.inf or device icon (supposing this kind of access to USB storage is only done when the user is logged in ?).
I'll post this enhancement idea on the forums too.
Cheers
uzy
The text was updated successfully, but these errors were encountered: