Teensy USB hid attack vector

✨ deeznutz

✨ Master ✨
Staff member
Joined
May 15, 2017
Messages
981
Likes
754
Points
1,045
Thanks to IronGeek and WinFang, a sophisticated attack vector such
as the Teensy USB HID (human interface device) appeared in SET . True, this will have to
fork out a little , but it's worth it. Teensy is a very small programmable
device with a mini-USB interface. Teensy USB on board has an AVR processor with a
frequency of 16 MHz, flash memory of 32-128 Kb, RAM memory of 2.5-8 Kb and this kid costs
$ 18-27, depending on the model.


The beauty of this device is that it is
programmable and is defined in the system as a USB keyboard, which, as a result,
allows you to bypass any ban on autoloading, etc. It also does not need
special drivers and, having a very small size, can be imperceptible
installed on the computer while the owner of the car was distracted. And that's not all - the
device has a timer and a sensor, which makes it possible to start the filling
under certain conditions. The only drawback is that it
is defined in the system a little longer than a regular USB U3 device. In general,
it remains for the small - to fill the load we need in pde-format on Teensy. This is
where SET will help us, it generates our load in teensy.pde, which is
then pushed to the device via USB using the Arduino IDE and Teensy Loader.
It should be noted that as a load, you can use Powershell HTTP GET
MSF, WSCRIPT HTTP GET MSF and Powershell based Reverse Shell. If this set
you are not enough, you can write your payload to C or use the
Arduino IDE, which understands the USB HID out of the box! Now, in the manner of agent 007
(no killings, only stealth) we get physical access to the system and
imperceptibly, elegantly own it
 
Top Bottom