Tuesday, June 20, 2017

Weaponize a Mouse with WHID Injector for Fun & W00t

Hello there! Finally, I had some spare time to Weaponize a new Mouse, in order to show you how easy is possible to create malicious HID devices.
Materials Needed:
  • WHID Injector [x1]
  • Mini USB HUB [x1]
  • Wired USB Mouse [1]
  • Soldering Kit (Iron, Flux, etc.)
  • Wires
  • Rubber Tape
  • Bit of Hot Glue
First of all let’s start ripping a part one mini USB HUB.
WHID 1 USB HUB
Usually, I do use one of these two:
For this project, I have used the first one, since was cheaper and already available in my lab.
Next step is to desolder all those wires while keeping notes of its pinouts (i.e. GND, D+, D-, Vcc) since we will have to match the USB pinouts with the WHID Injector.
Afterward, we will have to solder the wires to the WHID Injector as explained in its Wiki.
WHID 2 USB HUBWHID 3 USB HUB
At this point, we need to solder back the wires in the USB HUB and connect WHID_Injector to it.
In my case the colors were:
WHID 2 USB HUB
Here below how it looks like once everything is assembled:
WHID 2 USB HUB
 Now the tricky part is to put everything back into the plastic case… and voila’ the final result!
WHID 6 USB HUB
Now we test if everything works properly and start thinking of which payloads we can deploy, on-demand and remotely, into the targeted machines. 😎
Here below I recorded a couple of PoCs about some useful payloads I was using during engagements. Enjoy!
You will see how WHID can easily help pen testers to exfiltrate domain credentials with both Phishing Technique and Mimikatz (FUDed) In-Memory.

0 comments:

Post a Comment