zaterdag 3 december 2016


Overview of BADUSB

BADUSB

USB drives are considered unmalicious by Windows.   automatically trusts the content of a USB drive to be safe and secure. The USB protocol also allows devices to self-dictate or manipulate what they do – for example, a USB drive communicates to the operating system, when plugged in, that it is a USB storage device. This is how the USB port can appear universal – USB devices have surely become the universal port and plug of choice for our time, ranging from flight simulators to mice and keyboards to storage devices.

BadUSB has the ability to infect other USB 3.0 Flash Drives with the Phison 2303 (again pretty hard to obtain).
Adam Caudill (spublished on his GitHub from his BadUSB talk

At this moment BADUSB only works on an USB 3.0 flash drive with a Phison 2303 (2251-03) Controller. Those sticks are hard to get. A list of USB types that have this controller can be found on : https://github.com/brandonlw/Psychson/wiki/known-supported-devices.

A tool to verify if you happen to have a phison USB is  Flash Drive Information Extractor 

A good explanation on how to create a BADUSB can be found here:
http://null-byte.wonderhowto.com/how-to/make-your-own-bad-usb-0165419/


Rubber Ducky

A commercial tool  to test the BADUSB vulnerability created for pen testers.

Teensy

An other method is using  a Teensy USB Development Board from PJRC for an inexpensive price of $19.80
First described by  Samy Kamkar’s (SkyJack) USBDriveBy,
Paensy
Payloads are inserted with arduino to the teensy device.

Payloads

The danger of BADUSB comes from the payload, this is the software / malicious code that is places in the firmware of the USB stick. Examples of payloads are: 
  • Add Admin User (adds a pre-programmed user with a programmatically-defined password)
  • Download and Execute (downloads and executes a file of your choosing)
  • Facebook Post (posts a Facebook status to the victim’s Facebook page)
  • Hide Window (a proof-of-concept showing how to hide the current window)
  • Lock Your Computer (opens up notepad and scolds the user on their inability to lock their computer) 
  •  
  •  https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads

links 

teensy and BADUSB    https://github.com/Ozuru/Paensy
Posted by at
Labels:

Geen opmerkingen:

Een reactie posten

Abonneren op: Reacties posten (Atom)