Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack Vector | SecManiac.com Blog

17 08 2010

hehehe … it was only a matter of time. With devices such as the original yubikey that I have been using being able to be programed to auto launch a website when plugged in, its good to see the idea going to the next level:

Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack VectorPosted by relik @ 8:31 pmThe Teensy devices http://www.prjc.com are Arduino based devices that allow you to utilize onboard memory storage on a microcontroller and emulate a keyboard/mouse. In the Social-Engineer Toolkit SET, gives you the ability to choose Metasploit based payloads and drop a small download stager either through WSCRIPT or through PowerShell to download a backdoor from a remote IP/machine and execute it on the system itself. Why this attack is so useful is that it emulates a keyboard 100 percent, so you can essentially bypass any autorun protections on the system since its a keyboard, not a flash drive or CD/DVD type autorun attack. SET handles the entire creation from a webserver housing the malicious payload, to the actually Metasploit handler.

via Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack Vector | SecManiac.com Blog.

Original credit appears to be going to irongeek from his very detailed original posting – including pictures (we all like pictures) here: Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: