"BadUSB" devices are innocent-looking USB-based devices that have ulterior motives and are typically found in every pentester's toolkit.
Today’s #pentestips episode is called: Know your BadUSB Devices
When you plug hardware into a computer, it typically needs to be manually approved and installed.
But if you're trying to install a device like a keyboard or a mouse - how do you install it if you're unable to click or type?
To solve this paradox, a new class of devices was designed : the "HID", or "Human Interface Devices"
Specific types of hardware automatically install without any interaction from the user: Input Devices (Keyboard, Mouse), Storage (Hard-drives, USB-Drives), Network (Ethernet adaptors).
The "BadUSB" family of devices takes advantage of this system by emulating HID devices.
When plugged in, they can pretend to be a keyboard, a mouse, a storage device, etc - simultaneously. And because they're not limited by fingers, they can "type" and "click" incredibly quickly.
BadUSB devices are used for multiple purposes: from delivering 'payloads' to exfiltrate or gain access to data during red-team assessments to automating boring tasks for sys-admins.
At Lab401, we've got multiple types of BadUSB devices, each with different characteristics.
Conceived in 2010, the Rubber Ducky is the grandfather of BadUSB devices. It can emulate both storage and keyboard strokes, allowing for payloads to exfiltrate data from computers.
The Rubber Ducky is easily programmed with "Ducky Script", a simple scripting language, and enjoys an active community with hundreds of pre-made Payloads.
The USBNinja is a highly miniaturized, highly covert version of the Rubber Ducky.
Inspired by the NSA Project "COTTONMOUTH", the entire device is hidden inside a USB cable and controlled wirelessly.
Besides avoiding suspicion during red-team assessments, it also allows for long-term implants - how often do you change your keyboard's USB cable?
The USBNinja has iOS/Android apps, can be updated over the air, used in real-time mode, exfiltrate data, self-destruct, and more importantly - acts as a real USB cable, supporting USB-3, Lightning, USB-C, QuickCharge technologies, etc.
The InputStick takes a different approach from the other devices. It's designed as a wireless, real-time keyboard and mouse tool. Once the InputStick is plugged in, the user can control the host device via the included Windows/Android/iOS applications.
The 'real-time' / non-payload nature of the device allows for situations where timing is important (waiting for a specific situation), or simply remote administration of devices.
It also supports macros for an 'entry-level' payload system.
Which device is perfect for you depends completely on your task and budget.
If you need automation, but don't need wireless control
If you don't need to make permanent implants
Want to benefit from hundreds of pre-written payloads
We recommend the RUBBER DUCKY
If you need automation and wireless control.
If you need highly covert implants and advanced options such as over-the-air updates.
We recommend the USBNINJA PROFESSIONAL
If you don't need to exfiltrate data
If you need real-time control/mouse control
If you're on a limited budget
We recommend the InputStick
If you need more information or have any questions, please reach out to us via our awesome customer support: firstname.lastname@example.org
Share this post
- 0 comments
- Tags: android, badusb, hak5, inputstick rat, lab401, lab401 academy, omg cable, pentesting, pentestips, rubber ducky, USB Ninja