Hacking self-experiment: Use Raspi Zero W as a BadUSB tool Save and automate the attack according to the script Read more USB devices and SSH articles in c’t 27/2023
A USB port is not only practical, but also dangerous: BadUSB devices can use it to hijack the computer and steal data. This is technically more complex than distributing a Trojan on a USB stick, but also much more perfidious: The virus protection program can catch the Trojan on the stick, but it can do little against BadUSB. The BadUSB category includes devices that cleverly exploit the possibilities of USB for IT attacks. If you connect a keyboard, for example, the operating system automatically selects a suitable driver thanks to Plug & Play and you can immediately enter any commands. If a BadUSB device pretends to be a keyboard, it can do that too.
The best known is the USB Rubber Ducky from Hak5. When it is connected to the computer, it logs on as a keyboard and quickly fires keyboard entries pre-programmed by the attacker. It often starts with the Windows+R key combination to open the Run dialog. With powershell and Enter, the Rubber Ducky has already opened the powerful PowerShell and can, for example, type and execute a backdoor script there. In short: Everything you can do, the Rubber Ducky can do too – just much faster.
Hackers have long since found ways to simulate USB mice, drives, network cards and so on and use them for attacks. Particularly versatile hacking gadgets such as the Bash Bunny Mark II (see ct.de/yhhf) use these techniques in combination, for example to report themselves to the system as a USB mass storage device and to type a copy command on the keyboard that transfers the data to the integrated one Storage shovels.
More and more knowledge.
The digital subscription for IT and technology.
All exclusive tests, guides & backgrounds A subscription to all magazines: c’t, iX, MIT Technology Review, Mac & i, Make, read c’t Photography directly in the browser No risk: first month free, then weekly from 2.99 €. Magazine subscribers read even cheaper! Start your FREE month. Try it now for FREE & read more straight away!
Already subscribed to heise+?
Register and read Register now and read articles immediately
More and more knowledge. The digital subscription for IT and technology.
Containers, Jails, VMs: Using virtualization on the Raspberry Pi
NAS upgrade: How to choose the right hard drive
Full format camera Sony Alpha 7C II in the test
Analysis: This is how safe the MSCI World is
From M1 to M3: The Apple iMac 2023
Mac & i
Smart home standard Matter: market overview and first practical steps
To the home page
#Hacking #selfexperiment #Raspi #BadUSB #tool