USBdriveby – exploiting USB in style



USBdriveby (http://samy.pl/usbdriveby) is a device you stylishly wear around your neck which can quickly and covertly install a backdoor and override DNS settings on any unlocked machine via USB in a matter of seconds. It does this by emulating a keyboard and mouse, blindly typing things, flailing the mouse pointer around and weaponizing mouse clicks.

A version for Windows and OS X is available on github.

It also evades several security measures in OS X, including hacking the accessibility settings, window positioning, overriding network settings, and disabling portions of the Little Snitch firewall.

By Samy Kamkar

Want to attack *locked* or password protected computers? Then check out PoisonTap: https://youtu.be/Aatp5gCskvk

Subscribe to my channel for more Applied Hacking videos: https://www.youtube.com/subscription_center?add_user=s4myk
Follow me on Twitter: https://twitter.com/samykamkar

More USBdriveby details: http://samy.pl/usbdriveby
Also check out BadUSB: https://srlabs.de/badusb/

Music by Epoch Rises: http://soundcloud.com/epochrises
aka USB Driveby / USB Drive By

WINDOWS VERSION
A Windows version is available on the Github linked from https://samy.pl/usbdriveby/

Another user posted an alternate version for Windows: https://youtu.be/FfRhKzbgmeU

FOR LINUX: You can simply open a terminal, add a new directory to the beginning of $PATH, install a malicious “sudo” in that user-owned path that siphons credentials and performs the same attacks and more (and still send the sudo password to the real sudo to prevent the user from noticing.)

DETECTING OPERATING SYSTEM: You can detect OS by the unique way each OS communicates with the USB device.

WHY NOT RUBBER DUCKY?
Rubber Ducky is an awesome tool but lacks the HID mouse emulation required to pull off the mouse-based DNS attack we perform here! Additionally, this is half the price!

source

Fahad Hameed

Fahad Hashmi is one of the known Software Engineer and blogger likes to blog about design resources. He is passionate about collecting the awe-inspiring design tools, to help designers.He blogs only for Designers & Photographers.

43 thoughts on “USBdriveby – exploiting USB in style

Leave a Reply

Your email address will not be published. Required fields are marked *