BadMouse: The Mouse clicks, while the Duck quacks!
Before we dive into the post lets look at a demo of what this is all about.
Yes, that just happened! I just plugged in the "supposedly" unharmful mouse to my Laptop and it launched Notepad and types "Ooops the mouse just pwnd you :D", Instead of this it could have easily been an payload to get a meterpreter session/ reverse shell.
So before you plugin anything into the USB ports, make sure you know what it really is, best bet to stay safe is to not plug anything that isn't yours.
Lets look into how its done.
During 2014 Black hat conference, one of the most discussed was a report on the fatal vulnerability of USB devices, which allows regular USB flash drives to be turned into a tool for spreading malware. The attack was called BadUSB. Though due to the impact of this vulnerability the authors Karsten Nohl and Jakob Lell did not make the PoC public, but later two other researchers Adam Caudill and Brandon Wilson released a PoC tailored to Phison 2251-03 microcontroller.
But this involves changing the firmware of the device, this would take a lot of research and work to tailor it for the specific micro-controller (We will look into this in later post), but before that we would look into a simple way to make a mouse act as a mouse as well as a keyboard.
When I made this, I was a Sophomore and had no idea about how flash drives work, all I had in my hand was a USB rubber ducky from hak5, and had to lend my mouse and keyboard a lot to my room mates. So that natural thing I did is to disguise my HID keyboard as a mouse, but it also had to function as a mouse so that they use it and pass it on.
So I ended up using a mouse, an USB rubber ducky and an USB HUB.
- Rubber ducky https://goo.gl/3ZL7qV ~20$
- USB Hub https://goo.gl/rxKgPe ~4$
- Mouse Which I got for free from a friend of mine xD
So the total cost is around 24$
The Idea was to plug the mouse and the rubber ducky into the hub and connect the hub to the computer, but it shouldn't look so obvious. So I had to fit this all inside the mouse casing itself,and make it and feel like a normal mouse.
The first thing I had to do was to find a USB Hub that was small enough to fit inside the casing, I went with https://goo.gl/rxKgPe. I had to strip the casing of the Hub and use the board alone which surprisingly was small enough.
Next was to cut short the connector of the mouse,and connect it to the hub inside the case and extend the connector of the hub outside as if it appears to be the connector of the mouse itself.
Last step was to add the rubber ducky , connect the ducky to the hub inside the casing of the mouse.
Finally everything is taped to make it compact and lid is placed .
And Voila it looks the same, feels the same and does the same.
This post was to written to show how an aiding device like an mouse can become hostile.These could also be used in an red team assessment.
So before you plugin anything into the USB ports, make sure you know what it really does.
When they were busy pwning their opponents in the game, we are busy pwning them :D