Almost everyone must have seen those spy movies where someone just inserts his tiny USB drive into any computer and hacks the shit out of it. The computer automatically starts to type ferociously and it gives out all the important data or just create a permanent backdoor so that the attacker can access the victim’s computer sitting anywhere on the globe! That might seem like a distant reality, but that’s possible now.
what I am going to demonstrate now is a USB based hack tool which can hack into any computer[only if the user has got admin priviledge]. I named it EvilDunio!
Evilduino! – USB hack tool
Live Demonstration video
Note: I have added time delays just for the demonstration purpose. You can remove the unnecessary delays from the program. In real life scenario, It can be much much faster. All you need to do is to plug it in, wait for a few seconds and then plug it out.
What it just did?
- opened command prompt with admin privilege.
- enabled remote desktop and added a firewall policy to allow RDP connection.
- Created a new account and gave it admin privilege.
- changed the DNS entry.
Thus, we successfully created a backdoor and also changed the DNS. We can setup a malicious DNS of our own and then insert it into the program. Now, we can access the victim’s account sitting from anywhere. This is not a very stealth kind of backdoor, but It is not limited to this only. We can create very powerful backdoors with this. I would share the code of how you can create different kind of backdoors with dangerous PowerShell scripts.
What it is made up of?
Arduino pro Micro
- An old internet modem cover to disguise it as a legitimate USB tool.
- A micro USB cable to connect it with PC’s USB socket.
The code can be seen here : github.com/rash2kool/EvilDuino
Inside of EvilDuino!
Inside of EvilDuino
Size of the chip:
Size of the chip
- Can act as a keyboard and mouse and can send keystrokes to CPU.
We can program it to act as a keyboard and a mouse. The computer detects it as a USB keyboard and thus evades any kind of antivirus detection.
2. Can type at superfast speeds.
It can type at superfast speeds and can create powerful backdoor using PowerShell scripts within seconds.
3. Very low cost [5 – 12$]
You can easily buy it’s clone from Ebay or from aliexpress.
Other USB Hack tools:
1. USB Rubber Ducky (hak5.org) [42 $]
Usb Rubber Ducky [Hak5]
2. Teensy USB development board [20 $]
Teensy USB development board
What else can be done with EvilDuino?
- Computer Information.
- Installed Updates.
- User Document List.
- Port Scan.
- Extract SAM File
- Find and Upload File (FTP).
- Disable Firewall.
- Open Firewall Port.
- Start Wi-Fi Access Point.
- Share C:\ Drive.
- Enable RDP.
- Create a Reverse Shell
- FTP Report to External Host.
- Email Report to your Account.
I will add few other codes to my git account on how to create powerful backdoors from this using PowerShell scripts. 🙂