Keystroke Injection

As CCNA comes to a close, I was informed by another student who has already completed PowerShell that there is a project following completion. I knew right away this was a good excuse to play around with keystroke injection, as it has been of interest to me for awhile.

Keystroke injection is accomplished by masking a HID (human interface device) such as a mouse, keyboard or jump drive that can execute keystrokes upon insertion. This attack is not to be confused with the infamous "autorun" attack, which relied on a windows feature and .inf text file that would autorun a defined executable in the root directory on insertion - rather keystroke injection is done with a variety of hardware and is unique as it actually acts like keyboard.

While there are many devices to choose from, I picked up a cheap Arduino pro micro knock off to play with called the Keystudio Pro Micro 32u4. These are cheap and readily available everywhere, and even cheaper if you are willing to wait.

To get started, I read a bit on the keyboard.h library and some of the modifiers while trying devise a quick and dirty attack plan.

This is one of the most exciting things about Pentesting and security research; visualization of the plan, reconnaissance and establishing viable execution.

Something that was blantly obvious immediately started the attack is based all on time - from the moment of opportunity to the speed and delay of processing - not having a balanced delay may work on some PC's and not others, simply because you didn't allow the computer to keep up.

To start my attack off, I played with a few modifiers, testing the waters. Opening applications and using keyboard shortcuts in combination just seems so cool, but then you realize... This has the potential to be a very powerful attack. 

Check back for updates on the code

No comments:

Post a Comment