Professional Documents
Culture Documents
visudo.info/tan-cong-may-tinh-su-dung-teensy-hid-p1/
10/7/2016
K thut tn cng my tnh s dng thit b HID xut hin trong nhiu nm tr li y, thit b HID l mt phn
lp ca tiu chun USB - thng c ng dng trong kh nhiu cc thit b ngoi vi vi hnh dng, kch thc v
chc nng khc nhau. Trong bi vit ny, ti s tin hnh th nghim cc lab s dng thit b Teensy HID phin bn
phn cng 3.2 khai thc, chim quyn my tnh v mt s hnh thc tn cng a dng khc.
HID (Human Interface Device): l mt phn lp (class) trong tiu chun USB. Mt thit b HID c th
c lp trnh nh ngha li chc nng ca n. Thit b HID c th l mt bn phm USB, chut
USB, thit b chi game cm tay, thit b lu tr d liu, ...
1/14
Thit b lu tr USB U3
USB U3, c bn y l mt thit b USB thng thng c tch hp chc nng to phn vng m
rng vi nh dng thit b l CD/DVD
S ra i ca thit b USB U3 l mt nhnh pht trin ca k thut vt c ch kim sot USB ca h iu hnh
Windows XP. USB U3 li dng chnh sch Autorun ch c cho php trn CD/DVD, cc tin tc p dng tnh
nng nhm lu tr v thc thi m c t ng trn XP.
2/14
3/14
4/14
5/14
6/14
Trc khi thc hin bin dch v np chip, cn ch thit lp thit b Teensy l " Keyboard + Mouse + Joystick".
7/14
Connection
---------192.168.207.141:4444 ->
8/14
9/14
Kt ni phn cng
thc hin kt ni cc thit b phn cng, ti s dng mt s dy ni loi u ci-ci 10cm, v hn cc chn c
vo mch Teensy. S kt ni nh sau:
SD Adaptor ----------- Teensy
+5V (VCC) ni vo 3.3V (100 mA max)
Ground (GND) ni vo GND
MOSI ni vo chn 11, DOUT
MISO ni vo chn 12, DIN
SCLK (SCK) ni vo chn 13, SCK
SS (CS) ni vo chn 10, CS
Np chng trnh c th nh
Ti tin hnh np chng trnh kim tra kt ni n th nh v kim tra d liu ti cng COM.
10/14
11/14
12/14
Trin khai m c
Ti s dng chng trnh Social-Engineer Toolkit (SET) ti Kali to m c v np chng trnh cho Teensy.
Tham kho
1. How AutoRun Malware Became a Problem on Windows, and How It Was (Mostly) Fixed
2. Dont Panic, But All USB Devices Have a Massive Security Problem
3. HTG Explains: What Is Juice Jacking and How Worried Should You Be?
4. https://www.pjrc.com/teensy/
5. http://www.irongeek.com/i.php?page=security/plug-and-prey-malicious-usb-devices
6. http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle
7. https://www.offensive-security.com/offsec/advanced-teensy-penetration-testing-payloads/
8. https://github.com/offensive-security/hid-backdoor-peensy
9. https://github.com/trustedsec/social-engineer-toolkit/blob/master/src/teensy/peensy.pde
10. https://github.com/matterpreter/penteensy
13/14
11. https://github.com/samratashok/nishang
12. http://www.linux-usb.org/usb.ids
13. https://jumpespjump.blogspot.com/2013/09/making-pc-mouse-hw-trojan.html
Bn quyn thuc v Visudo Blog 2016
14/14