Only for Educational Purposes
Microcomputer or USB-based attack(penetration testing) in RTE (Run Time Environment) using Raspberry
Pi or Malduino USBRaspberry Pi
Raspberry Pi is a microcomputer; it measures approximately 8.5 cm x 5.5 cm in size, but manages to pack in 2 GB RAM, two USB ports, and an Ethernet port supported by a Broadcom chip using an ARM processor, running at 700 MHz (which can be overclocked to 1 GHz). It doesn't include a hard drive, but uses an SD card for data storage
This device can be easily hidenn on a network (behind workstations or servers, placed inside server cabinets, or hidden beneath floor panels in the data center
To configure a Raspberry Pi as an attack vector, the following items are required: A Raspberry Pi Model B, or newer versions An HDMI cable A micro USB cable and charging block An Ethernet cable or mini-wireless adapter An SD card, Class 10, at least 8 GB in size
MalDuino – the (BadUSB Arduino-powered USB)
This device has a keyboard injection capability and runs the commands within fraction of second. These devices are extremely useful during physical security with access to the organization's building. Often, people inside the organization rarely lock their computer, assuming the physical access restrictions are safeguards and no one would do anything. Even if attackers gain access physically to the system, staff can arguably say we have no USB policy, well its good. But disabling USB does not disable USB-based keyboards—when attackers plugs in the MalDuino, it acts as a keyboard, typing commands exactly how a human being would run a specified payload and execute.
There are two flavors of MalDuino, Elite and Lite. The difference is Elite provides an SD card option for you dump around 16 different payloads with the hardware switches on the device, so that you don't need to reconfigure the entire device. With of MalDuino Lite, you have to configure the device everytime you change the payload. The board supports the Ducky Scripts templates, making it easy to build custom scripts.