HID Attack using Teensy

What’s going on!?

Lately I’ve been playing a little with the Teensy (3.2) and decided to make a video on the brief setup of a HID (human interface device) attack for Windows.

What is Teensy?

As described in the Teensy website:

The Teensy USB Development Board is a complete USB-based microcontoller development system.
Actual size is 1.4 by 0.7 inch – features a 32 bit ARM processor.

It can be used in many different projects as you can see here.

What is the HID attack?

Basically we are configuring the Teensy (3.2) to emulate a keyboard and a mouse, so we can issue a sequence of commands with precision timing, like for example: download a executable from an external website and run it. πŸ˜›

By default, operating systems tend to allow keyboard and mouses full control of the system. Using timed commands, it is easy to run a complete drive-by HID attack in 20 seconds, possibly even less. It also avoids detection in some ways as you are ‘physically pressing the keys’ – or at least, that’s what the computer thinks.

Teensy Configuration

The main configuration can be found on Teensy’s website and it’s quite simple:

1) Install Arduino IDE
2) Install Teensyduino
3) Run “First Use” tutorial to get familiar

HID Attack Setup

Now you can run Arduino IDE and connect your Teensy. Optionally you can hold down your Teensy’s button in order to prevent it from executing anything, so it makes it easier to upload your code to it.

You will need to change the settings on your Teensy to make it act like a keyboard + mouse:

1) Tools > Board > Choose your board version (mine is 3.2)
2) Tools > USB Type > Keyboard + Mouse + Touch Screen

[ Download ] Click here for: ‘Download + Execute Script

You can open the script on your IDE or simply copy+paste it.
Then, with your Teensy connected, click on ‘Verify’ (checkmark icon)

Finally click on the ‘Upload’ button (arrow to the right). Wait for the upload.
Once it completes, your Teensy should be ready to go!

Video

Resources

As mentioned on the video, when originally searching for scripts for the Teensy, I ran into a toolkit called Brutal, which I couldn’t really use (I’m guessing its not Slackware compatible, probably made for a specific pentesting OS) but in the end it didn’t matter since it contained many scripts ready for the Teensy inside and that was all I was looking for! πŸ˜‰

I highly recommend downloading it and using his scripts as a starting point – you will find these specifically under the ‘src’ folder in different categories, such as: exploit, gathering, prank…

1) Brutal Toolkit (peep ‘src/’ folder)
2) Kautilya Toolkit

Leave a Reply

Your email address will not be published. Required fields are marked *