Shulou(Shulou.com)06/02 Report--

ATtiny85 vulnerability exploitation framework HID test analysis, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Today's protagonist is this tool called Flashsploit, which is a vulnerability exploitation framework based on ATtiny85 HID attacks, with the help of which researchers can test HID penetration attacks on all kinds of devices.

Introduction to HID attacks

HID is an acronym for Human Interface Device, and its name shows that HID devices are devices that interact directly with people, such as keyboard, mouse, joystick, and so on. However, HID devices do not have to have a man-machine interface, as long as the devices that meet the HID category specifications are HID devices. Generally speaking, the attacks against HID are mainly focused on the keyboard and mouse, because as long as you control the user's keyboard, you basically control the user's computer. The attacker will hide the attack code in a normal mouse keyboard, and when the user inserts the mouse or keyboard containing the attack vector into the computer, the malicious code will be loaded and executed.

Flashsploit

Flashsploit is a vulnerability exploitation framework that uses ATtiny85 HID devices (such as Digispark USB development panels, etc.) to perform penetration attacks. Flashsploit can generate Arduino IDE Compatible (.ino) scripts based on user input and listeners in the Metasploit framework based on the requirements of the script. In short, Flashsploit can automate the generation of attack scripts in automated msfconsole.

Data extraction on Windows platform

You can extract all stored WiFi passwords, store the data in XML format, and then upload it to a remote SFTP server:

Extract the network configuration information from the target system and upload it to the remote SFTP server:

Use Mimikatz to extract passwords and other sensitive information and upload them to the remote SFTP server:

Reverse Shell

Obtain the reverse Shell by leveraging the Microsoft HTML application (mshta):

Obtain the reverse Shell by using the Certificate Authority Utility (certutil)

Obtain reverse Shell by using Windows scripting host (csript)

Obtain reverse Shell by using the Windows installation tool (msiexec)

Obtain reverse Shell by using Microsoft Registry Server (regsvr32)

Other miscellaneous

Modify the desktop wallpaper of the target host:

Use a .bat script to bring down the target Windows device (denial of service attack), consuming 100%CPU and running memory:

Infect and execute malicious files (ransomware)

Disable the Windows Defender service on the target device:

Running platforms currently supported by Flashsploit

Kali Linux 2019.2

BlackArch Linux

Tool dependent component

The following four tool components are required for Flashsploit to function properly:

Metasploit-Framework

Python3

SFTP

PHP

After reading the above content by downloading the tool and using git clone https://github.com/thewhiteh5t/flashsploit.gitcd flashsploitpython3 flashsploit.py, have you mastered the test and analysis method of the ATtiny85 vulnerability exploitation framework HID? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.