Bad USB penetration testing tool

1st January 2020

When doing a penetration test a common method is to drop USB sticks in the parking lot and see who plugs them in. the old method relies on Autorun being enabled but Autorun has been disabled by many patches etc. New method uses BadUsb or a Microcontroller that looks like a USB stick. when it gets plugged in, it can wait until activity is low and then pretend to be a keyboard to inject keystrokes.

Its hard to find hardware to make this attack work

Compatible hardware is available here $5 us https://www.aliexpress.com/item/32732578586.html?spm=a2g0s.9042311.0.0.4aa44c4dBJnlRV

I have an even cheaper unit $1.50 made by Digispark This unit is good for testing but it has no case. It also has only 6k of memory. A Sketch that prints “All your base are belong to us!” takes up 47% of the memory. More info here https://www.youtube.com/watch?v=jHNMl6khEio

Install the Digispark IDE using the installer app as the Windows Store app is slightly out-dated. Install the DigiSpark board descriptions as shown in the video above. Then restart the IDE. It should ask if you want to update your DigiSpark descriptions.

The DigiStump will flash a red light if it cannot find drivers. It is normal for the red light to flash for 8 seconds after plugging in. If it flashes forever you need to install USB driver here https://sourceforge.net/projects/digistump/files/Digistump1.5Addons-v092.zip/download

In the zip file under \Digistump Windows Drivers find and run Install 64bit Drivers.exe This will fix the unknown device in Device Manager