USB Pentesting devices & attack tools (part 1)

Today we take a look at some types of USB-based devices available to assist in Penetration Testing and Ethical Hacking of computers and networks.

Please keep in mind that although these devices can be used for ethical purposes to test the security of computers and networks, they can also be used as weapons or attack tools by criminals or Black Hat Hackers to take over computers or networks and steal sensitive data.

Below are a range of devices which are highly portable due to their size yet extremely powerful:

Bash Bunny

Bash Bunny is an advanced USB attack platform that enables automated attacks by running simple payload scripts e.g. keystroke injection, network hijacking and more. These scripts can then be used to scan a computer, capture credentials etc.

It operates by mimicking trusted devices such as a storage drive (USB thumb drive or external hard drive), a keyboards or USB network device. This helps bypassing Firewalls and avoiding Intrusion Detection Systems. Just wait for the light to turn green that signifies the system has been hacked.

Bash Bunny can carry multiple payloads which can be selected using a switch on the device. Popular Pentesting tools that can be loaded include Nmap, Impacket, Responder, and Metasploit.

To help with getting started it comes with “a huge library of payloads that blend the power of Bash with the simplicity of Ducky Script”.

See Hak5 for more details.

Bluefruit LE Sniffer

This is a BLE (Bluetooth Low Energy) sniffer using a special firmware image that enables the passive capture of data exchanges between 2 BLE devices. This data can then be pushed into Wireshark for network analysis on a packet level.

See Adafruit for further details, videos, datasheets, drivers and tutorials.

Key Croc

Keyloggers typically record keystrokes. Key Croc is more than this as it is armed with Pentesting tools such as Nmap, Impacket, Responder, and Metasploit which are accessible via shell commands. There is also support for remote access and payloads that are triggered when specified keywords are typed.

In a similar manner to Bash Bunny, Key Croc can bypass firewalls and intrusion detection systems by emulating trusted devices like serial, storage, HID and Ethernet. This in turn opens up attack vectors from keystroke injection to network hijacking.

Credentials such as usernames, passwords, PIN codes etc can be captured then used to extract data remotely via a web browser using Cloud C2.

See Hak5 for more details.

LAN Turtle

The LAN Turtle is a covert Systems Administration and Penetration Testing tool providing stealth remote access, network intelligence gathering, and man-in-the-middle surveillance capabilities through a simple graphic shell.
Housed within a generic “USB Ethernet Adapter” case, the LAN Turtle’s covert appearance allows it to blend into many IT environments.

Inside the case is a hidden Micro SD card which can be used to store data captured from MITM (Man-In-The-Middle) tools that are built into the device.

Remote access via a web browser is possible using Cloud C2.

See Hak5 for more details.

MalDuino Elite

MalDuino is like a superfast automatic keyboard. You tell MalDuino what to type, then plug him in and he’ll type out whatever you’ve told him to! You can reprogram MalDuino as many times as you like, changing what he does. Think what you can do to a computer with a keyboard and 15 minutes, well MalDuino can do all of that but at lightning speed!

Features include:

  • LED Status indicator tells you when your script is done
  • Switches allow you to toggle between up to 16 different scripts
  • microSD slot for storing scripts

See Maltronics for more details.

Packet Squirrel

Packet Squirrel is a pocket-sized MITM* tool designed to gain covert remote access to Ethernet networks, capture packets and secure VPN** connections.

The device supports Bash shell commands, provides a selection of familiar Linux tools, and will run Ducky scripts.

Power is provided via USB though the consumption is only 0.12 amps so with a high capacity power bank it will run for over a week.

Ports include 2 x RJ45 Ethernet and 1 x USB for physical connectivity plus 1 x micro-USB for power. There is also a push button and multi-color LED that are programmable using scripts.

Remote access via a web browser is supported via Cloud C2.

See Hak5 for more details.

* Man-In-The-Middle
** Virtual Private Network

Look out for Part 2 of this article, coming soon, which will cover more portable Pentesting USB devices.

Do you have a favorite USB-based Pentesting device? If so please let us know which one by commenting below.

Leave a Reply