WHID Injector: Next Level USB attack

-

This is Education Purposes Only

It's 2020, and I believe most of you (Geeks, Tech Guy, IT Pro's, Pentesters) have already heard or Know about keystroke injection tools such as Rubber DuckyPHUKD. 
Same as the above many good research ideas have been published, such as Iron HID, Mousejack, and the coolest USaBUSe.

What is WHID Injector?
If you are new to the topic, I will note a brief introduction WHID Injectors. WHID stands for "Wifi HID. " HID means a human interface device, ie. Mouse, Keyboard.

So You may wonder how the HID device been transformed into WHID and using to conduct a cyber attack. Let's get in there in the next topic. First, we will explore how WHID had made.

WHID contains two main elements. Primarily Atmega 32u4 (commonly used in many Arduino boards) featuring self-programming flash program memory and ESP-12s to provides the wifi capabilities and is widely used in IoT projects.

Atmega 32u4


ESP-12s


 

 







  

So what can be done through a combination of these two tech pieces?

 

As you may know, with the enhancement of technology, IT Security personals had deploy polices to block USB's to stop unauthorized devices from being plugged into the organization computers. Mostly the main pattern used is to block " Mass storage Devices. " There is a small glitch in here. We use other wifi peripherals such as keyboards, mouse, Internet Dongles, USB hubs, etc.... Attackers had invented a genius product based on this glitch. That is none other than WHID
Cactus WHID Wifi USB

Imagine a situation where intruders send an attacking script or simply payload, to the computer via such exception device. For example what if the payload drive as keyboard input, open power shell or cmd in the back group without user detection and search for a specific file and send it via email and delete the email ? or transmit the file to a flying NAS beyond your organization 21st floor ( Flying NAS: Drone can be configured as NAS, will cover this in future articular)

I believe now you can understand the depth of WHID attack and with imagination and creativity how far such attack and be lunched.

WHID Injector: an USB-Rubberducky/BadUSB on Steroids

WHID Injector: How to Bring HID Attacks 








 

 

 

 

 

Are these available in the market?  

 

While I was looking for a cheap alternative for Rubber ducky, I have come across the word WHID. So i just did a search in Aliexpress.com, just the work WHID. You won't believe there are many options available as shown in below image πŸ˜€


 
Ali express search result : WHID

  πŸ‘‰For the price starting 10 - 40 USD, you can get a ready-made WHID with ready-made payloads.
Even a non-technical person can buy such a device and play with the tool without any worries.
I have purchased one and play a little, and its working like a charm for me.πŸ™ˆπŸ™‰

More Research Articles...

 

If you are more interested in this subject, I'm suggesting following articles that have depth knowledge on the subject matter from researchers who are specialized and humble to share the knowledge. Out of the below articles, "Luca Bongiorni" is my favorite writer who had shared his research knowledge from scratch. 

WHID Ninja - Luca Bongiorni



 
This is my first article, and if you have any suggestions, comments, improvements tips, please let me know. See you all with another Article on next week.







Comments

Post a Comment

Popular posts from this blog

Flying FTP Server

-
Image
This is Education Purposes Only  Before coming to the main topic of this article, I would like to introduce a good source of knowledge in the cybersecurity domain. This source may not be new to most of you as you guys were in the field for a long time. But anyway I will keep a little note on this as im a huge fan of this Tech-Talk. The source is non-other than the "DEFCON conference" YouTube channel. ( As in my inner thoughts I would dying to participate to the actual conference one day😍).   DEFCON So writing about DEFCON for the new people, DEFCON is one of the world's prime and most outstanding hacker conventions, held yearly in Las Vegas, Nevada. Simply this is a place where all there Hackers (People with exceptional technical knowledge and out of the box thinking pattern) get together and show off their research works and share knowledge. If you follow the below link, you will find the YouTube channel where you can view the tech talks in most of th...
Read more

Understanding AiTM Attacks: How Cybercriminals Hijack Your Online Sessions (And How to Stop Them)

-
Image
Introduction Imagine this: You receive an urgent email claiming your account has been locked. You click the link, log in, and even enter your two-factor authentication (2FA) code. Everything seems fine—until days later, you discover your account has been hacked. What just happened? You’ve fallen victim to an Adversary-in-The-Middle (AiTM) attack, one of the most sophisticated and dangerous phishing techniques today.   What makes AiTM attacks even scarier is their commercialization. Cybercriminals can now buy ready-made AiTM phishing kits on the dark web, turning session hijacking into a booming business. In this article, we’ll break down how AiTM attacks work, share real-world examples, and arm you with actionable tips to protect yourself. What is an AiTM Attack?  An AiTM attack is a type of Man-in-The-Middle (MitM) attack where cybercriminals intercept and manipulate communication between you and a legitimate service. Unlike traditional phishing, AiTM attacks don’t just steal...
Read more

Fortifying Your Digital Realm: Unleashing the Power of Microsoft 365 Defender

-
Image
Microsoft 365 Defender stands out from other cybersecurity solutions in several key ways, making it a compelling choice for organizations looking to bolster their security posture. Let's explore how it differs from other solutions: 1. Integrated Ecosystem: One of the primary differentiators of Microsoft 365 Defender is its integration with the broader Microsoft ecosystem. It seamlessly integrates with other Microsoft 365 products, such as Microsoft 365 and Azure Active Directory, creating a unified security platform. This integration allows for better visibility and correlation of security events across different services, enabling more effective threat detection and response. 2. Native to Microsoft 365 : Unlike many third-party security solutions, Microsoft 365 Defender is native to the Microsoft 365 environment. This native integration provides several advantages, such as easier deployment, streamlined management, and automatic updates. It also means that Microsoft 365 Defender c...
Read more