One of the things that keeps me on the security path is the opportunity to learn new things each day.
After seing the new update on Bettercap – which supports HID (Human Interface Device) – I decided to read about it – specially on MouseJack keystroke injection attacks.
I went throught the affected devices list and didn’t have any on my own to test it. BUT I had a Logitech M185 wireless mouse which is very popular because… it’s cheap comparing to other models.
I grabbed the CrazyRadio dongle – which was waiting for better usage on my lab – and put it into action.
I opened Bettercap and turn on the HID recon:
sudo bettercap -eval="net.recon off;hid.recon on"
After a while I detected my Logitech M185 and also other stuff:
Just to make sure it was really my device, I did a simple HID.sniff ADDR and pressed a few buttons. Don’t want to pop shells anywhere 🙂
Next, I created a simple DuckyScript to show the Windows calcultator on the desktop:
GUI r DELAY 200 STRING calc DELAY 200 ENTER
What we have so far:
- Bettercap running with HID module on
- Detected my Logitech M185 2.4Ghz mouse
- Created the DuckyScript to use (ducky.txt)
The only thing missing is to inject our payload and see what happens:
hid.inject ADDR PT ducky.txt
You can see the end result of this proof-of-concept video – https://www.youtube.com/watch?v=TdPRYWkYarM
Don’t want to be a spoiler but… yeh it’s vulnerable 🙂