Researcher Luca Bongiorni has detailed the procedure to weaponize a new mouse with WHID Injector to show you how to create malicious HID devices.
Hello there! Finally, I had some spare time to Weaponize a new Mouse, in order to show you how easy is possible to create malicious HID devices.
Materials Needed:
- WHID Injector [x1]
- Mini USB HUB [x1]
- Wired USB Mouse [1]
- Soldering Kit (Iron, Flux, etc.)
- Wires
- Rubber Tape
- Bit of Hot Glue
First of all let’s start ripping a part one mini USB HUB.
Usually, I do use one of these two:
For this project, I have used the first one, since was cheaper and already available in my lab.
Next step is to desolder all those wires while keeping notes of its pinouts (i.e. GND, D+, D-, Vcc) since we will have to match the USB pinouts with the WHID Injector.
Afterward, we will have to solder the wires to the WHID Injector as explained in its Wiki.
Afterward, we will have to solder the wires to the WHID Injector as explained in its Wiki.
At this point, we need to solder back the wires in the USB HUB and connect WHID_Injector to it.
In my case the colors were:
Here below how it looks like once everything is assembled:
Now the tricky part is to put everything back into the plastic case… and voila’ the final result!
Now we test if everything works properly and start thinking of which payloads we can deploy, on-demand and remotely, into the targeted machines. ?
Here below I recorded a couple of PoCs about some useful payloads I was using during engagements. Enjoy!
You will see how WHID can easily help pen testers to exfiltrate domain credentials with both Phishing Technique and Mimikatz (FUDed) In-Memory.
P.S. These payloads are available at:
https://github.com/whid-injector/WHID/tree/master/payloads
https://github.com/whid-injector/WHID/tree/master/payloads
Share On
