Weaponize a Mouse with WHID Injector for Fun & W00t

Pierluigi Paganini June 13, 2017

Researcher Luca Bongiorni has detailed the procedure to weaponize a new mouse with WHID Injector to show you how to create malicious HID devices.

Hello there! Finally, I had some spare time to Weaponize a new Mouse, in order to show you how easy is possible to create malicious HID devices.
Materials Needed:
  • WHID Injector [x1]
  • Mini USB HUB [x1]
  • Wired USB Mouse [1]
  • Soldering Kit (Iron, Flux, etc.)
  • Wires
  • Rubber Tape
  • Bit of Hot Glue
First of all let’s start ripping a part one mini USB HUB.
WHID 1 USB HUB

Usually, I do use one of these two:

For this project, I have used the first one, since was cheaper and already available in my lab.
Next step is to desolder all those wires while keeping notes of its pinouts (i.e. GND, D+, D-, Vcc) since we will have to match the USB pinouts with the WHID Injector.
Afterward, we will have to solder the wires to the WHID Injector as explained in its Wiki.
WHID 2 USB HUB WHID 3 USB HUB

At this point, we need to solder back the wires in the USB HUB and connect WHID_Injector to it.

In my case the colors were:

WHID 2 USB HUB

Here below how it looks like once everything is assembled:

WHID 2 USB HUB

 Now the tricky part is to put everything back into the plastic case… and voila’ the final result!

WHID 6 USB HUB

Now we test if everything works properly and start thinking of which payloads we can deploy, on-demand and remotely, into the targeted machines. ?

Here below I recorded a couple of PoCs about some useful payloads I was using during engagements. Enjoy!

You will see how WHID can easily help pen testers to exfiltrate domain credentials with both Phishing Technique and Mimikatz (FUDed) In-Memory.

[adrotate banner=”9″]

Edited by Pierluigi Paganini

(Security Affairs – hacking)

[adrotate banner=”13″]



you might also like

leave a comment