10/100

BadUSB

LUHack

BadUSB

Unattended Laptop

Some people like to leave their laptops unattended and unlocked.

Friends don’t let friends do this.

Educate them*.

*Without breaking the CMA

If you know your friend is going to be gone for a while, you don’t need to worry about them seeing you do this.

What if they’ve only left the room briefly?

Plasma Globe

Not all keyboards look like keyboards.

Go back to the picture slide whilst you tell the story.

Whether for fun or for profit, quickly executing a series of keystrokes or mouse movements can be a powerful tool.

(You can also use it to set up a room full of machines which you don’t have admin access to.)

USB Rubber Ducky

The USB Rubber Ducky is a tool for executing keystrokes.

Today Sally has left her computer unlocked and unattended.

Isaac has built you a BadUSB tool to execute keystrokes and mouse movements.

1
2
3
4
5
6
7
8
9

key_up <key>
ku <key>

key_down <key>
kd <key>

key_press <key>
press <key>
p <key>

1
2
3
4
5
6
7

mouse_up <button>
up ...
mu ...

mouse_down <button>
down ...
md ...

1
2
3
4
5

type_key <interval> <key1> [key2] [key3] ...
tk ...

type <interval> <text>
t ...

duration is in seconds

1
2
3
4

sleep <duration>
s ...
wait ...
pause ...

1
2
3
4
5
6
7

scroll <wheel_clicks> [h | v]

scroll_vertical <wheel_clicks>
sv ...

scroll_horizontal <wheel_clicks>
sh ...

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

move <relx> <rely> [duration]
mouse_move ...
m ...

move_to <absx> <absy> [duration]
mouse_move_to ...
goto ...
mt ...

click <button> [times] [interval]
mouse_click ...
c ...

Examples of things you can do to educate Sally

Leave a helpful message

Helpful Message

Take a screenshot of the desktop, set it as the new background, delete all the icons, and hide the taskbar.

Desktop Background

(I promise I actually did this here and didn’t just take a screenshot of the desktop…)

Go forth and educate!

Don’t forget to save your script before you run it