This time i will share with you guys a multifunction USB that can remote (keyboard or mouse) for example wirelessly. USB that can buy in any online shop and can ship around the world is also can modify with third party like wifi ducky, ESPloit V2 and more. You can remote anything that plug with this usb from wifi to send keystrokes or payloads.
What is WHID?
It stands for WiFi HID Injector. It is a WiFi remotely-controlled {Keyboard, Mouse} Emulator. Practically is an USB Rubberducky or BadUSB device on Steroids!
Blog posts about WHID
https://blog.rootshell.be/2018/05/22/evil-mouse-project/
WiFi HID Injector for Fun & Profit
Hardware Design Author: Luca Bongiorni – https://twitter.com/lucabongiorni
Initial sw based on ESPloit by Corey Harding of www.LegacySecurityGroup.com
WHID Mobile Connector by Paul https://twitter.com/paulwebsec
For Sale at:**
Main Requirements
- Arduino IDE
- esptool from https://github.com/whid-injector/esptool Checkout https://learn.adafruit.com/building-and-running-micropython-on-the-esp8266/flash-firmwareon how to install it!
First of all you need to install the ESP8266 Libraries.
- Go on File > Preferences > Additional Board Manager URLs
- Paste there http://arduino.esp8266.com/stable/package_esp8266com_index.json and press OK
- Go Tools > Board: > Board Manager
- Type ESP8266 and Install the 2.3.0 version.
How To Configure WHID software (WINDOWS)
Please keep in mind that the following Video is for installing WHID Software into Cactus Micro (which has 512K/64K Flash). If you wanna install on Cactus WHID hardware, select 4M/3M option in Arduino’s settings
[VIDEO] https://youtu.be/MRGUSPW-Cr0
How To Configure WHID software (OSX)
[VIDEO] https://youtu.be/3FOLTxtehf0
git clone https://github.com/whid-injector/esptool cd esptool/ sudo pip install pyserial sudo python ./setup.py install python esptool.py --port=/dev/cu.usbmodem1411 -b 115000 write_flash 0x00000 ../WHID/sketches/cactus_micro_rev2/ESP_Sketch/compiled.bin
Third Party Softwares
ESPloit V2
Enhanced version of WHID GUI (pre-installed on Cactus WHID) https://github.com/exploitagency/ESPloitV2
USaBuse
Used for Airgapped Environments BYPASS! https://github.com/sensepost/USaBUSe
coming soon…
Wifi Ducky
https://github.com/spacehuhn/wifi_ducky
For the Wifi Ducky you also need to install the following Libraries
- ESPAsyncWebServer – https://github.com/me-no-dev/ESPAsyncTCP/archive/master.zip
- ESPAsyncTCP – https://github.com/me-no-dev/ESPAsyncWebServer/archive/master.zip
How to install Libraries in Arduino : https://www.baldengineer.com/installing-arduino-library-from-github.html
[VIDEO] How to configure Wifi Ducky (WINDOWS) https://youtu.be/PGa_ByyQw8Q
NOTE : For more information you can read whid wiki
HOW TO START [Newbies Edition]
Since July 2017 all Cactus WHID are delivered with pre-loaded ESPloitV2 and are ready to Plug-n-Hack ✌
Thus, even if you are not an Arduino expert, you can immediately have fun!
Just plug it in an USB port and connect to the WiFi network :
SSID "Exploit" Password "DotAgency"
Open a web browser pointed to “http://192.168.1.1“
The default administration username is “admin” and password “hacktheplanet”.
For cool payloads or more info check the Wiki or the Payloads directory.
The Hardware
USB Pinouts
In order to make easier the process of weaponizing USB gadgets, you can solder the USB wires to the dedicated pinouts.
The pin closer to USB-A is GND. The pins are :
- GND
- D+
- D-
- VCC
[ In case an USB HUB is needed (i.e. to weaponize some USB gadget or mouse), usually, I do use this one https://www.tindie.com/products/mux/nanohub-tiny-usb-hub-for-hacking-projects or this https://www.aliexpress.com/item/Random-Color-Redbud-High-Speed-USB-2-0-4-Port-HUB-Fashion-Design-HUB-Computer-Accessories/32788390064.html]
Possible Applications
- Classic : Remote Keystrokes Injection Over WiFi
Deploy WHID on Victim’s machine and remotely control it by accessing its WiFi AP SSID. (eventually you can also setup WHID to connect to an existing WiFi network)
- Social Engineering: Deploy WHID inside an USB gadget
The main idea behind it is to test for Social Engineering weaknesses within your target organization (e.g. DLP policy violations) and to bypass physical access restrictions to Target’s device. Usually, I create a fancy brochure (sample template https://github.com/whid-injector/WHID/tree/master/tools/Social_Engineering_Lures ) attached with a weaponized USB gadget and then use a common delivery carrier (e.g. UPS, DHL, FedEx).
WHID Injector has an Official Android App https://play.google.com/store/apps/details?id=whid.usb.injector and guess what, we open sourced it.
When someone writes an piece of writing he/she retains the plan of a user in his/her
brain that how a user can know it. Thus that’s why this post is perfect.
Thanks!
Hey there! This is my first visit to your blog! We are a group of volunteers and starting a new initiative in a community
in the same niche. Your blog provided us valuable information to work on. You
have done a extraordinary job!