BadUSB

There are a lot of examples on the Internet showing you how to make your own BadUSB. What makes this one different? Not much. This board is designed to demonstrate how a BadUSB can work on both Linux and Windows. This is the demo board we built for our Arduino Hacking Village at ThotCon 9 (2018).

Our BadUSB is designed off of a Pro Micro Arduino. Although the buttons are not required, they were added for demonstration purposes. One button will work on Kali Linux to setup your environment, create the payload with SET and start a listener using Metasploit. The second button will execute a Powershell script on a Windows host to pulldown the payload and give you a reverse shell on your Kali box.

As with all our projects, you will find the source code on GitHub.

For a more covert look, you can put the Arduino inside an old USB drive case. I found an old Sand Disk Cruzer to gut. It took a bit of grinding and sanding to make everything fit, but it does work. With the cover on it looks legit.

I know you can purchase a more refined version of this, but I always find it rewarding to make my own attack tools.

-Michael