*** disclaimer - myself and ths are not responsible for use of this guide as it is intended for educational purposes!!! ***
This was tested on my own personal devices!!
This is something new i have been messing around with that i thought was fun and pretty simple to get started with. i have been wanting to get into more ardurino type stuff and got a Teensy 3.2 as a holiday gift. if you don't know about teensy, it's a tiny microcontroller that can be picked up fairly cheap and made into a rubby ducky like device. i set mine up on linux so that is what this guide will cover, but it is possbile in windows as well, take note of the links provided for other OS instructions...
What you will need:Teensy 3.2
(Ruby-based Payload Generator)
*Kautilya needs colored
(and win32console on Windows) gems. Use bundle install! and obviously you need ruby installed... Arduino 1.6.6
(converts the payload to hex so it runs on teensy)Teensyduino
(arduino teensy plugin)UDEV rules
(This is required to use Teensy as non root user.)
Now that you have what you will need install it all in the listed order.
Once your all installed launch Kautilya by browsing to that dir, then type- sudo ruby kautilya.rb
Here you can pick your desired OS you are making the payload for, works for Windows, Linux, and Mac. In this walk-thru we will be making a payload for windows. so choose option 1. which takes us to the next screen.
Here you can choose which type of payload you would like to make, the list is fairly obvious. We will be doing info gathering here, so pick option 1. which takes us to the next screen where we choose what we want to gather.
We are going after login creds so choose option 6. Next you can pick how you want to receive the gathered info, i started with gmail. i made a new gmail account, you will need to go into the security settings and allow unsafe apps to access this account. Pick option 1 for gmail, it will then ask for your username/password for that account. once entered you will need to enter your teensy board version, since we are on teensy 3.2 choose the option for teensy 3, which is option 3. Then it will generate the payload in and provide the path where it saved to (in the Kautilya sub folder called output)
. That is it for the payload, now to convert it for the teensy using Arduino, so fire up that application and open the .ino file you created and you will get something like this. (ignore the version on the header, i loaded it in 1.6.8 on accident, it will need to be in 1.6.6 for the teensy plugin)
Now we just need to set it up to write to the teensy chip. Click on Tools>Board>and select your Teensy version i used 3.2. Then go back to tools and choose usb type> mouse, keyboard, joystick, avoid the serial version as we are doing a usb attack. You can also set the clock speed if desired. Then you need to go back to tools and choose keyboard type, im in the US so i picked us. I hear some keyboards may vary as keys can be different. i believe the author was working on a fix for this to be more universal, but until then trial and error till you get it right i guess lol. Then just hit the upload button, and the payload will begin to write to your device shouldn't take very long. Once done you are ready to test! you will plug it in to the pc you plan to pwn.
allow time for the device driver to load, then sit back and watch it work its magic.. i tested this on a win10 laptop, a DOS prompt comes up and you will see lots of stuff happening. what is nice is he used some of the peensy (offsecs payload generator) which will make it persistant, meaning if the attack is interupted it can detect it and start over until it completes. eventually the user will be presented a login prompt, similar to an admin rights prompt for say a software update. once the user enters the login creds you will have an email waiting for you with them!
The author of Kautilya is working on an update that will allow multiple payloads to be combined if needed which will be awesome, until then, you might be able to combine the code on the arduino step to get the same results, i haven't attempted this yet, but surely possible. There are many other payload options such as keyloggers, backdoors, etc. you will have to play around with them as i haven't had a chance to dig that deep or lack the skills to properly use some of them. but that's it, hope it helps some of use get started in the world of teensy like me! There are other payload generators out there for teensy, such as peensy, usbdriveby, and i believe badusb can be applied as well. They seem to be sharing the work and making improvements back and forth to advance what can be achieved. So it is like a rubbyducky, but i think it has a little more freedom then ducky since you can have larger sized payloads. there is even add-ons using micro sd cards and dipswitches to take it even further like:peensyhttps://www.offensive-security.com/offsec/advanced-teensy-penetration-testing-payloads/https://github.com/offensive-security/hid-backdoor-peensyusbdrivebyhttps://www.youtube.com/watch?v=aSLEq7-hlmohttps://github.com/samyk/usbdriveby
i take no credit for this, as i am mostly just compiling the works of others, i just explained the process which i was able to do.