Researcher Luca Bongiorni has detailed the procedure to weaponize a new mouse with WHID Injector to show you how to create malicious HID devices.

Hello there! Finally, I had some spare time to Weaponize a new Mouse, in order to show you how easy is possible to create malicious HID devices.

Materials Needed:

WHID Injector [x1]

Mini USB HUB [x1]

Wired USB Mouse [1]

Soldering Kit (Iron, Flux, etc.)

Wires

Rubber Tape

Bit of Hot Glue

First of all let’s start ripping a part one mini USB HUB.

Usually, I do use one of these two:

For this project, I have used the first one, since was cheaper and already available in my lab.



Afterward, we will have to solder the wires to the WHID Injector as explained in its Wiki. Next step is to desolder all those wires while keeping notes of its pinouts (i.e. GND, D+, D-, Vcc) since we will have to match the USB pinouts with the WHID Injector.Afterward, we will have to solder the wires to the WHID Injector as explained in its

At this point, we need to solder back the wires in the USB HUB and connect WHID_Injector to it.

In my case the colors were:

Here below how it looks like once everything is assembled:

Now the tricky part is to put everything back into the plastic case… and voila’ the final result!

Now we test if everything works properly and start thinking of which payloads we can deploy, on-demand and remotely, into the targeted machines. ?

Here below I recorded a couple of PoCs about some useful payloads I was using during engagements. Enjoy! You will see how WHID can easily help pen testers to exfiltrate domain credentials with both Phishing Technique and Mimikatz (FUDed) In-Memory.



https://github.com/whid-injector/WHID/tree/master/payloads P.S. These payloads are available at:

Share this...

Linkedin Reddit Pinterest

Share On