ONION: gr3y-hat.onion
Back to Home

BadUSB

Arduino-Based HID Keyboard Attack

? What is BadUSB?

To create a true BadUSB (HID keyboard attack) using the Social-Engineer Toolkit (SET), the process focuses on generating "keystroke payloads" rather than infected files.

This requires a specific microcontroller (like an Arduino or Teensy) that can emulate a keyboard.

Hardware You Need:

  • Arduino Leonardo or Arduino Micro
  • Teensy 3.2 (recommended for smaller size)
  • USB Cable to connect to your computer for programming

P Preparation

Before you start, prepare these tools:

  • Open your O.S (Operating System - Parrot OS recommended)
  • Fire up your VPN or Anonsurf for anonymity
  • Spin up your VPS (Virtual Private Server for hosting)
  • Arduino IDE installed on your computer
  • SEToolkit installed (official repo)
1

Launch SET and Select the Attack Vector

Open your terminal and type:

sudo setoolkit

Then follow this path:

Option 1: Social-Engineering Attacks

→ Option 6: Arduino-Based Attack Vector

2

Choose the Payload Type

SET will offer several ways to compromise the system via "typing."

Common Choice: Option 1 (Windows Shellcode/Meterpreter)

This tells SET to generate a script that will automatically open a command prompt on the target machine and type out a command to download and execute your malware.

3

Configure the Reverse Shell (LHOST/LPORT)

LHOST (IP Address):

Enter your VPS IP so the computer knows where to "call home."

LPORT (Port):

Use 443 (HTTPS) to help bypass firewalls.

4

Generate the "Sketch" Code

SET will now generate a block of C++ code (called a "sketch").

What This Means:

This code is NOT a file you copy to a drive; it is the instructions that tell the USB hardware exactly what keys to press (e.g., Press Windows+R, type 'cmd', press Enter...).

5

Program the Hardware

Step A: Open the Arduino IDE

→ Copy the code SET generated into the Arduino programming software

Step B: Connect the Device

→ Plug in your specialized USB hardware (Teensy 3.2, Arduino Leonardo, etc.)

Step C: Set Board Type

→ In the IDE, select the specific board you are using

Step D: Upload

→ Click the "Upload" button

This flashes the code directly onto the USB's firmware

How It Works (In Action)

When you plug the BadUSB into a victim's computer:

  1. 1. The computer sees it as a keyboard, not a USB drive
  2. 2. It automatically "types" commands at superhuman speed
  3. 3. Opens Command Prompt → Downloads your payload → Executes it
  4. 4. You get a reverse shell connection back to your VPS

Quick Summary

LHOST: Your VPS IP Address
LPORT: 443
Payload: Windows Shellcode/Meterpreter
Hardware: Arduino/Teensy

DISCLAIMER

This information is for educational purposes only. Unauthorized access to computer systems is illegal.