Hello readers! Today, we will be going over using MouseJack and Jackit to inject keystrokes to compromise a Windows workstation. First, this has been covered before, but I feel like…

Hello readers!

Today, we will be going over using MouseJack and Jackit to inject keystrokes to compromise a Windows workstation.

First, this has been covered before, but I feel like it hasn’t gotten the attention it deserves so decided to do my own PoC and show it off. Also, I do not condone hacking anything that isn’t yours without permission from the owner. BE ETHICAL!

Great work from Bastille. You can see more about MouseJack here: https://www.mousejack.com/ and see the known affected devices here: https://www.bastille.net/research/vulnerabilities/mousejack/affected-devices

Also, great work from Insecurity of things to build on this and creating Jackit.

tl;dr You can insert keystrokes into someone else’s wireless keyboard so that it types into their computer. Using this, you can take over their PC.

Alright, now that we’ve given credit where credit is due, here is a PoC.

 

Attack Machine:

Kali Linux x64

Crazyradio PA

Victim Machine:

Windows 7 x64

Logitech K400r

Download MouseJack

git clone https://github.com/BastilleResearch/mousejack

Install Dependencies

apt-get install sdcc binutils python python-pip

pip install -U pip

pip install -U -I pyusb

pip install -U platformio

Update submodule

Make sure you’re in the mousejack directory.

git submodule init

git submodule update

At this point, make sure your Crazyradio PA is plugged in.

MAKE

Navigate to the nrf-research-firmware directory.

make

Write firmware onto the Crazyradio PA

make install

Unplug the Crazyradio PA dongle

Plug Crazyradio PA dongle back in

Download Jackit

git clone https://github.com/insecurityofthings/jackit.git

Install Prerequisites

Navigate to the jackit directory.

pip install -e .

 

Here’s where you would scan and run a duckyscript (Hak5 – used for rubbyduckies).

This is the script I use:

The command you would run is:

jackit –script test

You’ll then CTRL+C when you’ve seen your keyboard. Then you can select which keyboard you want to attack.

 

Whew. So what do you guys think? Still going to use wireless keyboards? I’m not 100% on the range, but let’s just say I don’t have to sit next to you for it to work. When I did the scanning at work, I was getting everyone’s keyboard on the list 🙂

In this example, I only wrote to a notepad. But we could use this to connect back to Metasploit and get more pwnage or anything you’d like. Just look at this wiki: https://github.com/insecurityofthings/jackit/wiki

Tell me what you think!

Ask questions if you’d like 🙂

 

 

Ashton-Drake, aka GameOfPWNZ, is an information security professional and enthusiast He is the owner of this blog.

2 Comments

Leave a Reply