Android_Hid : Use Android As Rubber Ducky Against Another Android Device

Android_Hid is a tool used by android as Rubber Ducky against targeted Android device or PC.

HID Attack Using Android

Using Android as Rubber Ducky against Android or Windows. This is not a new technique, just a demo how to perform HID attack using Android instead of rubber ducky. For targeted Android device it is not necessary to be rooted, have ADB/USB debugging enabled and device authorized, since attacker’s smartphone behaves as connected keyboard.

hid_attack – script contains customized commands that are executed (typed) against targeted Android device hid_pc – script contains customized commands that are executed (typed) against targeted Windows 10

How to prevent this happening on Android?

  • charge you smartphone using you own adapter
  • use none trivial PIN or password lockscreen protection
  • use mobile security software that will detect and prevent from launching payloads

How to prevent this happening on PC?

  • Don’t let anyone charge their smartphones in your PC
  • Use security software that will detect Metasploit payload
  • USB condom should help

PoC

Prerequisites

  • rooted Android with HID kernel support (e.g. NetHunter ROM)
  • OTG cable

Script Info

This is custom script, which might not work on your testing case scenario. Because of that, you must play around with pressed keys that are sent to targeted device. Website with my testing payload is not active anymore. List of all possible keys can be found on the link below.

Execute Command

bash hid_attack bash hid_pc

How to flash custom ROM with HID support?

https://github.com/pelya/android-keyboard-gadget

Brute-force pin using Android as HID

https://github.com/urbanadventurer/Android-PIN-Bruteforce

List of all keys

https://github.com/anbud/DroidDucky/blob/master/droidducky.sh

R K

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

6 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

6 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

7 days ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

7 days ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

7 days ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago