Jump to content

Found a usb payload


Garet
 Share

Recommended Posts

Hello all,

I work IT for a school district and one of my staff found this on the ground outside. Luckily I got to them before they had plugged it into anything. I have a test VM bench that I plugged this device into (not connected to inet) and it appears to run a script of some kind. I've never seen a usb payload quite like this one. Doesn't appear to have an SD card like the rubber duck. Do any of you know what type of usb payload this is and how I might find out what is on it ? It only appears to have a switch on it. 

 

https://ibb.co/kXrXHXB
https://ibb.co/pzWF5RT

 

 

Link to comment
Share on other sites

Manufacturer documentation codes seems to be written on one side of the logic board. Try typing those into google, you just might get the description of the hardware. If you work in a school (at least that's what I understood) i suspect one of the kids figured out it would be nice to have a keylogger on teacher's laptop. Let us know if you find anything interesting 

Link to comment
Share on other sites

On 4/27/2019 at 11:17 AM, barry99705 said:

You really expect people to click on those links?  That's funny.

Sorry no where to attach the pic on here that I could see

 

On 4/28/2019 at 7:49 AM, e1337r0x0r said:

Looks like the Malduino lite 

 

Thank you. I will look into this a bit more. Thank you for taking the time to respond with the video. 

Link to comment
Share on other sites

So e1337r0x0r you were spot on with it being a malduino lite, however doesn't seem to behave like the usb rubber duck that i have. No SD card, further read of the website indicates scripts are saved on the onboard 32kb chip. Do you guys think there is any way to read what's on it ? Or are we SOL. 

Link to comment
Share on other sites

2 hours ago, Garet said:

So e1337r0x0r you were spot on with it being a malduino lite, however doesn't seem to behave like the usb rubber duck that i have. No SD card, further read of the website indicates scripts are saved on the onboard 32kb chip. Do you guys think there is any way to read what's on it ? Or are we SOL. 

https://forum.arduino.cc/index.php?topic=403201.0

Doubtful.  They'll compiled, so not human readable anymore.  What about just plugging it into a disposable laptop?

Link to comment
Share on other sites

@Garet Probably the best you can do is get the hex from it.  Just depends what programming software was used to upload originally.  

On 4/29/2019 at 3:05 PM, barry99705 said:

What about just plugging it into a disposable laptop?

I would give this a try as well.  Or any isolated system really.

Link to comment
Share on other sites

  • 2 weeks later...

Did that. Nothing of any consequence.. Looked as though an attempt was made to run a script from an external website as that was the only line that happened in command prompt. Accessing the link yielded no results. Second line appears it was going to copy a file locally to a directory that regular users don't have access over so they would've needed either my or one of the other admin accounts credentials. Anways thank you everyone for the responses it is much appreciated. 

Link to comment
Share on other sites

  • 5 months later...
On 4/29/2019 at 6:04 PM, Garet said:

Sorry no where to attach the pic on here that I could see

 

Thank you. I will look into this a bit more. Thank you for taking the time to respond with the video. 

Great video and Great products. Easy to setup and easily deployable, just one minor bugbear, it stands out like a soar thumb.......as it doesn't come with a protective case (either of them). Apart from that you can run most scripts and can grab data in literally seconds. So, even without the case (mentioned to the chap who does this) it is still a good piece to have in your field kit IMO 😎

Link to comment
Share on other sites

On 11/1/2019 at 1:01 AM, Cap_Sig said:

I think there are some 3D printable cases around the web.  Worth a search if you have access to a 3D printer.

Yes buddy, checked them out, but one thing prevents me from doing that.........I don't have a 3D printer (yet). 😜

Never managed to work out which one was worth purchasing 🤓

As always, thank you for your response, which at least by me are all greatly appreciated😎

Link to comment
Share on other sites

1 hour ago, INFOTRACE said:

Never managed to work out which one was worth purchasing 🤓

Understandable.  There are so many options in the market now it's hard to decide.  Especially if you are new to it all.  If you do make the jump and get one my advice is start with a must have features list to help narrow down the search.  All printers have good and bad reviews but that doesn't always reflect the quality of the printer. 

Link to comment
Share on other sites

On 11/3/2019 at 11:58 AM, Cap_Sig said:

Understandable.  There are so many options in the market now it's hard to decide.  Especially if you are new to it all.  If you do make the jump and get one my advice is start with a must have features list to help narrow down the search.  All printers have good and bad reviews but that doesn't always reflect the quality of the printer. 

Thanks fella........great advice as always....😎

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...