Disclaimer: All information provided are for educational purposes only. The information related to ethical hacking and information security found on this page are not meant to be used maliciously/illegally and the author is not responsible for any misuse of the provided information.
These are some EvilUSB Sticks…
What is EvilUSB?
EvilUSB is a pentesting USB Device that is recognized by the target Computer as a regular USB Flash Drive. This innocent-looking Social Engineering device can be placed at anyone’s desk/mailbox, and as soon as they get hold of it and plug it into their Computer, just like any average user, they would attempt to browse the USB Flash Drive and take look at the contents of the Drive. From there on, they’re just a click away from getting infected.
How does it work?
Each EvilUSB comes with the following files:
EvilUSB (D:) |-- % [H] | |-- evil.bat || .exe [H] +-- New folder.lnk
%: Invisible (U+180E) Space Charcater
With the % Folder being [H]idden, it will not be visible in Windows explorer by default. That means, the only file visible to the user will be the Shortcut
New folder.lnk, which is linked to the malicious file,
/%/evil.bat || .exe.
New folder.lnk will have gotten the Icon of a Folder, hence the name of the Shortcut file. That makes the “New folder” look identical to an actual, real folder. So, as soon as the target attempts to open the “folder”, he will have basically run the Shortcut file, which is linked to the malicious file,
evil.bat, and from there on he’s infected.
Disguising the Attack
As soon as the user opens the “folder”, he will notice that no folder has been opened. This is a factor that would increase the suspiciousness of EvilUSB. For that reason, in the very first lines of the malicious evil.bat File, it would be a good idea to include the following lines:
@echo off mkdir ../New folder&cd ../New folder&start .
The purpose of the above lines is to make the Attack less suspicious. For that matter, below is the explanation of the above batch code:
&: Command seperator that allows next command to be executed regardless of the previous command-execution’s success/failure
@echo off: Disable output
mkdir ../New folder: Create new folder in root directory of the Drive (D:/) called “New folder”
cd ../New folder: Change directory to the newly created folder
start .: Open the newly created folder
Can this be achieved with the use of any USB Flash Drive?
Should you use your pre-owned USB Flash Drives for this Attack?
Definitely not. Considering you’ll be sacrificing your USB Flash Drive, it is not a good idea to waste tens of dollars per attack. If you don’t want to risk losing your USB Stick and would attempt to get the USB Flash Drive back from your target Victim, you are putting your anonymity in risk and the chances of you getting caught are just as high.
So, what should I do if I want to perform this attack “for educational purposes”?
Since this Social Engineering attack does not require a USB Flash Drive with over 64MB Capacity Storage, it is recommended that you order a couple of some cheap 64MB USB Flash Drives.
EvilUSB was created by @0xCoto.