1

Project Title: "A Dual Perspective on USB Attack and Defense"

Student Names: Arham and Muhammad Sohaib

Class/Section: Navttc DF & CS

 2

Contents:
Introduction:------------------------------------------------------------------------------------- 3
Project Description:--------------------------------------------------------------------------- 4
Methodology:------------------------------------------------------------------------------------ 5
Attack Side:--------------------------------------------------------------------------------------- 6
Defense & Prevention:----------------------------------------------------------------------- 9
Results:--------------------------------------------------------------------------------------------12
Discussion:---------------------------------------------------------------------------------------12
Conclusion:-------------------------------------------------------------------------------------- 12
Recommendations:-------------------------------------------------------------------------- 13
References:--------------------------------------------------------------------------------------13
 3

Introduction:

- Disclaimer:
This is just an awareness for not to insert a random USB you found
anywhere because you don’t know the power of how far it can harm you.
This is for educational purposes only so don’t try to harm anyone or use it
for illegal purposes.

- Purpose and Objectives:

The purpose of this project is to explore the intricacies of USB-based cyber

threats and defenses. Our objectives include understanding the methods
and vulnerabilities associated with USB attacks and devising effective
countermeasures to protect against them.

- Project Context:

In an increasingly digital world, USB devices are ubiquitous, and they pose
a significant security risk. Understanding both the offensive and defensive
aspects of USB security is essential in safeguarding critical systems and
data.
 4

Project Description:
- Project Overview:

Now it's time how we get the files, should we install a backdoor in the
machine? or get a remote desktop connection, anything else. So, we plan
something else. We decided to setup an FTP server then when we enter
our BAD_USB it will go and access our FTP server through that machine,
copy all files we need from that machine to the FTP server then remove all
traces that nothing happened.

(Note: If you don’t know what FTP is, it is a File Transfer Protocol, and to
set this up and know more about it, the internet is the best place you can
learn.)

- Scope:

The scope of the project includes a USB attack which will Dump Juicy files
from the system, and propose practical defenses against it.
 5

Methodology:
- Approach:

Our project employs a combination of research, experimentation, and the

implementation of security measures. It combines theoretical knowledge
with practical testing to achieve the desired outcomes.

- Tools and Techniques:

Now begin with our project, so it was simple to enter a USB in any
machine then get important files such as SAM, browser password
manager files etc. you want. But the real catch is here if you enter any USB
in any machine it would not allow all this to happen anyway because
antivirus or windows defender can stop it but. So, we want something
which will enter but not as USB but a HID (Human Interference Devices)
such as Keyboard or a Mouse.

For this purpose, we can use many things such as USB Rubber Ducky from
HAK 5, raspberry pi, ATtiny85 etc. So, we choose ATtiny85(Digispark) for
this HID attack, (as it has very little storage, but it was perfect for us and it
just cost under PKR.1000/-.) so it would enter a system and act as a
Keyboard and can do whatever a keyboard can do. To set this up you can
find many detailed tutorials all over the internet.
 6

Attack Side:
Step #1:

Start the FTP (File Transfer Protocol) Server which we have hosted upon
Kali Linux Virtual Machine. For setting up a FTP server we are using the
service “vsftpd”.
 7

Step #2:

Now we insert our BAD_USB which will run the command to open the
power shell and then hide it (means powershell will be running in the
background) . I have a video mentioned in references down below which
shows what happens when you insert a USB.
 8

Step #3:

During command execution you cannot see anything happening on screen

but when the commands are executed you can see on kali desktop(which
is our ftp server) we have received files.zip which contain all the juicy files
we needed.
 9

Defense & Prevention:

- Technique #1:

First and foremost, the thing you have to defend against this attack is to
never leave your PC unlocked, always lock your PC while leaving and
should be Administrator password protected.

- Technique #2:

Another thing is that mainly these types of attacks require administrator

permission; so, your local user should not be administrator, because the
SAM file cannot be copied until you grant Administrator permission. And if
our local user is administrator user then it will not ask for password
whether you have set any password or not. But we can also do some
settings in Registry Editor1 to make local users (also the administrator)
password protected for administrator permission. As I have shown below:

Step #1: Open windows registry editor

1
The Windows Registry is a hierarchical database that stores low-level settings for the
Microsoft Windows operating system and for applications that opt to use the registry
 10

Step #2: Go to this path

(Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Poli
cies\System) and select “ConsentPromptBehaviorAdmin”

Step #3: Change the “Value Data” from value from 5 to 1.

 11

- Technique #3:

But still you are not safe because chrome password manager files can be
copied without an administrator permission. For that we can Lock the USB
ports by a third party software but it makes it really inconvenient for you
to use your PC. So, my recommendation is to follow technique 1 & 2.
 12

Results:
- Key Results: The project has yielded valuable insights into the
vulnerabilities of USB devices and the successful implementation of
security measures to defend against common USB-based attacks.

Discussion:
- Implications: The findings of this project have significant implications for
cybersecurity in a world where USB devices play a crucial role.
Understanding these implications is vital for securing sensitive data and
systems.

- Impact and Significance: This project's impact lies in its contribution to

the broader field of cybersecurity by addressing USB-related threats and
defenses.

Conclusion:
- Summary: In conclusion, this project provides a comprehensive
overview of USB-based cyber threats and corresponding defense
strategies.

In our case we copy the SAM file which includes machine user credentials,
“Login Data” and “Local State” files which have Google Chrome password
manager and all username and their passwords stored in chrome.
Although these files are encrypted, decrypting them isn’t that difficult. And
It includes all credentials you save on google chrome password manager,
also the windows users and passwords.

To defend against these attacks, we can go for making the PC's local user
administrator password protected and make sure to lock our PC while
leaving it.
 13

Recommendations:
- Suggestions: Based on the findings, we recommend implementing
robust security policies, regularly updating antivirus software, and
employing endpoint security measures to protect against USB threats.

References:
- Here is the link to code:
https://github.com/arhamujeeb/digispark-BAD_USB-ftp , which we use in
our Digispark Arduino development board.

- Video link to see what is happen when you insert an usb: