Attify Store

WHID - An USB Rubberducky
WHID - An USB RubberduckyWHID - An USB RubberduckyWHID - An USB RubberduckyWHID - An USB RubberduckyWHID - An USB Rubberducky
$20.00
  • Bad USB on Steroids

  • Multiplatform (Win, *nix, OSX)

  • Changeable VID/PID

  • Has WiFi

  • PRODUCT OVERVIEW
  • PIN LAYOUT
  • USE CASES
  • VIDEOS

WHID - The WiFi HID Injector


WHID is a WiFi remotely-controlled {Keyboard, Mouse} Emulator. Practically, it is an USB Rubberducky or BadUSB device on Steroids! 


It is a small USB evil device which offers: a Wireless access point for the configuration and exfiltration of data, an HID device simulating a keyboard and a serial port.


 A reliable piece of hardware designed to fulfill Red-Teamers & Pentesters needs related to HID Attacks, during their engagements. 


This device allows keystrokes to be sent via WiFi to a target machine. The target recognizes the Ducky as both a standard HID keyboard and a serial port, allows interactive commands and scripts to be executed on the target remotely.


Github: https://github.com/whid-injector/WHID



In order to make easier the process of weaponizing USB gadgets, you can solder the USB wires to the dedicated pinouts. 
The pin closer to USB-A is GND. 
The pins are: 
GND 
D+ 
D- 
VCC


You could use the WHID to:

  • Classic: Remote Keystrokes Injection Over WiFi

    Deploy WHID on Victim's machine and remotely control it by accessing its WiFi AP SSID. (eventually you can also setup WHID to connect to an existing WiFi network)

    https://raw.githubusercontent.com/whid-injector/WHID/master/tools/images/WHID_GUI.png

  • Social Engineering: Deploy WHID inside an USB gadget

    The main idea behind it is to test for Social Engineering weaknesses within your target organization (e.g. DLP policy violations) and to bypass physical access restrictions to Target's device. Create a fancy brochure (sample template https://github.com/whid-injector/WHID/tree/master/tools/Social_Engineering_Lures ) attached with a weaponized USB gadget and then use a common delivery carrier.

  • How to bring HID Attacks to the Next Level

    https://hackinparis.com/data/slides/2018/talks/HIP2018_Luca_Bongiorni_How_To_Bring_HID_Attacks_To_The_Next_Level.pdf