Flashsploit - Exploitation Framework For Attiny85 Based Hid Attacks


Flashsploit is an Exploitation Framework for Attacks using ATtiny85 HID Devices such equally Digispark USB Development Board, flashsploit generates Arduino IDE Compatible (.ino) Scripts based on User Input together with thence Starts a Listener inwards Metasploit-Framework if Required past times the Script, inwards Summary : Automatic Script Generation amongst Automated msfconsole.


Features
  • TODO : Add Linux together with OSX Scripts

Windows

Data Exfiltration
  • Extract all WiFi Passwords together with Uploads an XML to SFTP Server:

  • Extract Network Configuration Information of Target System together with Uploads to SFTP Server:

  • Extract Passwords together with Other Critical Information using Mimikatz together with Uploads to SFTP Server:

Reverse Shells
  • Get Reverse Shell past times Abusing Microsoft HTML Apps (mshta):

  • Get Reverse Shell past times Abusing Certification Authority Utility (certutil)
  • Get Reverse Shell past times Abusing Windows Script Host (csript)
  • Get Reverse Shell past times Abusing Windows Installer (msiexec)
  • Get Reverse Shell past times Abusing Microsoft Register Server Utility (regsvr32)

Miscellaneous
  • Change Wallpaper of Target Machine:

  • Make Windows Unresponsive using a .bat Script (100% CPU together with RAM usage)

  • Drop together with Execute a File of your Choice, a ransomware maybe? ;)
  • Disable Windows Defender Service on Target Machine

Tested on
  • Kali Linux 2019.2
  • BlackArch Linux

Dependencies
Flashsploit Depends upon four Packages which are Generally Pre-installed inwards Major Pentest OS :
  • Metasploit-Framework
  • Python 3
  • SFTP
  • PHP
If y'all intend I should notwithstanding brand an Install Script, Open an issue.

Usage
git clone https://github.com/thewhiteh4t/flashsploit.git  cd flashsploit python3 flashsploit.py