This project demonstrates a USB-based data exfiltration technique for educational purposes. It highlights potential cybersecurity risks associated with USB drives, specifically focusing on sensitive document discovery, copying, and exfiltration to a remote server.
Disclaimer: This project is strictly for educational use in controlled environments to enhance cybersecurity awareness and improve defenses. Unauthorized or unethical use of this tool is illegal.
- Automatic Execution: The
initial.batfile automates the entire process, requiring no manual setup or external installations. - Document Discovery: Searches for
.docx,.pdf, and.xlsxfiles on the target system. (We can add any extension for file extraction) - Secure Remote Transfer: Exfiltrates files to a remote server via SSH using obfuscated credentials.
- USB Auto-Detection: Detects the insertion of a specific USB drive with the
scripts999folder. - Temporary Workspace: Copies scripts to a temporary folder on the target system for execution.
This tool serves as a learning aid for:
- Cybersecurity Training: Teaching professionals about USB-based attack vectors.
- Security Testing: Evaluating endpoint protection, antivirus, and EDR systems.
- Research: Understanding vulnerabilities in physical media.
No prerequisites are needed. Simply run the initial.bat file located in the USB drive. We ran this file using autorun. You need to figure it out yourself.
Also Update the credentials of your server in send_files_to_server.py file. You can use any cloud machine or your own self hosted machine.
The scripts999 folder acts as the unique identifier for the USB drive. The initial.bat file uses this folder to:
- Detect the correct USB drive during insertion.
- Copy required scripts (
file_lookup.py,send_files_to_server.py, andmain.bat) to the local system. - Ensure proper functioning of the project by maintaining consistency in file locations.
Note: If the folder is missing or renamed, the script will fail to detect the USB drive. Also you can rename it to any string, just change it in initial.bat
-
Prepare the USB Drive:
- Copy the
initial.batfile and thescripts999folder (containing the necessary Python scripts) to the root directory of the USB drive. - Ensure the USB drive is formatted as FAT32 for compatibility.
- Copy the
-
Run the
initial.batFile:- Insert the USB drive into the target system.
- If autorun is present it will execute the initial.bat file or else you have to click it yourself.
- Administrator Privilege Check: Ensures the script runs with elevated privileges.
- USB Drive Detection: Locates the USB drive using the presence of the
scripts999folder. - Script Copying: Copies all necessary scripts from the USB drive to a temporary folder (
TempFiles) on the target system. (This step is done so that in case someone plugs out the usb our system still works) - Execution: Executes the main script (
main.bat) to initiate the file discovery and exfiltration process.
- Deploy the tool on a virtual machine with sample sensitive documents.
- Insert the USB drive and run the
initial.batfile. - Observe the automated workflow:
- Discovery of sensitive files.
- Secure transfer of files to the remote server.
- Cleanup of temporary files after execution.
- File Discovery and Exfiltration: Identifies and transfers sensitive files from the target system.
- Automated Execution: Eliminates manual setup requirements.
- Obfuscation: Uses Base64 encoding for sensitive data to bypass basic security checks.
- Robust Cleanup: Ensures no traces remain after execution.
- Make Python script that work with linux and mac.
- Replace bat scripts with sh to make it working in linux.
- Implement file obfuscation for data exfiltration.
This project is intended solely for educational purposes. Unethical use, such as unauthorized access or data exfiltration, is strictly prohibited and punishable by law.
For additional queries, feel free to contact the collaborators.