Kautilya – Human Interface Device Hacking Toolkit

Use Netsparker


Kautilya is a human interface device hacking toolkit which provides various payloads for HIDs which may help with breaking into a computer during penetration tests.

Kautilya – Human Interface Device Hacking Toolkit

The Windows payloads and modules are written mostly in powershell (in combination with native commands) and are tested on Windows 7 and Windows 8. In principal Kautilya should work with any HID capable of acting as a keyboard. Kautilya has been tested on Teensy++ 2.0 and Teensy 3.0 from pjrc.com.

Payloads Available

Windows

  • Gather
    • Gather Information
    • Hashdump and Exfiltrate
    • Keylog and Exfiltrate
    • Sniffer
    • WLAN keys dump
    • Get Target Credentials
    • Dump LSA Secrets
    • Dump passwords in plain
    • Copy SAM
    • Dump Process Memory
    • Dump Windows Vault Credentials
  • Execute
    • Download and Execute
    • Connect to Hotspot and Execute code
    • Code Execution using Powershell
    • Code Execution using DNS TXT queries
    • Download and Execute PowerShell Script
    • Execute ShellCode
    • Reverse TCP Shell
  • Backdoor
    • Sethc and Utilman backdoor
    • Time based payload execution
    • HTTP backdoor
    • DNS TXT Backdoor
    • Wireless Rogue AP
    • Tracking Target Connectivity
    • Gupt Backdoor
  • Escalate
    • Remove Update
    • Forceful Browsing
  • Manage
    • Add an admin user
    • Change the default DNS server
    • Edit the hosts file
    • Add a user and Enable RDP
    • Add a user and Enable Telnet
    • Add a user and Enable Powershell Remoting
  • Drop Files
    • Drop a MS Word File
    • Drop a MS Excel File
    • Drop a CHM (Compiled HTML Help) file
    • Drop a Shortcut (.LNK) file
    • Drop a JAR file

Misc

  • Browse and Accept Java Signed Applet
  • Speak on Target

Linux

  • Download and Execute
  • Reverse Shells using built in tools
  • Code Execution
  • DNS TXT Code Execution
  • Perl reverse shell (MSF)

OSX

  • Download and Execute
  • DNS TXT Code Execution
  • Perl Reverse Shell (MSF)
  • Ruby Reverse Shell (MSF)

Usage

Run kautilya.rb and follow the menus. Kautilya asks for your inputs for various options. The generated payload is copied to the output directory of Kautilya.

The generated payload is an arduino sketch, ready to be used with Arduino IDE. Burn it to Human Interface Device of your choice and have fun!

You can download Kautilya here:

Kautilya-v0.5.5.zip

Or read more here.

Posted in: Hacking Tools, Hardware Hacking


Latest Posts:


StaCoAn - Mobile App Static Analysis Tool StaCoAn – Mobile App Static Analysis Tool
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.
snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.


Comments are closed.