insecurityofthings / jackit

JackIt - Exploit Code for Mousejack
811 stars 145 forks source link

JackIt

_Do you like JackIt but don't want to carry around a laptop? Check this out._

What

This is a partial implementation of Bastille's MouseJack exploit. See mousejack.com for more details. Full credit goes to Bastille's team for discovering this issue and writing the libraries to work with the CrazyRadio PA dongle. Also, thanks to Samy Kamkar for KeySweeper, to Thorsten Schroeder and Max Moser for their work on KeyKeriki and to Travis Goodspeed. We stand on the shoulders of giants.

We have successfully tested with the following hardware:

Known to not work with:

Tested on Windows 7/8.1/10 and macOS 10.11/10.12. Not tested against Linux. Let us know if it works or doesn't work on your device.

Note: JackIt may not work if you have applied the Logitech firmware update or KB3152550.

Why

We work in the security industry and often it is necessary to demonstrate risk in order to create action. Unfortunately, these kinds of issues don't show up on Nessus scans, so we wrote an exploit. Please use this code responsibly.

How

To use these scripts, you will need a CrazyRadio PA adapter from Seeed Studio. You will also need to flash the firmware of the adapter using Bastille's MouseJack research tools. Please follow their instructions for updating the firmware before continuing.

After installing the firmware, you can install JackIt via:

git clone https://github.com/insecurityofthings/jackit.git
cd jackit
pip install -e .

Once your CrazyRadio PA is ready, you can launch JackIt via:

sudo jackit

Let the script run and detect the nearby devices, then press Ctrl-C to start your attack. The workflow is similar to Wifite. By default, it will only monitor for devices. If you would like to inject, specify a Duckyscript payload file using --script. The payload should be in plain text, not compiled using the Duckyscript encoder.

If you have no idea what Duckyscript is, see the Hak5 USB Rubber Ducky Wiki.

For practical usage instructions and gotchas, check on the Wiki page.

Who

This implementation was written by phikshun and infamy. Our code is all BSD license. All the files in the lib directory were written by Bastille's research team and are GPLv3 license.