Exploiting Vulnerabilities using Keystroke Injections

Abstract: In this paper, we discuss the development and implementation of a malicious and non-malicious payload delivery system using the Digispark microcontroller. Our system leverages extremely fast, automated keystroke injections to deliver a variety of payloads. We demonstrate how these injections enable the execution of a reverse PowerShell shell, establishing a remote connection for command execution. Additionally, we present a payload that stealthily retrieves Wi-Fi credentials, creates a backdoor for persistent access, and escalates privileges to gain full control of the target system. Our approach optimizes keystroke injection for speed, bypassing traditional security measures by simulating human input, thereby minimizing detection. We also explore ethical applications, such as penetration testing, and highlight the dual-use nature of the Digispark-based delivery system. Through this work, we contribute novel methods of leveraging the Digispark microcontroller for both malicious and ethical purposes, advancing the understanding of microcontroller-based payload delivery in cybersecurity. Index Terms: Digispark, keystroke injection, reverse PowerShell shell, Wi-Fi password theft, backdoor, privilege escalation, payload delivery, cybersecurity.