20 lines
928 B
Markdown
20 lines
928 B
Markdown
# USB Keystrokes
|
|
|
|
If you have a pcap containing the communication via USB of a keyboard like the following one:
|
|
|
|
.png>)
|
|
|
|
You can use the tool [**ctf-usb-keyboard-parser**](https://github.com/carlospolop-forks/ctf-usb-keyboard-parser) to get what was written in the communication:
|
|
|
|
```bash
|
|
tshark -r ./usb.pcap -Y 'usb.capdata && usb.data_len == 8' -T fields -e usb.capdata | sed 's/../:&/g2' > keystrokes.txt
|
|
python3 usbkeyboard.py ./keystrokes.txt
|
|
```
|
|
|
|
|
|
|
|
You can read more information and find some scripts about how to analyse this in:
|
|
|
|
* [https://medium.com/@ali.bawazeeer/kaizen-ctf-2018-reverse-engineer-usb-keystrok-from-pcap-file-2412351679f4](https://medium.com/@ali.bawazeeer/kaizen-ctf-2018-reverse-engineer-usb-keystrok-from-pcap-file-2412351679f4)
|
|
* [https://github.com/tanc7/HacktheBox_Deadly_Arthropod_Writeup](https://github.com/tanc7/HacktheBox_Deadly_Arthropod_Writeup)
|