For a while now security researchers have been using the Teensy for HID attacks. Which really is the way to go if that’s all you want to do. However, if you are like me you want to do other things as well you need something bigger. Enter the Arduino Leonardo, this Arduino board supports emulating a HID (Human Interface Device) out of the box. It’s not tiny like the Teensy but it is only 2.7” x 2.1” in size which is still small. It would be very easy to just leave the Leonardo in a backpack and just run the USB cable to the victim device, especially since the whole attack takes about 5 seconds.
Here is the attack in action via screen recording.
In the first part of the video I show what users are on the system. Then the device is plugged in and the attack launches. The Leonardo starts to emulate a keyboard by activating the windows key and then types in cmd.exe. Next it uses the keyboard shortcut for run as admin (ctrl+shift). Then the Leonardo hits tab 3 times to select OK on the UAC protection and hits enter. Finally, an administrator command prompt is open and the Leonardo types out the commands to add user and adds the user to the local administrators group and closes the prompt. The nice part about this is since you write the program there are no typing errors and it types about a hundred times faster than you do.