This One Time on a Pen Test: Your Mouse Is My Keyboard

This One Time on a Pen Test: Your Mouse Is My Keyboard

Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2019 Under the Hoodie report.


In one engagement, we were tasked with compromising the internal network of a facility that was used for medical trials and had a laboratory where they worked on the pharmaceuticals used for their testing. The first leg of the engagement was a physical and social engineering test, and while the lab site was intended to be a highly secure physical location, we were able to sneak in by tailgating, quickly diving into open doors, etc. We made short work of the internal network once we had physical access to the datacenter, so, after consulting with our point of contact, we decided to try our hand at getting in remotely without physical access.


There is this tool we like to use called the Crazyradio PA, which is a small software-defined radio (SDR). Combining that with an open source implementation of the MouseJack vulnerability described by Bastille Security, we could perform some pretty cool attacks against wireless keyboards and mice. First disclosed in 2016, the MouseJack vulnerability is still a fairly common issue affecting a wide range of non-Bluetooth wireless keyboards and mice.


Armed with this technique, software, and hardware, we figured if we could get within range of a vulnerable device, we could inject keystrokes, or ..

Support the originator by clicking the read the rest link below.