Simple OMG Cable
OMG Cable, This device is capable of emulating various types of USB peripherals, including keyboards, network adapters, and storage devices. Its versatility makes it an invaluable asset for ethical hackers and cybersecurity professionals seeking to simulate real-world attacks and test the security of systems. Let’s delve into the details of the OMG Cable and explore its capabilities and uses.
Custom build your OMG Cable with 4 easy steps:
1: Choose a tier:
| O.MG Cable Tier | Basic (Gen 1) | Elite (Gen 3) | ||||
|---|---|---|---|---|---|---|
| Keystroke Injection (DuckyScript™) | ✔ | ✔ | ||||
| Mouse Injection | ✔ | ✔ | ||||
| Payload Slots | 8 | 50-200 | ||||
| Max Payload Speed | 120 keys/sec | 890 keys/sec | ||||
| Self-Destruct | ✔ | ✔ | ||||
| Geo-Fencing | ✔ | ✔ | ||||
| WiFi Triggers | ✔ | ✔ | ||||
| FullSpeed USB Hardware Keylogger | ✔ | |||||
| HIDX StealthLink | ✔ | |||||
| Encrypted Network C2 | ✔ | |||||
| Extended WiFi range | ✔ | |||||
| Stealth-Optimized Power Draw | ✔ | |||||
2: Choose an active end:
- USB-A: payloads deliver from the USB-A connector. Available with C, Micro, or Lightning passive ends.
- USB-C: payloads deliver from the USB-C connector. Available with Micro or Lightning passive ends.
- Directional C to C: This cable changes behavior depending on what direction you connect it, unlike a normal C to C cable. Connect the active end to a USB host, it behaves like a normal USB 2.0 cable & transmits payloads out the active end. Or connect just the active end to a mobile device for mobile payload delivery.
- On TPE variants, the active end is marked with a discreet logo. For Woven variants, the active end is identified by a removable tag, but is otherwise unmarked. If required, you can add your own markings. If you forget which end is active, an OMG Programmer’s “OMG” light can be used.
3: Choose the passthrough end & color:
4: Add an OMG Programmer:
Introduction to the OMG Cable
The OMG Cable is a powerful and versatile USB device designed for advanced penetration testing and red teaming exercises. This device can emulate various types of USB peripherals, including keyboards, network adapters, and storage devices. This versatility allows it to be used in a wide range of penetration testing and red teaming scenarios.
The OMG Cable is designed to be plugged into a target computer and execute pre-programmed scripts or payloads, making it a powerful tool for simulating real-world attacks.
How It Works
The OMG Cable works by emulating a Human Interface Device (HID), specifically a keyboard, network adapter, or storage device. When plugged into a computer, it can send a series of keystrokes, inject network traffic, or present itself as a storage device to deploy payloads. The device is programmed using a simple, easy-to-understand language, allowing for a wide range of customization. Get Your Full OMG Kit Here
Key Components
- Microcontroller: The brain of the device, which executes the pre-programmed scripts or payloads.
- USB Interface: Allows the device to communicate with the target computer.
- Memory: Stores the scripts or payloads that define the actions to be taken.
- LED Indicators: Provide visual feedback on the device’s status and mode.
Capabilities and Uses
The OMG Cable’s versatility makes it a valuable tool for a wide range of cybersecurity tasks. Here are some of its key capabilities and uses:
- Automated Tasks: Automate repetitive tasks, such as opening web browsers, logging into systems, and executing commands.
- Payload Deployment: Deploy malicious payloads, such as backdoors, keyloggers, and ransomware.
- Data Exfiltration: Extract sensitive data from the target system.
- Network Injection: Inject malicious network traffic to exploit vulnerabilities.
- Persistence: Create persistent backdoors to maintain access to the target system.
- Evading Detection: Bypass security measures, such as antivirus software and firewalls, by mimicking legitimate USB devices.
Common Scenarios
The OMG Cable is particularly useful in the following scenarios:
- Penetration Testing: Simulate real-world attacks to identify and exploit vulnerabilities in a controlled environment.
- Red Teaming: Conduct advanced, adversary-simulation exercises to test an organization’s defenses.
- Social Engineering: Use in combination with social engineering techniques to gain unauthorized access to systems.
- Incident Response: Quickly deploy tools and gather evidence during incident response operations.
Creating Payloads
Creating payloads for the OMG Cable involves writing scripts that define the actions to be taken. These scripts can be written in various languages, depending on the specific use case. Here’s a basic example of a script that opens a command prompt and runs a command:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void main() {
// Open a command prompt
system("cmd.exe");
// Run a command
system("ipconfig");
// Exit the command prompt
system("exit");
}This script opens the Command Prompt, runs the ipconfig command to display network configuration details, and then exits the Command Prompt.
Key Commands
system(): Executes a command in the command prompt.cmd.exe: Opens the Command Prompt.ipconfig: Displays network configuration details.exit: Exits the Command Prompt.
O.MG Cable Features
Easy WiFi Control
Full control with your web browser. Desktop or mobile.
Keystroke Injection
Instant DuckyScript payloads. No recompiling or reprogramming, just click run! And with industry-leading 890keys/sec speeds.
Lots of Payload slots
Basic model comes with 8 slots. Elite has extra storage allowing up to 200 slots!
Global Keymaps
With 192 keymaps already built in, you can target machines across the world.
Built in IDE
The WebUI not only provides 100% of the controls, but also gives you helpful feedback to catch syntax errors while rapidly building payloads.
Mobile Payloads
Cables with a USB-C active end, or Directional C to C, can automatically transmit to mobile devices with a USB-C connector. Connect just the active end!
Stealth
The implant stays dormant until a payload is deployed. No logs. No detections. The cable behaves just like a normal USB 2.0 cable. (5v charging, 480mps data transfer) Spoof any USB identifer (VID/PID), extended USB Identifier, and network MAC address.
Hardware Keylogger
Elite models contain a passive hardware keylogger designed for FullSpeed USB keyboards with detachable cables. Store up to 650,000 keystrokes. For tested keyboards & more info go here.
HIDX StealthLink
Elite models: setup a bidirectional tunnel from Target Host > OMG > Control Machine.
Encrypted Network C2
Elite models: Use an encrypted connection to access & control your OMG from anywhere. Then disable the onboard WebUI to hide and protect your O.MG on untrusted networks. Compatible with any server that runs python.
Self-Destruct
Make your legal team happy by ensuring sensitive payloads & loot are gone, and the OMG Cable is fully inert. (recoverable with O.MG Programmer)
Geo-Fencing
Trigger payloads or other actions based on location. Keep your tool from falling out of scope! Ex: self-destruct if someone takes the O.MG Cable home.
WiFi Triggers
Trigger payloads at long range with a single beacon.
Control everything remotely with a web browser. 1 click payload deploy. Built in IDE helps guide you.
This advanced implant has more features and flexibility than tools 100x the size.
Ethical Considerations
While the OMG Cable is a powerful tool, it is essential to use it responsibly and ethically. Unauthorized use of the device can result in severe legal consequences and ethical violations. Always ensure that you have explicit permission to test a system before deploying the OMG Cable.
Best Practices
- Authorization: Obtain written permission from the system owner before conducting any penetration testing.
- Scope: Clearly define the scope of the test to avoid unauthorized access to sensitive data.
- Documentation: Document all findings and actions taken during the test for transparency and accountability.
Conclusion
The OMG Cable is a versatile and powerful tool for ethical hackers and cybersecurity professionals. Its ability to emulate various USB devices and deploy payloads makes it an invaluable asset in penetration testing and red teaming exercises.
However, it is crucial to use the device responsibly and ethically, ensuring that all actions are authorized and within the defined scope.
Whether you’re conducting a penetration test, simulating an advanced threat, or responding to an incident, the OMG Cable can be a game-changer in your cybersecurity arsenal. Stay ethical, stay legal, and stay ahead of the threats.
