USB Nugget
SSDP Phishing
Pose as network devices to phish Windows users
Warning: This will erase your current USB Nugget installation, and you'll need to update your USB Nugget again before using it as a USB attack platform
The RubberNugget receiving phished credentials via Simple Service Discovery Protocol
The USB Nugget can be flashed to act as a SSDP (Simple Service Discovery Protocol) device, connecting to a Wi-Fi network appearing to nearby Windows users as a network-attached drive.
This attack can be used to redirect users to phishing pages when they click on the drive. We created a demo you can find here:
You can check out the guide below to try the attack yourself:
Copy link