How to Add a Local Administrator with the Arduino Leonardo

Sunday, July 08, 2012



For a while now security researchers have been using the Teensy for HID attacks. Which really is the way to go if that’s all you want to do.

However, if you are like me you want to do other things as well you need something bigger.

Enter the Arduino Leonardo, this Arduino board supports emulating a HID (Human Interface Device) out of the box. It’s not tiny like the Teensy but it is only 2.7” x 2.1” in size which is still small.

It would be very easy to just leave the Leonardo in a backpack and just run the USB cable to the victim device, especially since the whole attack takes about 5 seconds.  

When programming the Leonardo to emulate a HID I really recommend using a button in conjunction with the device, see image below.  This way if you make a mistake you can upload a new sketch. It would be very difficult to reprogram it if it kept typing add user over and over again.

(click image to enlarge)


Here is the attack in action via screen recording on youtube, or here:

In the first part of the video I show what users are on the system. Then the device is plugged in and the attack launches. 

The Leonardo starts to emulate a keyboard by activating the windows key and then types in cmd.exe.

Next it uses the keyboard shortcut for run as admin (ctrl+shift). Then the Leonardo hits tab 3 times to select OK on the UAC protection and hits enter.

Finally, an administrator command prompt is open and the Leonardo types out the commands to add user and adds the user to the local administrators group and closes the prompt.

The nice part about this is since you write the program there are no typing errors and it types about a hundred times faster than you do.   

You can get the code from or my pastebin.

Cross posted from

Thanks to  @irongeek_adc for pointing out the Leonardo and answering my questions and to @matthewneely, @SoapyWetDish and @dave_rel1k for other guidance.

Possibly Related Articles:
Network->General Operating Systems
Information Security
Tools Penetration Testing Attacks Network Security Teensy Devices HIDS SysAdmin Human Interface Device Arduino Leonardo
Post Rating I Like this!
Sohail Nawaz Nice sharing about education and i am happy from the positive comments and response of students and universities. I am here to share our new reviews for paper writing service which can help to all students from all over the world. I think that's great way to convey your message to all over the world. Hope you will like these ideas as well
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.