Leaderboard

Equipment is less important, knowledge is higher up on the ladder. If you don't know what to do, then equipment won't help you do a good job. If you have the knowledge, you know what equipment you need.

There are a number of indications that this isn't about the Hak5 USB Rubber Ducky ("Flipper", "duckyPad" being mentioned). The command is also something I've never seen being used along with the 2nd gen USB Rubber Ducky, or being a part of DuckyScript 3.0. Only things related to the official Hak5 USB Rubber Ducky (2nd gen) is discussed here.

If you can't present a legal use case, then you should ask that question elsewhere.

This is going to sound harsh, but we get requests like this every few months and they are always scams trying to recruit people to do illegal activities. If this is real, file police reports and send some actual evidence.

Sorry, not the type of thing we do here. Talk to Facebook but don't expect much.

Stop messing with it and give it straight to the authorities.

I'd suggest trying to source information from the most natural places online (that has already been mentioned, such as official docs, but also the official forum and Discord server), not in a forum that has no relation to the Flipper.

Which one is the "best" really depends on what you want to do and achieve. I can't say anything really about the O.MG device since I don't have one. I just know that it is a really skilled bunch of individuals behind it. The Ducky has always been good, but taken big leaps forward since the gen2 was introduced along with Ducky Script 3 and Payload Studio. My personal favorite is probably the Bunny though. Not really sure why, but it runs Debian, enables the use of keyboard and network features along with storage (internal and Micro SD) and Bluetooth capabilities. It's the "width" and flexibility that I like the most with the Bunny and that you easily can get "under the hood" of the device. For someone totally new to it all, trying to get oneself introduced to the Hak5 family of products, I would probably recommend the Ducky though as the first device to get. But, as said, it all depends on what you want to do with it. Read the texts in the shop, the documentation and look through the Hak5 GitHub to learn more before buying.

I second this. There were several statements that there will be firmware updates (of which some were posted publicly by Darren in this forum), which were never fulfilled. Users also requested the source code to be fully released, which also never happened. The firmware is buggy as hell and not everything can be fixed from the framework files alone. Heck, just drop the code on Github and everything would be fine or at least bearable. I am heavily disappointed by the lack of support of Hak5 and we as a company have switched to other manufacturers, since we cannot rely on Hak5. You sell full-priced products that can by no means be called ready for production and then refuse to release updates or the source, even though some fixes for important bugs have been posted on this forum and on Github and there are users willing to fix your dirty work if it would be possible.

DuckyScript 3.0 for the new USB Rubber Ducky can be encoded in Payload Studio — both Community and Pro editions — right in your browser. The compiler and all payload editing is done client-side, locally. We never see your work. You can download an offline copy of the IDE from your browser. Keep in mind that the offline version you download will be frozen in time, whereas the online version will be continuously updated as we add features and fixes over time. You can see the version number in the bottom left corner of the page.

My name is Mark a.k.a Metatron Favourite OS: Debian Favourite movie: Fight club Other hobbies: Running, Mountain biking, diving, climbing and shooting (range/ clay pigeon). Occupation: Academia

First of all, nix that password book NOW. Change all your passwords with a password manager, Bitdefender, Dashlane, 1Password, and Bitwarden are good ones. Change any Windows PIN, too. Check your admin privileges and don't allow anyone else access to your account. I would also avoid using a shared computer. Knowing that someone is using Alexa and Siri is not a concern. And if you're worried what the boy might be streaming through the Xbox, just ensure that nothing private happens in front of the camera. No one at a remote IP address will be trying to access your MacBook. A router firewall blocks all incoming packets that are not part of established connections. If your devices have been enrolled into Intune MA (which would take good IT knowledge, that boy would have to be a prodigy), it's pretty bad. I'm missing context for the developer accounts, however. The bigger issue is that if you're being abused (and abuse often involves children, not just the spouse),you need to report it and get a restraining order. Don't stay in that relationship. And if you have child pornography in your browsing history, you need to take your MacBook to the police, pronto. I do have some knowledge of digital forensics, so if they don't have their own team, I could assist further.

I guess you got your answers on Discord

No use looking for a specific model. Search for the chipset instead.

When I can't find any answer in the documentation regarding how to use the API, I start a web browser and open the dev console in the browser and check what happens as I do the same thing using the web UI. The API params used will show. So, in this case I just added a module in the web UI and looked in the console at the same time and got the param used.

Try "moduleName":"evilportal" instead of "name":"evilportal"

We don't do this stuff here..

This sort of behaviour has you likely to be banned.

Hi, everyone at the beginning of the year I found myself in the situation where I found contact information, which belongs to me, on someone else's profile. this information however was set to being only visible to me and apart from that i knew the person but did not have any relation to that person. also interesting is, that as soon as i saw that, the information was already removed from that profile. Not saying i am an expert in this field but i am working in IT and have a somewhat good understanding and sense for security. therefor i would say i am taking good care about my privacy and security. i never lost access to my account during this occurance and the activity logs looked clean. obviously someone who gained access to my account would remove such tracers. the only information that the suspect might have had was my name and my mobile number. i am not asking for a guide to replicate that, however i would really like to now how much expertise would be needed to archive something like that and if there are tools out there which would provide such visibilty to someone's information. kind regards

Do a PR on GitHub

Ask in the O.MG section of the forums

Well, there's no valid factory to send it back to. The Tetra has been end of life for years now and has also reached end of support status. Even if it was supported and still sold, it wouldn't be the correct way to send it to the factory anyway. No idea if that YouTube video is valid for the Tetra. The only OpenWrt Hak5 device that I've seen being "reset" using serial is the Signal Owl. Don't know at all if that procedure is applicable to the Tetra. https://forums.hak5.org/topic/49420-recovery-reset/?do=findComment&comment=325670

What's in the docs is what's supported when it comes to the Packet Squirrel as a product. If you want to poke around and change things other than that, it's up to you, but don't expect to get support about such stuff from Hak5. I haven't seen many things that are closed source (but of course there is) when it comes to Hak5 products. Most Hak5 specific functionality is fully readable and possible to change (at your own risk). I'm on vacation now far away from my Packet Squirrel so I can't point in any specific direction, but a lot of things (most) are located in /usr/bin and if you find something that you can't look into since being closed source, then it is closed source. Nothing to do about it. Either it'd be Hak5 specific things or other packages/features that might be possible to install in OpenWrt. I'd suggest starting to get familiar with basic out-of-the-box features of the Packet Squirrel and read the documentation before starting to think about changing things related to the product. Especially if you barely know what you are doing.

And there is the inevitable spam!

You could try to sign the file, or make a wrapper in autohotkey and "sign" it using AHK compiler directives. Sometimes that works, but it depends.. But, for the most part, loading exe from usb, can be a trigger... /NX

You may be able to report it as a false positive, but you can download the PowerSploit modules and try Find-AVSignature to see where the code being detected as a Trojan is.

I don't have an answer but it might be worth talking to any local prisons as they might have the same problems.

With the case removed (so that you can see the LED) and connecting the Ducky to a computer *without* any Micro SD card inserted, does the LED light up?

Just look at a physical keyboard (US for example) and compare to the AZERTY keyboard. Then use something like the following workflow: "OK, so é on the french keyboard is on the same position as 2 on the US keyboard and 2 on the US keyboard uses 00,00,1f according to the us.json language file, so lets re-map 00,00,1f to é" (and so on...) So, you already have all that you need, you only have to map the french keys to the correct keycodes and one of the ways of doing that is compare keyboard layouts in the way I described. There are other ways, but I find that to be the easiest/fastest way, at least if just adjusting already existing keymaps for a few keys.

It should not since the udisk is left untouched during factory reset. However, and as always, do backups of anything that is valuable in any way (which is relevant for any device, either it'd be a Key Croc or something else).

As said in another thread where you posted about the same thing; this should work without any issues if done correctly (and the Bug is working as it should and is not having any defects). I just executed some dumps using Kali Linux (fully updated) and Windows 11 and I get what I expect, i.e. all forms of protocols (http, https, ntp, etc. etc.) and information that I would expect to find based on the traffic generated. Either contact support or describe more in detail exactly how you are conducting the Wireshark sniffing on each of the platforms. Otherwise it's more or less impossible to troubleshoot, recreate and try to help.

And the support Link is here. https://hak5.customerdesk.io/

I would suggest creating a support ticket. Devs (Korben to be more specific since it's about PayloadStudio/Ducky Script 3.0) isn't very active here (and this isn't official support either). Someone with insight "under the hood" probably needs to dive deeper into an issue like this.

Settings > General > Web Interface Flip "Light" to "Dark"

If you're manually going to copy the device.config file anywhere, it should be copied to /etc on the Croc FW 1.4 is in testing phase at the moment, no release date set though However, if you're going to return it, there's no need throwing resources at trying to troubleshoot any further

I wouldn't touch that even with pliers, it's a knock-off.

This unrelated to hak5. It's more related to the Courier or usps.

That adapter should use a chipset that is compatible "out of the box" with the Mark VII. Not sure why it's not showing.

I built the module… I would be happy to help you

I can't think of anything besides rebooting. I have a UE306 myself that works great.

3 years later and still no answer by hak5 or at least a firmware upgrade for the several croc issues and the deprecated packages that are installed on it. This is how you make customers happy 👍 If anybody thinks about buying this thing please DON'T DO IT. This is no final product. Maximum an alpha version to play around and burn hours of your time if you plan to use this as an company

O.MG Cable - Hak5 here is how the cable work

The "active end" of the usb is what youre plugging into your laptop not into the iphone, this may be why you are experiencing these issues.

If you can't get the Pineapple to run via VPN and circumvent possible restrictions, then you can probably download modules from the Hak5 GitHub repo and sideload the modules manually to the Pineapple.

Official answer: Use a MicroSD card — not a Micro SDHC, SDXC or SDUC card. That means 2 GB and under. Unofficial (I'm a hacker) answer: As long as the file system is FAT (FAT/VFAT or FAT32) as opposed to other common formats like exFAT, NTFS EXT4, etc — it should work, albeit with a potential performance hit*. *The larger the partition (and the more files/directories) the longer it will take to be read — both from the perspective of the USB Rubber Ducky itself (reading inject.bin, seed.bin or writing loot.bin) but also to the target, enumerating the USB "Flash Disk" when using the command ATTACKMODE STORAGE. As an example, I've formatted a 200 GB SanDisk Ultra MicroSDXC card with the FAT32 file system and loaded it with a very simple "Hello World" payload: ATTACKMODE HID STORAGE DELAY 1000 STRING Hello, World! And it injected the keystrokes within a second of attaching it to the target — however the target (a Windows 10 PC in this case) took over a minute to recognize the USB drive in Explorer.

@Darren Kitchen It has been 2 years since the last update and many (known) issues are not fixed. In August 2021 you wrote me, that you guys are working on a release. Nothing has happened since then... which is a little disappointing and reduces the value of the product. If no update is in sight, please make the source code in /usr/local/croc/bin public at least, please.

Well, if it's still not solved, how can it be too late? As I understand it, there is work being done on getting the Croc to better accept different types of keyboards. It has for sure been a bit picky this far.

Firstly, this is NOT an official support channel. In fact, most people who can help you don't even check the forums. If you want help from some of the O.MG devs or community members with extensive experience, join the chat server listed in the setup instructions. The setup link (included on the envelope and card insert) is here: https://o.mg.lol/setup, this is where you will find setup instructions, official support chat channels, warranty requests, etc

OK Here it is, Please post some input on what you think. Also im trying to figure out a better way to gain Access to the NTFS partition. Any input welcomed! Gain SYSTEM/Administrative Access to Windows XP/2000 I will explain how to gain Local Administrative rights to Windows XP/2000 computer without removing or cracking a Users password. In order for this to work the Computer must have a CD-ROM drive, or other bootable device other then a harddrive. (Im stoned and its 3:15a.m. so i hope this makes sense) Overview: Windows XP/2000 allows you to run a program with System level privileges before logging on. The name of the program is Utility Manager. It is located at C:Windowssystem32utilman.exe for windows XP and C:WINNTSystem32utilman.exe for windows 2000. So all you have to do is make your own program that creates an administrative account. The program that you create has to have a filename of Utilman.exe in order to work. If the filesystem on the computer is FAT32 then this process is very simple and only takes a second. If the Computer uses the NTFS filesystem this will take a few minutes depending on how fast the PC is. First We need to make the program I used Visual Basic 6, here is my source code that i used to create the administrative account: #################################START############################### Private Sub Form_Load() Shell "net user NewAdmin " & """""" & " /add", vbHide Pause (1) Shell "net localgroup administrators NewAdmin /add", vbHide Pause (1) msgbox "Added Administrative User",16,"Hacked XP" End End Sub Sub Pause(interval) 'Pauses execution Current = Timer Do While Timer - Current < Val(interval) DoEvents Loop End Sub '#################################END############################### Compile this with the filename of Utilman.exe this is very important! What this program does is create a User named NewAdmin with a blank password and then adds them to the Administrators Group. Ok Now that we've made the program lets move on... FAT32 1. Create a bootable floppy :: http://1gighost.net/keywest/boot98sc.exe 2. Add the newly made Utilman.exe to the Floppy 3. Restart the computer with the floppy in it 4. After DOS loads type C: and press enter. 5. If it changes from A:/> to C:/> then your doing good 6. use this command: Copy A:utilman.exe C:windowssystem32utilman.exe press Y to overwrite the exsisting file 7. Restart the computer without the floppy in it 8. When it gets to the Login Screen Press the Windows Key + U 9. Restart the computer if FastUser Switching is enabled (The Graphical Login with the picture next to the login name, XP Only) if not enabled skip to Step 10 9a. After restarting you should see a new user in the list named NewAdmin, click on this account and you just gained Administrative access to your PC. 10. After pressing <b>Windows Key + U</b> then type in the username NewAdmin and push Enter. Thats It you now have administrative access to your PC. NTFS Use a Windows 2000 Setup CD to gain access to the NTFS partition through the recovery console. From the recovery console you can copy over the hacked Utilman.exe. Once in the recovery console follow the same instructions as above from step 6. After copying over the file restart your computer by typing exit or pusing ALT CTRL DEL. Remove the Windows 2000 CD. When windows loads to the choose user screen simply push Windows Key + U. After pushing the Windows Key + U you should see a message that says "Added Administrative User", restart the computer one last time then choose the NewAdmin user account. This will have Administrative Privileges. It works ive done it and i hope you all enjoy this nice little hack ! ! ! (If your trying to gain SYSTEM level access your can replace the UTILMAN.exe to open a Command Prompt) LOL i hope that made sense

Yes you can do that with AJAX, For example, Digg.com uses AJAX to update the "digg" count without refreshing the page.