Jump to content

youretheone

Active Members
  • Posts

    9
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

youretheone's Achievements

Newbie

Newbie (1/14)

  1. Thanks for clearing that up basic4! I don't know where I got that misconception from. :)
  2. Hi basic4! Thanks for responding! Apologies, I'm confused (and a newbie)...I thought the whole point of a ducky was that they plugged into computers when the user was still logged in, but had locked the screen. Is that wrong? Thanks!
  3. Whoops, lol, I edited my post right before you replied - I thought maybe that first link I posted was the github stuff that wasn't working for you. :) Reposting! https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads
  4. There are sites like https://ducktoolkit.com/ that can help walk you through making them.
  5. You hit the same problem I did - if no Administrator pop-up window comes up, having the Ducky Script enter ALT y causes it to just type "y" before your mode script. One workaround that might work is to have it type ENTER again after ALT y, so even if it does punch in a "y", it'll hit enter, and then your mode, etc. script will go on as normal.
  6. Just an amateur suggestion - but you could pop the metal swivel tab off a Rubber Ducky and just glue the cut-off end of a micro-USB cord to it. Plug the other end into your phone and it'll look like you're just plugging into USB to charge it.
  7. (Sorry, I don't mean "run the Ducky Script", I mean "run the powershell commands the Ducky Script would run".)
  8. I'm new to this and want to make sure I understand, please - you're using the Cactus to inject the same password-capturing commands as the Ducky, just over wifi instead of by direct USB fake-keyboard entry? So you can enter them at your leisure instead of having to distract the user for 15 seconds? I was trying to think how this would be useful, and if I understand the basic concept, it makes sense - you could plant the Cactus when the computer is turned off (possibly after hours when no users are around, minimizing chances of detection), wait for them to walk away and lock their screen, then run the Ducky Script over wifi? That way there's much less chance of them seeing the powershell window, and you can retrieve the Cactus later when no one's around again. Have I got this right, or am I misunderstanding something critical? :) Thanks!
  9. I just tried out the powershell code on my own computer, and hit a snag. If Windows just opens the powershell without popping up the Administrator Yes/No window, then hitting Alt + Y messes up the code, turning it into: ymode con:cols=18 lines=1 Which obviously isn't going to work. I'm pretty sure I told my computer settings in the past to stop bugging me to confirm that as Administrator, yes, I wanted to let a program make changes. I'm new to Ducky Script, so I don't know if there's a better alternative, but I think a quick fix could be just having it inject ENTER again after ALT y, so whether the Administrator window pops up or not, the rest of your code can continue. Also, curious - is there an x,y position function in Ducky Script that can pop the powershell window completely offscreen, so the color scheme won't even matter? Or at least all the way down to the lower right corner, so hardly any of it is visible? If so, is there a relative position function so it'll always move offscreen/lower right regardless of screen size? (Update: I just read a little Ducky Script...I think GUI DOWNARROW would minimize the powershell window to the taskbar, but unfortunately it stops being the active window, so no further code could be entered. Is there a workaround for this, maybe?)
×
×
  • Create New...