skysploit Posted June 20, 2013 Author Share Posted June 20, 2013 I'm having issues with Pure-FTPD not being installed, or installed correctly. The setup script didn't have it working and the repositories can't find it in Kali. I downloaded and installed it from a tar.gz file but simple-ducky still can't work with it. Has anyone run into this issue before? Battery_, Kali has pure-ftpd in the repositories (apt-get update && apt-get install pure-ftpd)... What is the specific issue that you are having? Here's the simple-ducky's wiki page for pure-ftpd: https://code.google.com/p/simple-ducky-payload-generator/wiki/PureFTPServer ~skysploit Quote Link to comment Share on other sites More sharing options...
Battery_ Posted June 20, 2013 Share Posted June 20, 2013 Skysploit thanks for the quick response. I just reinstalled Kali and all of the sudden pure-ftpd was showing up in the repositories again. For some reason before I would apt-get update, then try to install it and it wouldn't find the package... Quote Link to comment Share on other sites More sharing options...
skysploit Posted June 22, 2013 Author Share Posted June 22, 2013 (edited) Hak5'ers, I have been working on version 1.1.1 over the past few weeks... Good news, its almost ready! There are some big things happening in this revision... Instead of telling you about all the awesomeness here's a teaser. ~skysploit P.S. Did someone say SYSTEM Privs?? Edited June 22, 2013 by skysploit Quote Link to comment Share on other sites More sharing options...
Battery_ Posted June 22, 2013 Share Posted June 22, 2013 That looks awesome, can't wait to mess with it Quote Link to comment Share on other sites More sharing options...
DrDinosaur Posted June 23, 2013 Share Posted June 23, 2013 Wow Skysploit, you're certainly putting a lot of effort into this project. So many options. Great job, keep it up! Quote Link to comment Share on other sites More sharing options...
skysploit Posted June 23, 2013 Author Share Posted June 23, 2013 yamil515, It looks like you are not finding pure-ftpd in your repositories... Try installing software-center and locating it that way (apt-get install software-center), you will see the Ubuntu Software Center in your menu. Alternatively you can compile it from source (http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.36.tar.gz). Or you can use any other ftp server that you would like. If you can please shorten your last post as it is flooding the channel. thanks One last thought, add Kali's Bleeding edge repositories... echo deb http://repo.kali.org/kali kali-bleeding-edge main >> /etc/apt/sources.list apt-get update apt-get upgrade ~skysploit Quote Link to comment Share on other sites More sharing options...
skysploit Posted June 23, 2013 Author Share Posted June 23, 2013 Wow Skysploit, you're certainly putting a lot of effort into this project. So many options. Great job, keep it up! Thanks, man... As long as people still find it helpful/value added, i will continue to keep the project alive. Quote Link to comment Share on other sites More sharing options...
mahorelee Posted June 24, 2013 Share Posted June 24, 2013 How do I install this with Windows? I've downloaded the file and I'm getting lost with what to do to install it. Quote Link to comment Share on other sites More sharing options...
skysploit Posted June 24, 2013 Author Share Posted June 24, 2013 (edited) How do I install this with Windows? I've downloaded the file and I'm getting lost with what to do to install it. Mahorelee, The simple-ducky is not compatible with Windows. It currently only supports Debian based Linux distro's (i.e. Kali-Linux, Debian, Ubuntu, Linux-Mint, BackBox)... What I recommend you do is install VMWare Player and download Kali-Linux. Below are links for everything that you need. VMWare Player Free Download: http://www.vmware.com/download/player/download.html Kali-Linux: http://www.kali.org/downloads/ (under image type select VMWare) Hope this helps... ~skysploit Edited June 24, 2013 by skysploit Quote Link to comment Share on other sites More sharing options...
yamil515 Posted June 25, 2013 Share Posted June 25, 2013 (edited) yamil515, It looks like you are not finding pure-ftpd in your repositories... Try installing software-center and locating it that way (apt-get install software-center), you will see the Ubuntu Software Center in your menu. Alternatively you can compile it from source (http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.36.tar.gz). Or you can use any other ftp server that you would like. If you can please shorten your last post as it is flooding the channel. thanks One last thought, add Kali's Bleeding edge repositories... echo deb http://repo.kali.org/kali kali-bleeding-edge main >> /etc/apt/sources.list apt-get update apt-get upgrade ~skysploit Reading package lists... Error! E: Malformed line 9 in source list /etc/apt/sources.list (dist parse) E: The list of sources could not be read. E: The package lists or status file could not be parsed or opened. that the error that i get when i do what you told me i want to solve this problem can you help me thank you in advance Edited June 25, 2013 by yamil515 Quote Link to comment Share on other sites More sharing options...
skysploit Posted June 25, 2013 Author Share Posted June 25, 2013 yamil515, It looks like you have a botched Kali install... Quote Link to comment Share on other sites More sharing options...
yamil515 Posted June 25, 2013 Share Posted June 25, 2013 (edited) Thank you skyploit try to install it again./ thank you for the pointer got everything working correctly thank you. thank you for the build is great keep up the good job. :D Edited June 26, 2013 by yamil515 Quote Link to comment Share on other sites More sharing options...
DrDinosaur Posted June 30, 2013 Share Posted June 30, 2013 (edited) Hey Sky maybe you could gather up all the other payloads on the Rubber Ducky forum. They all seem to be scattered. It would be great if someone could pull them all together. I also made a video using Simple Ducky. It's nowhere as near as good as your video, but hopefully it's just another resource that people can use. https://www.youtube.com/watch?v=M9gvk_X2oSQ Edited June 30, 2013 by DrDinosaur Quote Link to comment Share on other sites More sharing options...
skysploit Posted July 3, 2013 Author Share Posted July 3, 2013 Hey Sky maybe you could gather up all the other payloads on the Rubber Ducky forum. They all seem to be scattered. It would be great if someone could pull them all together. I also made a video using Simple Ducky. It's nowhere as near as good as your video, but hopefully it's just another resource that people can use. https://www.youtube.com/watch?v=M9gvk_X2oSQ DrDinosaur, Great job on the video! I'm glad to see that people are still using the simple-ducky. Hak5 does a great job with the show and the products that they offer. Hopefully, these videos of the simple-ducky entice folks to go out and buy the USB Rubber Ducky.... I'm slowing working on gathering all the payloads within the forums and github. The hard part is vetting all of the payloads. Some are broken or have delay's that not realistic with what a corporate computer would be able to handle. So it takes time to make sure that all of these payloads will work the best can. With that said, I am always looking for people to help with the vetting process. Thanks again ~skysploit P.S. DerbyCon anyone?? Quote Link to comment Share on other sites More sharing options...
Phobic81 Posted August 20, 2013 Share Posted August 20, 2013 (edited) I've a problem with my ducky. Or probably me. Using simple ducky 1.1.1 on Kali, I'm trying to deploy the simple wallpaper prank on a non uac windows 7 system. Trying to figure out how to convert the payload.txt to inject.bin under the options. Using the java -jar commands on my W7 laptop, it won't recognize duckencode or duckencoder files. When I plugged in the ducky for the first time, nothing happened, then it typed "Quack" etc in the run field. Now it just goes to switch user field. Is there a way to import the Wallpaper prank text using simple-ducky on Kali?Would really appreciate any advice with this. Thanks. Edited August 20, 2013 by Phobic81 Quote Link to comment Share on other sites More sharing options...
green Posted August 20, 2013 Share Posted August 20, 2013 [-] It doesn't appear that burpsuite is installed on your system. Installing it now...E: Unable to locate package burpsuiteIf I manually install it would it work with the rest? or should I wait for the link to be up? Quote Link to comment Share on other sites More sharing options...
skysploit Posted August 21, 2013 Author Share Posted August 21, 2013 I've a problem with my ducky. Or probably me. Using simple ducky 1.1.1 on Kali, I'm trying to deploy the simple wallpaper prank on a non uac windows 7 system. Trying to figure out how to convert the payload.txt to inject.bin under the options. Using the java -jar commands on my W7 laptop, it won't recognize duckencode or duckencoder files. When I plugged in the ducky for the first time, nothing happened, then it typed "Quack" etc in the run field. Now it just goes to switch user field. Is there a way to import the Wallpaper prank text using simple-ducky on Kali?Would really appreciate any advice with this. Thanks. Phobic81, To encode the payload.txt file that you have created just place it in the "/usr/share/simple-ducky" directory and open a terminal window and "cd" to the same directory. Run this command: java -jar encoder.jar -i payload.txt As far as importing the wallpaper prank into the simple-ducky, i would perfer not to. The simple-ducky is designed for professional penetration testers and the payloads in the are geared specifically for that purpose. However, I am in the process of completely revamping the simple-ducky. I am going to make it 100% modular, that way plugins can be added by each user. This is going to take some time to complete but it is well worth the effort. ~skysploit Quote Link to comment Share on other sites More sharing options...
skysploit Posted August 21, 2013 Author Share Posted August 21, 2013 [-] It doesn't appear that burpsuite is installed on your system. Installing it now... E: Unable to locate package burpsuite If I manually install it would it work with the rest? or should I wait for the link to be up? green, What distro are you installing the simple-ducky on? If the installer fails to pull burpsuite from the repository it will take another approach to installing it. Only a few distros have burpsuite in the their repos. For that purpose I have an alternative installer that will take over when you see that error... Check your machine to see if it is installed. ~skysploit Quote Link to comment Share on other sites More sharing options...
Phobic81 Posted August 21, 2013 Share Posted August 21, 2013 (edited) "Phobic81, To encode the payload.txt file that you have created just place it in the "/usr/share/simple-ducky" directory and open a terminal window and "cd" to the same directory. Run this command: java -jar encoder.jar -i payload.txt As far as importing the wallpaper prank into the simple-ducky, i would perfer not to. The simple-ducky is designed for professional penetration testers and the payloads in the are geared specifically for that purpose. However, I am in the process of completely revamping the simple-ducky. I am going to make it 100% modular, that way plugins can be added by each user. This is going to take some time to complete but it is well worth the effort. ~skysploit" Thanks. It was the "encoder" that I was missing. Explains why "duckencode®" wouldn't take. Understand keeping it catered to pentesting and I'd prefer to see it at that (primarily because I could monitor my employees, half of whom text more than they work), but we just got this thing and I'm trying to test it out with a simple payload before we try compiling a lengthy custom ducky script. I'll be trying to come up with a payload that executes downloads of default software (Mbam, additional browsers, MSE and UAC setting adjustments, etc) we install on our systems we build for sale. I do more hardware work than anything, unfortunatley. Boring. It's way too time consuming for me, and the ducky might be a faster automated solution, moreso than our junk dvd's. If I can get this to work, then we'll be getting a quite a few of them. Looking forward to the new version. Thanks again. Edited August 21, 2013 by Phobic81 Quote Link to comment Share on other sites More sharing options...
DrDinosaur Posted October 5, 2013 Share Posted October 5, 2013 Any more development on this? Quote Link to comment Share on other sites More sharing options...
skysploit Posted October 8, 2013 Author Share Posted October 8, 2013 DrDinosaur, Yes I'm working on v1.1.2 at the moment. I have been back logged with work, so its been slow. Hopefully, I'll have it ready by the end of the month. ~skysploit Quote Link to comment Share on other sites More sharing options...
ITHKS Posted October 23, 2013 Share Posted October 23, 2013 Hello! Can a simple-ducky payload be run on a Windows 7 guest account ? Quote Link to comment Share on other sites More sharing options...
Casual Posted October 26, 2013 Share Posted October 26, 2013 DrDinosaur, Yes I'm working on v1.1.2 at the moment. I have been back logged with work, so its been slow. Hopefully, I'll have it ready by the end of the month. ~skysploit You sir, are a Boss! This will be very useful for when my rubber ducky gets here. Thank you for al your effort. Quote Link to comment Share on other sites More sharing options...
skysploit Posted October 27, 2013 Author Share Posted October 27, 2013 Hello! Can a simple-ducky payload be run on a Windows 7 guest account ? ITHKS, Yes, there are some payloads that will work on guest accounts. Just use the payloads that do not require User Access Control (UAC). The powershell, download, and execute payloads are perfect for that. Granted you will have to do some privilege escalation. Take a look at the payload builder and DBD w/o UAC, let me know if you have any issues. v/r ~skysploit Quote Link to comment Share on other sites More sharing options...
skysploit Posted October 27, 2013 Author Share Posted October 27, 2013 You sir, are a Boss! This will be very useful for when my rubber ducky gets here. Thank you for al your effort. Casual, Thanks for your support. I only do it because of the effort that Hak5 has put forth in developing such an awesome tool. Some people over look the Dusky because of its simplicity. I say you have to look at who is using these devices. Most agencies/companies dont have the time/money to train and reproduce expert programmers. They need simple devices with a simple programming lanuage to conduct security audits. The USB Rubber Ducky and the simple-ducky meet those needs. From the novice to the expert, this device can do everything from boosting the confidence to the operator to performing complex security audits, resulting in better overall security of the network/people. I will be here to help as long as Hak5 and the folks using these products need me to. v/r ~skysploit Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.