Jump to content

[Release] Simple-Ducky Payload Generator v1.1.1 (International Key Mapping|Kali Compatible|Custom Payload Builder)


Recommended Posts

I'm having issues with Pure-FTPD not being installed, or installed correctly. The setup script didn't have it working and the repositories can't find it in Kali.

I downloaded and installed it from a tar.gz file but simple-ducky still can't work with it. Has anyone run into this issue before?

Battery_,

Kali has pure-ftpd in the repositories (apt-get update && apt-get install pure-ftpd)... What is the specific issue that you are having?

Here's the simple-ducky's wiki page for pure-ftpd: https://code.google.com/p/simple-ducky-payload-generator/wiki/PureFTPServer

~skysploit

Link to comment
Share on other sites

  • Replies 85
  • Created
  • Last Reply

Top Posters In This Topic

Skysploit thanks for the quick response. I just reinstalled Kali and all of the sudden pure-ftpd was showing up in the repositories again. For some reason before I would apt-get update, then try to install it and it wouldn't find the package...

Link to comment
Share on other sites

Hak5'ers,

I have been working on version 1.1.1 over the past few weeks... Good news, its almost ready! There are some big things happening in this revision... Instead of telling you about all the awesomeness here's a teaser.

~skysploit

P.S. Did someone say SYSTEM Privs??

Edited by skysploit
Link to comment
Share on other sites

yamil515,

It looks like you are not finding pure-ftpd in your repositories... Try installing software-center and locating it that way (apt-get install software-center), you will see the Ubuntu Software Center in your menu. Alternatively you can compile it from source (http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.36.tar.gz). Or you can use any other ftp server that you would like. If you can please shorten your last post as it is flooding the channel. thanks

One last thought, add Kali's Bleeding edge repositories...

echo deb http://repo.kali.org/kali kali-bleeding-edge main >> /etc/apt/sources.list
apt-get update
apt-get upgrade

~skysploit

Link to comment
Share on other sites

How do I install this with Windows? I've downloaded the file and I'm getting lost with what to do to install it.

Mahorelee,

The simple-ducky is not compatible with Windows. It currently only supports Debian based Linux distro's (i.e. Kali-Linux, Debian, Ubuntu, Linux-Mint, BackBox)... What I recommend you do is install VMWare Player and download Kali-Linux. Below are links for everything that you need.

VMWare Player Free Download: http://www.vmware.com/download/player/download.html

Kali-Linux: http://www.kali.org/downloads/ (under image type select VMWare)

Hope this helps...

~skysploit

Edited by skysploit
Link to comment
Share on other sites

yamil515,

It looks like you are not finding pure-ftpd in your repositories... Try installing software-center and locating it that way (apt-get install software-center), you will see the Ubuntu Software Center in your menu. Alternatively you can compile it from source (http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.36.tar.gz). Or you can use any other ftp server that you would like. If you can please shorten your last post as it is flooding the channel. thanks

One last thought, add Kali's Bleeding edge repositories...

echo deb http://repo.kali.org/kali kali-bleeding-edge main >> /etc/apt/sources.list
apt-get update
apt-get upgrade

~skysploit

Reading package lists... Error!

E: Malformed line 9 in source list /etc/apt/sources.list (dist parse)

E: The list of sources could not be read.

E: The package lists or status file could not be parsed or opened.

that the error that i get when i do what you told me i want to solve this problem can you help me thank you in advance

Edited by yamil515
Link to comment
Share on other sites

Hey Sky maybe you could gather up all the other payloads on the Rubber Ducky forum. They all seem to be scattered. It would be great if someone could pull them all together.

I also made a video using Simple Ducky. It's nowhere as near as good as your video, but hopefully it's just another resource that people can use.

https://www.youtube.com/watch?v=M9gvk_X2oSQ

Edited by DrDinosaur
Link to comment
Share on other sites

Hey Sky maybe you could gather up all the other payloads on the Rubber Ducky forum. They all seem to be scattered. It would be great if someone could pull them all together.

I also made a video using Simple Ducky. It's nowhere as near as good as your video, but hopefully it's just another resource that people can use.

https://www.youtube.com/watch?v=M9gvk_X2oSQ

DrDinosaur,

Great job on the video! I'm glad to see that people are still using the simple-ducky. Hak5 does a great job with the show and the products that they offer. Hopefully, these videos of the simple-ducky entice folks to go out and buy the USB Rubber Ducky....

I'm slowing working on gathering all the payloads within the forums and github. The hard part is vetting all of the payloads. Some are broken or have delay's that not realistic with what a corporate computer would be able to handle. So it takes time to make sure that all of these payloads will work the best can. With that said, I am always looking for people to help with the vetting process. Thanks again

~skysploit

P.S. DerbyCon anyone??

Link to comment
Share on other sites

  • 1 month later...

I've a problem with my ducky. Or probably me. Using simple ducky 1.1.1 on Kali, I'm trying to deploy the simple wallpaper prank on a non uac windows 7 system. Trying to figure out how to convert the payload.txt to inject.bin under the options. Using the java -jar commands on my W7 laptop, it won't recognize duckencode or duckencoder files. When I plugged in the ducky for the first time, nothing happened, then it typed "Quack" etc in the run field. Now it just goes to switch user field. Is there a way to import the Wallpaper prank text using simple-ducky on Kali?Would really appreciate any advice with this. Thanks.

Edited by Phobic81
Link to comment
Share on other sites

I've a problem with my ducky. Or probably me. Using simple ducky 1.1.1 on Kali, I'm trying to deploy the simple wallpaper prank on a non uac windows 7 system. Trying to figure out how to convert the payload.txt to inject.bin under the options. Using the java -jar commands on my W7 laptop, it won't recognize duckencode or duckencoder files. When I plugged in the ducky for the first time, nothing happened, then it typed "Quack" etc in the run field. Now it just goes to switch user field. Is there a way to import the Wallpaper prank text using simple-ducky on Kali?Would really appreciate any advice with this. Thanks.

Phobic81,

To encode the payload.txt file that you have created just place it in the "/usr/share/simple-ducky" directory and open a terminal window and "cd" to the same directory. Run this command: java -jar encoder.jar -i payload.txt

As far as importing the wallpaper prank into the simple-ducky, i would perfer not to. The simple-ducky is designed for professional penetration testers and the payloads in the are geared specifically for that purpose. However, I am in the process of completely revamping the simple-ducky. I am going to make it 100% modular, that way plugins can be added by each user. This is going to take some time to complete but it is well worth the effort.

~skysploit

Link to comment
Share on other sites

[-] It doesn't appear that burpsuite is installed on your system. Installing it now...

E: Unable to locate package burpsuite

If I manually install it would it work with the rest? or should I wait for the link to be up?

green,

What distro are you installing the simple-ducky on? If the installer fails to pull burpsuite from the repository it will take another approach to installing it. Only a few distros have burpsuite in the their repos. For that purpose I have an alternative installer that will take over when you see that error... Check your machine to see if it is installed.

~skysploit

Link to comment
Share on other sites

"Phobic81,

To encode the payload.txt file that you have created just place it in the "/usr/share/simple-ducky" directory and open a terminal window and "cd" to the same directory. Run this command: java -jar encoder.jar -i payload.txt

As far as importing the wallpaper prank into the simple-ducky, i would perfer not to. The simple-ducky is designed for professional penetration testers and the payloads in the are geared specifically for that purpose. However, I am in the process of completely revamping the simple-ducky. I am going to make it 100% modular, that way plugins can be added by each user. This is going to take some time to complete but it is well worth the effort.

~skysploit"

Thanks. It was the "encoder" that I was missing. Explains why "duckencode®" wouldn't take. Understand keeping it catered to pentesting and I'd prefer to see it at that (primarily because I could monitor my employees, half of whom text more than they work), but we just got this thing and I'm trying to test it out with a simple payload before we try compiling a lengthy custom ducky script. I'll be trying to come up with a payload that executes downloads of default software (Mbam, additional browsers, MSE and UAC setting adjustments, etc) we install on our systems we build for sale. I do more hardware work than anything, unfortunatley. Boring. It's way too time consuming for me, and the ducky might be a faster automated solution, moreso than our junk dvd's. If I can get this to work, then we'll be getting a quite a few of them. Looking forward to the new version. Thanks again.

Edited by Phobic81
Link to comment
Share on other sites

  • 1 month later...
  • 2 weeks later...

DrDinosaur,

Yes I'm working on v1.1.2 at the moment. I have been back logged with work, so its been slow. Hopefully, I'll have it ready by the end of the month.

~skysploit

You sir, are a Boss!

This will be very useful for when my rubber ducky gets here.

Thank you for al your effort.

Link to comment
Share on other sites

Hello!

Can a simple-ducky payload be run on a Windows 7 guest account ?

ITHKS,

Yes, there are some payloads that will work on guest accounts. Just use the payloads that do not require User Access Control (UAC). The powershell, download, and execute payloads are perfect for that. Granted you will have to do some privilege escalation. Take a look at the payload builder and DBD w/o UAC, let me know if you have any issues.

v/r

~skysploit

Link to comment
Share on other sites

You sir, are a Boss!

This will be very useful for when my rubber ducky gets here.

Thank you for al your effort.

Casual,

Thanks for your support. I only do it because of the effort that Hak5 has put forth in developing such an awesome tool. Some people over look the Dusky because of its simplicity. I say you have to look at who is using these devices. Most agencies/companies dont have the time/money to train and reproduce expert programmers. They need simple devices with a simple programming lanuage to conduct security audits. The USB Rubber Ducky and the simple-ducky meet those needs. From the novice to the expert, this device can do everything from boosting the confidence to the operator to performing complex security audits, resulting in better overall security of the network/people. I will be here to help as long as Hak5 and the folks using these products need me to.

v/r

~skysploit

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...