Jump to content

shadowpwner

Active Members
  • Posts

    25
  • Joined

  • Last visited

Posts posted by shadowpwner

  1. I'm not a hardware guy, so does this mean that almost all USB devices can be turned into USB HID devices? Or is it something in the MP3 player?

    edit: nevermind, i read http://www.hak5.org/forums/index.php?showtopic=16756

    This is fantastic. The only problems I see with this is 1) most mp3 players that support Rockbox are bulkier than the tiny teensy, and 2) that you'll have to carry around the cable.

  2. like press CTRL-ALT-DEL combo activates a payload the payload has then a timer of 5min less or more .

    Thada user activated your planted payload without your interaction for activation.

    Just plug it in and let user activate it without knowing anything .

    :rolleyes:

    Interesting idea.. what if the payload started when they say, typed Paypal.com? <_<

  3. Since it is AVR/Arduino based there is a ton of possibilities with interfacing with other hardware. If the hardware support i2c or spi you should be able to interface with it. This includes SD cards, EEPROMs, sensors, tons of stuff. Add a wifi shield and you could have it twitter its actions.

    Completely off topic, but:

    Twitter feed:
    Mr Rubber Ducky: @Hak5: Just got the passwords to John's computer. His email password is hunter2! lolol

  4. Lets think about this in terms of "on the field usage".

    What would you need to type that's so long without waiting for or adding a delay for the computer to process? CMD takes 1 second to popup for me.

    Bandwidth usage isn't as important when you Teensy can also be implemented as a card reader? (In a future release)

  5. ha! agreed and you will see Bill Gates going curse you Hak5!! the evil server was enough but now we are being attacked by evil duckys!!! :P followed by Steve Jobs asking how it is possible for a mac to be compromised :S

    Which is ironic since Windows had developed an extremely basic version of the switchblade and offers it to government and investigators.

    @Moonlit - though I agree with most of the things you say, the chances of those happening on a user's computer while running Mr. Ducky is minimal. What are the chances of say, an IM screen poppinp up while Mr. Ducky is doing his business? etc etc.

  6. Could you possibly solder the teensy to a usb hub with a thumbdrive attached? With that configuration you could cut the 5v line to the drive and either put an i/o line to it to power it or solder on a transistor and use the i/o line to flip it on if the line can't supply enough amperage. With that you could set the usb to turn on when the teensy wants it on. From there you could load code off of the usb.

    EDIT:

    http://www.radioshack.com/product/index.js...rodsInSession=1

    http://www.radioshack.com/product/index.js...rodsInSession=1

    http://www.radioshack.com/product/index.js...rodsInSession=1

    Something like these could be popped open and have the peripherals soldered right on.

    There is already a method to solder a MicroSD to a Teensy - a link is somewhere in this forum.. I'd find it for you if my mouse was working..

  7. Funny you should mention that. I was discussing the possibilities of Mr. Rubber Ducky with a few of my friends fix computer issues at a local elementary school when we have free time (hi noopy!). This tool would be extremely useful to fix common problems - installing software, reconfiguring them, etc. Can anyone think of a use for this that could not have been done with the switchblade?

  8. Also, keep in mind that these are microcontrolers, im not sure if this is correct, but if we can run code before windows adds the keyboard. It could generate a fake ID every time. Also add a few "echo <random string>" randomly in the string thats getting put into the run window.

    Hmm.. getting anti-virus to recognize suspicious signatures from a HID. I'd say we have a good 6 months to a year before they start catching on.

  9. I think LSB is on the right track with the Autohotkey idea. Autohotkey can basically do anything you want it to do. i'm sure you can code it to run commands and do other mouse inputs, and then you can compile the script into an .exe.

    Interesting idea, though only for Windows. Autohotkey is programmed in C++, so you could take the quickest (least efficient) way, leaving a lot of tracks.

    Edit: I take that back. AutoHotKey has been ported to mac and linux. Hmmm..

    http://www.autohotkey.com/forum/topic54494.html

    Also, remember that you will need to initiate transfer somehow before you execute the proggy.

  10. Emulating a USB Flash Drive might work, but then the exploit could be blocked just as easily as the USB Switchblade.

    Correct me if I'm wrong, but the USB Switchblade fails only because Vista and 7 (Don't own these operating systems, everything is just assumption) have a screen prompt to allow or block flashdrives. Why not just make the HID press enter when it gets to this screen? :lol:

  11. Edit: What if the alternate ctrl-alt-del method is active? can the ducky simulate those key presses? I have never tried ( I think that this login method is just a false sense of security) but according to MS isnt this login method supposed to prevent these types of attacks?

    Citation needed, but the Ducky will be able to, as it's just another keyboard. :rolleyes:

    Edit: here's a reference

    "The Ctrl+Alt+Del key sequence is reserved by Windows and cannot be trapped by any application. Windows blocks the Ctrl+Alt+Del from being sent to applications which makes it extra complicated to have a fake pop up screen co-existing together with the Ctrl-Alt-Del sequence. This makes Ctrl+Alt+Delete an extra measure of security."

    http://www.maxi-pedia.com/Enable+Ctrl+Alt+...r+Windows+Vista

    Ducky should be able to bypass that quite easily.

  12. Thanks, I could enable the things in the menu when I moved it to the root directory.

    Unfortunately (sorry again for the noob questions), now I get this error:

    ---------------------------

    Windows Script Host

    ---------------------------

    Script: F:\SYSTEM\GO.VBS

    Line: 2

    Char: 1

    Error: The specified module could not be found.

    Code: 8007007E

    Source: (null)

    ---------------------------

    OK

    ---------------------------

    Line two of the PocketKnife script is:

    Set objShell = CreateObject("Wscript.Shell")

    Thanks in advance for the help.

  13. Sorry if this is the wrong place to post, I wasn't sure to post this in a new topic or to reply to the USB Pocket Knife Development discussion.

    Anyways, when opening menu.bat, and going to the Enable or Disable Modules menu, I can't switch them on and off. Please correct me if I'm wrong, but you just enter the number (or letter) of the item, and press enter. Nothing happens to the screen (It's not updated).

    I apologize in advance if I'm just being an ignorant noob, I cuoldn't find any topic in the forum that has the same problem as I do.

×
×
  • Create New...