Jump to content

this-is-me

Active Members
  • Posts

    7
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

this-is-me's Achievements

Newbie

Newbie (1/14)

  1. Thank you so much!.This is EXACTLY what I wanted. It even functions when the file is large, and the internet connection fails mid-stream. It seems to be able to resume the file transfer. I am grateful, White Light, that you provided this information. For those who use this code, however, a warning: The target folder must exist, or else there will be a never-ending exception.
  2. Are you sure you have the ducky's drive label called DY, and a file named t.exe on the root of the SD card? The last code works fine for me.
  3. Thanks for the information. I suspected as much, but wanted to make sure. Due to this fact, it looks like there will always be a close choice between firmware including mass storage and keyboard indicator features, since it appears there is no one firmware to handle every function.
  4. Ok, so I have some specific questions about the firmwares on the ducky github page. I am currently running c_duck_v2.1.hex which supports mass storage and hid. I need to know; Does it support key triggers, such as num lock, scroll lock, caps lock? Also, I tried using a vidpid.bin, and the device didn't report the new values. Does this firmware not support vidpid.bin? Considering the vidpid.bin and composite firmwares, it seems that I would need three VID/PID combinations: One for the composite device, one for the keyboard and one for the mass storage controller. I would like to use the following values: Composite: 0936 NuTesla 0030 Composite Device, Mass Storage Device (Flash Drive) and HID Keyboard: 05ac Apple, Inc. 0202 Keyboard [ALPS] 0b05 ASUSTek Computer, Inc. 1708 Mass Storage Device However, perhaps I am missing the understanding of the composite vid/pid. Does it work like a USB hub, or is it all-inclusive (meaning you can't change "sub-debvice" vid/pid)? On another note, what software can I use to compile a firmware from source code on github?
  5. I was wondering if there is a method to ensure a download from PowerShell is finished before executing. After all, we aren't going to be monitoring the computer ourselves once the ducky has begun its background process, now are we? If. for example, the target computer is offline, is there a way to get PowerShell to keep trying until internet access is gained? I know there are other ways of handling this, such as keeping the file on the MicroSD and using twin duck. However, I am looking for a solution that allows me to walk away, and I'm not sure the read speed of the duck is enough.
  6. One commonly recommended prevention from attacks from a USB Rubber Ducky or similar HID device is simply to lock your computer when you are away from it. I've heard @hak5Darren make this statement on one of the episodes. This got me to thinking about an alternative attack, and a possible upgrade to the Ducky hardware. The recommendation of locking your PC makes sense, as an attacker does not generally have access to changing settings from within the lock screen. On this note, let's say the victim leaves his computer locked while he visits the bathroom. Imagine how easily a Wireless Ducky could allow the attacker to own his victim's PC. The attacker plugs into the victim's PC a micro 2.4ghz USB keyboard receiver​, like the one pictured below this keyboard: This attack assumes that the keyboard receiver is one that is already paired to the keyboard, like the cheap ones from Chinese eBay sellers are. A computer or a teensy is ready on command to act as the paired keyboard and send the keys to this wireless receiver. By the time the victim returns to his computer, the drivers for this micro receiver are already installed. The victim doesn't notice a hardly visible 1/2cm device sticking out of a USB port, and unlocks his PC as normal. A VERY short diversion is staged, like someone spilling a glass of water. When the victim looks away from his unlocked screen, a button is pressed on a remote device, which begins the wireless HID payload execution. The person performing the diversion apologizes profusely, and maintains the victim's gaze for as long as the payload is executing (the payload is designed for speed, such as a simple reverse shell). Once the victim glances back, his PC has been pwned, and he's unaware of it. He's done everything he should except looking away while his PC is unlocked, and he still was pwned. In this scenario, I still don't know the best way to remove the micro receiver from the victim PC. Such an attack could also be useful when physical access to the PC is time-delayed from when an attack is necessary. I could imagine a pentesting "janitor" planting a micro dongle early before a corporate user logs in, then when the actual attack takes place later, there was no clear physical access by the attacker during that time (in case someone reviews security cameras). While I realize there are other more realistic options with physical access, like a hardware keylogger, I think this could be another tool in the arsenal. This brings up two possibilities: (A) Hardware upgrades to make a nano-receiver, wireless, battery powered pocket-ducky. The pocket ducky could even have separate buttons for 2-3 discrete payloads. One would lose the ability to do twin duck firmware on a WiDuck, but gain the ability to remotely attack (within 10m). (B) Using an SDR to intercept and replay keys/key combos from an existing micro dongle/keyboard, like the ones you can get from eBay for $12 or less (example) In the case of (B), it actually opens up a world of interesting pentesting attacks, since high level executives may already have wireless keyboards. With enough time, you could create a specialized attack using ducky methods and the company's existing hardware to pwn an executive. With a "utility van" and a nice antenna, you may not even need physical access to the building! KeySweeper already does the keylogging portion of this; Imagine sending ducky commands to random wireless keyboard receivers around the building. If (B) were to be done, I would have an issue, as I am clueless about SDR and replay attacks. What tools/software/hardware would be needed, especially to convert a ducky script into a replayable radio signal? Really, I'm just trying to get the ball rolling here since I could imagine the possibilities, but have very few skills that could make this happen.
×
×
  • Create New...