Xcellerator

Yeah, tbh both Bully and Reaver have their pros and cons. Seeing as bully is maintained more than reaver (which isn't hard, lets be honest!), hopefully they'll add some features in a patch..

As simple as a hook would be in theory, in practice I imagine it would be nigh on impossible to actually retrieve - unless the hook was massive! I've done a small amount of research on consumer electromagnets from Conrad. It looks like even small ones require voltages too hefty for a battery capable to be lifted by a drone. I really like the idea of heating up regular magnets. Heating elements don't need too much power, but you wouldn't want to start heating until you've landed and it would a few minutes I'd imagine.

I've been testing out Bully on several networks. The only downside I can see is that it doesn't seem to realise when WPS isn't enabled and just constantly spams the AP with pin attempts. Although it's pretty obvious when you see the same pin tried over and over again, that it isn't gonna work, it would be nice if it would stop itself, LOL

Well, if the electromagnets were really strong, then maybe.. But most modern consumer electronics are protected against the presence of electromagnetic fields. Really, the field strength wouldn't be that much higher than the residual from a powered up external harddrive or portable power pack.

By the sounds of things, people are talking about longer term deployment. In that case, anyone given thought to waterproofing?

Well, I've been running it off the 13000 mAh Anker all day just fine. Been using client mode, karma and infusions from the sd card. I've seen no noticeable detriment from using 5 volts so far from the 1 amp usb output. Does a higher current result in a more stable voltage? And is there any way to monitor the voltage supplied to the unit? I imagine it would require extra equipment?

Electromagnets would be even cooler - and a lot easier to retrieve. Only issue is controlling the power to them, plus the weight.. :/

Bit of an odd question, but what effects should you expect to see using a 5v battery as opposed to a 12v one? I really mean as broad as that sounds - any effect at all. I ask because I've got an Anker Astro E4 which has a 13000 mAh capacity but only spits out 5v at either 1 or 2 amps over USB. It's mainly for charging phones on the go. It powers my pineapple just fine, but I'm just curious as what I should expect before using it on the go! Thanks for any insight!

I don't know about the Ducky, but certainly for Teensy devices they are constants. You can modify the source directly, but there's no way to make them variable. Seeing as they're both amtel chips, it lowers your chances even more.

If you're concerned with anonymity then a VPS would be a (better) option than a personal server. However, I just use a personal server at home and just forward port 22 out over WAN. My home server runs Ubuntu Server 12.04 which came with OpenSSH pre-installed. Either way OpenSSH does the trick just fine. Personally, I'd recommend the easiest and quickest way to get started would be to install OpenSSH on a linux box and set up the port forwarding on your router. From there, you can decide if you want a dedicated machine (a home server type affair) or to rent a VPS. If you decide on the VPS option, any package that provides SSH access (on Linux, ofcourse!) would be fine. SSH isn't very bandwidth intensive (even if you are tunnelling HTTP traffic through it) so you shouldn't need an expensive hosting option.

or 11pm UK Time

Here in the UK its almost always the reverse! Especially educational login portals! I'm always being told that I must be using Internet Explorer 5 or above to access this page!

You'd think the EU would get their act together and have the same import/export laws apply to each member state... At least were ok here in UK!

Plus, I wouldn't fancy running metasploit from a browser on a mobile device anyway. Dunno about anyone else, but I'd only ever want to use Metasploit from the console - so I'd have a laptop anyway. Not to say that popping meterpreter shells by serving up browser exploits USING a pineapple wouldn't be extraordinary fun!

'Tis a common issue amongst first time users! Don't forget to check out the payloads section on the USB Rubber Ducky Wiki!

I invite you to read the FAQ which is stickied in this forum: https://forums.hak5.org/index.php?/topic/28824-faq-frequently-asked-questions/

As long as powershell is permitted for standard users, it shouldn't be a problem running as non-admin. This is most likely the case for personal machines. However, in a domain environment, you'd be bloody lucky if powershell were available to anyone except local and domain admins, so you're basically out of luck. Unless you have access to a server room for a minute or so.. :-P

Yeah, it looks like a keyboard encoder issue. It should be "IEX", not ÏEX. Have you ever has this issue before?

*Should* work just fine. It'll be interesting to see what payloads people come up with..

Oh, good. I'd thought I'd tested it on a machine with Restricted Execution Policy, but I assumed I'd got it wrong from the errors people are getting. Not to sound silly, but you are changing <IP_ADDRESS> and <PORT> to actual values, aren't you?

Yeah, I'm pretty sure it's an execution policy issue. Try appending "-ep bypass" just after "powershell". If it works, let me know and I'll update the original post.

There are several major issues here. 1. dd is a Linux tool. Without something like Cygwin it would not be possible to execute it at all. 2. The ducky ONLY types out keystrokes. 3. The only thing you can do at a screen locked windows machine is unlock it by logging in (with the Ducky that is). If you can do it with a keyboard, then you can do it with a Ducky. If you can't dump memory from a locked screen with the keyboard, then you can't with a ducky either.

Well, AV evasion can be a tricky thing. Binary dropping should tend to be your last resort as far as gaining remote access goes. And even then, it's best to work out more creative ways. For example, Imagine a binary that simply called powershell with the Invoke-Shellcode function from Powersploit? Similar to what I did here: https://forums.hak5.org/index.php?/topic/30398-payload-the-fastest-meterpreter-shell-youll-ever-get/ Or a VBS script that emulates the keyboard (essentially a software version of the Ducky).. Or even better, a remote exploit (psexec, ms08_067_netapi and jmxbean tend to be good in metasploit)... Code execution always requires a bit of imagination...

If msfvenom isn't working for you, then piping msfpayload into msfencode is still fine. It's what everyone did before msfvenom was released.

Correct, except only one windows on the 4th line. set PAYLOAD windows/x64/meterpreter/reverse_https Keep in mind, that if you're in Linux and not root, you cannot bind to port 443. Just because you use reverse_https, doesn't mean you have to use 443. You can still use any port you like. (Although outward connections over 443 are a lot less suspicious - best to pick something that will blend in with the other network traffic (at least as long as ports are concerned)).