no42
-
Posts
925 -
Joined
-
Last visited
-
Days Won
17
Posts posted by no42
-
-
If my employer is reading this; please give me some time off (work) or some research time? So I can devote some more time on this project.
Thanks
-
Can you try again with this one?
-
-
Im extremely busy with work at the moment; if someone doesn't pick this up; I'll look at it over the X-mas holidays, once I finally get some time off.
-
The only way i see this is possible is to have a payload (binary) written in VBA (or whatever) that presents the menu and executes a given (binary, not ducky-script) payload.
All you have to do is point the twin-duck ducky-script to your custom binary on the sd-card.
-
Nothing to do with firmware. Should be the encoder, which one are you using?
-
-
Thanks, added to the SVN repo. :)
-
Sometimes a simple reboot fixes my no-internet issue.
-
potential lies in fingerprinting the type of stack e.g. ATMEL, VUSB, MICROCHIP etc
-
Hmmm, will have to try and repeat this test with a cheap thermal camera (http://www.rhworkshop.com). To see how hot this baby gets!
What were your timings approximately, a assume you were using the Juice?
Average operating temperatures are usually up to 40 C (104 F), maybe 10 degrees more, then your generally pushing it.
Unless anyone has any other input?
-
So far I know the serial number is used to confirm valid/allowed devices by the following DLP/AV companies:
- Lumension
- McAfee
- Sophos
- Checkpoint
If anyone knows of any others, I would like to know.
-
That sounds like the read-only firmware partition, where the main OS is loaded from. Everything should be fine :)
-
In my opinion you are better off with;
8 banks of 3, 8-(9v @ 1100) = 9v @ 8800 mAh
This is similar to the Pineapple Juice battery pack; should get 8-10 hours approximately.
You could try: 12 banks of 2, 12-(6v @ 1100) = 6v @ 13200 mAh, for extended running time, but if the output drops below 5v the pineapple might become unstable and power-down.
-
You might want to read up on: Iptables & Port Forwading
http://www.cyberciti.biz/faq/linux-port-redirection-with-iptables/
-
You just have to insert the firmware
(Download)(ZIP Download) on a micro-sdcard, with a second file called MD5 that contains the string (without quote) "33f5b7864795b1b316a1f85386e8275f"all you need is these 2x files, insert the sd-card into the pineapple and give it power; and watch the pretty pattern of lights.
EDIT: Thanks Seb for correcting me, that you use the actual ZIP file not the binary!
-
How long does it have to be? It's in hex? Are there any other identifiers that distinguish the duck? Thanks
For the Device Strings : Trying to remember, you are limited (i think) to 64 characters.
For Serial Numbers I have been using the recommended length of 12 digits, you might be allowed more???
But due to past buffer overflow and format string vulnerabilities in older Windows /Unix OS I think you are now further limited in length by the OS drivers/kernel modules.
-
Bang on!
It is in config_usb.h
Its currently commented out as its currently not overriding the current value, so the default should be in effect.
-
Plus all the thefts occurred 2,000 miles away, so it is not like someone ran my card through a reader, made a duplicate, then drove across the country to use it. I am leaning towards the possibility of a data breach from the bank, stolen laptop or something like that. I am in IT Security, so I have an understanding of how data gets compromised, stolen, sniffed, etc. I am trying to get an understanding of how much is needed to get used in my case and in this fashion.
Most likely skimmed, when you didn't notice; this could be 2nd skimmer under a till, or portable version hidden in a waiter/cashiers pocket. If your not Chip 'n Pin, your magstripe on the card will contain 3x tracks, everything needed to clone the card in 1x swipe. This information was probably sold on the internet/darknet to another carder or a set of mules, that then perform the 'cash-in' buying of goods to sell on craigslist,ebay or similar.
-
you have to do it from source and recompile the firmware using atmel studio v5/6.
-
have you tried splitting the string up?
It may be a pain splitting it onto 3-4 lines, but does that fix the problem?
-
Strange - It should come up as "ATMEL DFU" ?
It is as simple as those instructions above. What Operating System are you using?
-
using the twin-duck; you can execute from keyboard injection referencing the mass storage device.
or using standard duck; use powershell to download and execute the payload.
Is this what you meant?
-
OPENGATE :)
[Encoder] Duck Encoder v2.6.2
in Classic USB Rubber Ducky
Posted · Edited by midnitesnake
New version of the encoder is out. (Usual place https://code.google.com/p/ducky-decode )
Changes:
Supported Country list: