no42
Dedicated Members-
Posts
925 -
Joined
-
Last visited
-
Days Won
17
Everything posted by no42
-
[Question] Rubber Ducky WGET Suggestions?
no42 replied to Neglected's topic in Classic USB Rubber Ducky
The payloads are made from your ducky script instructions, if you want a reverse one, you must code it yourself! -
Slight deviation from anti-forensics.... Also Philip Polstra has demoed an interesting forensic capability with FTDI chips http://itm.iit.edu/netsecure11/PhilipPolstra_USBForensics.pdf its interesting as he goes into some details on the USB protocol. He is probably working on some interesting USB developments this year. He's another to keep an eye on. He chose FTDI, as he initially thought AVRs weren't up to the job, my firmware releases have proved otherwise.
-
You could even do the some old skool Social Engineering type phone calls before hand, complain about your keyboard, ask the person about their keyboard, how they like it, and any identifying manufacturing marks e.g Dell, Logitech because you want to go out and try one for yourself Then look up the VID & PID on: http://code.google.com/p/ducky-decode/wiki/Keyboard_VID_PIDS
-
[Question] The Future of Ducky Scripting?
no42 replied to ApacheTech Consultancy's topic in Classic USB Rubber Ducky
Obviously depends on the systems Software Restriction Policies (SRP), these are often mis-configured, and in some conditions can be bypassed. -
Cant think of any... But you could use truecrypt and the hidden OS feature: http://www.truecrypt.org/docs/?s=hidden-operating-system
-
[Question] The Future of Ducky Scripting?
no42 replied to ApacheTech Consultancy's topic in Classic USB Rubber Ducky
Ducky Script and the firmware still have some limitations like ALT codes( ALT+014) are not supported, the next major revision might support this ;) Current developments, we are working on supporting mouse movements, clicks etc. I see the Ducky project centred around the hardware, firmware, encoder. The language maps and payloads will always be down to individuals or the community. Moving onto specific payload encodings, is a common topic in pentesting and AV evasion, maybe best suited in another sub-forum. -
[Question][Cases] Different USB rubber ducky case?
no42 replied to overwraith's topic in Classic USB Rubber Ducky
A user previously mentioned in the forum that they got a free sample from this website that works with the Ducky: http://www.4imprint.com/search/usb/product/7409-128/USB-Swing-Flash-Drive-128MB. -
Potentially, Yes. Depends if your target is log monitoring or has a dedicated SIEM. Why don't you set up a quick backtrack box in the cloud (eg Amazon AWS)? Then delete it once you have finished.
-
[BugReport] German Keypad issue [SOLVED]
no42 replied to webdirector's topic in Suggestions / Bug reports
Thanks. Imported the changes into the Ducky Decode SVN. Thanks again for all your help Snake -
All depends on the router (& firewall policies). Questions: how is the payload getting introduced? do you have prior knowledge on security policies (eg firewalls, proxies)? A reverse shells purpose, is for leaving the network and hitting a publicly accessible IP, depending on the number of obstacles in the way.
-
[BugReport] German Keypad issue [SOLVED]
no42 replied to webdirector's topic in Suggestions / Bug reports
Hey, no need to say sorry are you on windows? as your original command has / as directory limiters (which are unix/osx) on windows the command is java -jar encoder.jar -l resources\de.properties -i input.txt Least we're now know that there are only a few chars wrong or missing. I guess the missing ones are higlighted in red in the picture above, what is the combination to get these keys? -
[WhiteHat] Auto Configuring Diagnostics Multikey
no42 replied to ApacheTech Consultancy's topic in Classic USB Rubber Ducky
Never got around to trying - I guess it depends on the BIOS. I know some BIOS's can be bit weird with HID devices. -
[BugReport] German Keypad issue [SOLVED]
no42 replied to webdirector's topic in Suggestions / Bug reports
Your not being a pain, your very helpful. I assume you looking at a german keyboard. problem is key_\ doesnt exist its ISO_8859_1_E4 = KEY_BACKSLASH based on the above keyboard, I think you want ISO_8859_1_E4 = KEY_QUOTE I could be wrong - its difficult to build key maps when your not native to a specific language, or have the specific keyboard -
public facing server, default web application on port 80 check out http://cnet.robtex.com/194.81.199.html for other hostnames.
-
[WhiteHat] Auto Configuring Diagnostics Multikey
no42 replied to ApacheTech Consultancy's topic in Classic USB Rubber Ducky
In my tests mass storage has always loaded first (10-60secs); guess it depends on the system & I always use a moderate DELAY 3000 to begin with on inject.bin -
[WhiteHat] Auto Configuring Diagnostics Multikey
no42 replied to ApacheTech Consultancy's topic in Classic USB Rubber Ducky
Its possible we're just limited on space and memory! YUMI - haven't tried; in theory you can have anything on the sdcard, the payload just has to be inject[123].bin USB-PS2 - again havn't tried, but currently cant see why not. -
Read the source Luke. Bad pun, but its all about learning USB descriptors and manipulating the fields; insanely large numbers for size fields, insanely long strings in text/unicode fields. Its been done in the past with other chips (teensy and PS3, Arduino & caiaq audio) Heres some info to start you off: http://labs.mwrinfosecurity.com/assets/135/mwri_t2-usb-fun-with-plug-and-0wn_2009-10-29.pdf http://labs.mwrinfosecurity.com/blog/2011/07/14/usb-fuzzing-for-the-masses/
-
[BugReport] German Keypad issue [SOLVED]
no42 replied to webdirector's topic in Suggestions / Bug reports
If its incorrect remove it! If there are any unknown mappings from your ducky script, the encoder (latest) will tell you. -
Its a possibility, but then depending on the network/application this could easily be scripted (and scripts tend to be faster). Eg. samba logins to lock out windows domain credentials. Sorry, if I'm shooting your plan down, but keep them ideas coming!
-
[BugReport] German Keypad issue [SOLVED]
no42 replied to webdirector's topic in Suggestions / Bug reports
The empty keys on the bottom row are left_gui, space, right_gui -
[BugReport] German Keypad issue [SOLVED]
no42 replied to webdirector's topic in Suggestions / Bug reports
This would be better, following the western character map (http://www.charset.org/charactersets.php?charset=iso-8859-1), depends on what character sets your system is using(ASCII is an American Standard so it would stay the same): ISO_8859_1_23= KEY_MINUS, MODIFIERKEY_RIGHT_ALT the key_minus, right_alt needs to change to your combination of keys used to get # Hope this helps. -
[Question] Defences Against the Ducky?
no42 replied to bag-de-body's topic in Classic USB Rubber Ducky
The best full length description of defences is from Iron Geek's Plug and Prey Paper, which covers Windows 7+ Group Policy and Linux udev http://www.irongeek.com/i.php?page=security/plug-and-prey-malicious-usb-devices There is currently, no method of prevent this on OSX except Device Control Software; which is easily bypassed -
[BugReport] German Keypad issue [SOLVED]
no42 replied to webdirector's topic in Suggestions / Bug reports
OK - looks like the de.properties is still broken I dont know if there are 2x keyboards T1 and T2. I wish more people would feedback. The z and y is easy to fix, by swapping the keys in de.properties. Eg ASCII_59 = KEY_Z, MODIFIERKEY_SHIFT // 89 Y ASCII_5A = KEY_Y, MODIFIERKEY_SHIFT becomes ASCII_59 = KEY_Y, MODIFIERKEY_SHIFT // 89 Y ASCII_5A = KEY_Z, MODIFIERKEY_SHIFT Its a lot to ask, but are you upto patching the de.properties? Thanks for the feedback.