no42
-
Posts
925 -
Joined
-
Last visited
-
Days Won
17
Posts posted by no42
-
-
The empty keys on the bottom row are left_gui, space, right_gui
-
Currently this is not supported.
Once the community catches up, and we have more developers. We can then look to adding in this support.
-
This would be better, following the western character map (http://www.charset.org/charactersets.php?charset=iso-8859-1), depends on what character sets your system is using(ASCII is an American Standard so it would stay the same):
ISO_8859_1_23= KEY_MINUS, MODIFIERKEY_RIGHT_ALT
the key_minus, right_alt needs to change to your combination of keys used to get #
Hope this helps.
-
The best full length description of defences is from Iron Geek's Plug and Prey Paper, which covers Windows 7+ Group Policy and Linux udev
http://www.irongeek.com/i.php?page=security/plug-and-prey-malicious-usb-devices
There is currently, no method of prevent this on OSX except Device Control Software; which is easily bypassed
-
OK - looks like the de.properties is still broken I dont know if there are 2x keyboards T1 and T2.
I wish more people would feedback.
The z and y is easy to fix, by swapping the keys in de.properties.
Eg
ASCII_59 = KEY_Z, MODIFIERKEY_SHIFT // 89 Y ASCII_5A = KEY_Y, MODIFIERKEY_SHIFT
becomes
ASCII_59 = KEY_Y, MODIFIERKEY_SHIFT // 89 Y ASCII_5A = KEY_Z, MODIFIERKEY_SHIFT
Its a lot to ask, but are you upto patching the de.properties?
Thanks for the feedback.
-
Should work straight away with the new encoder.
We worked hard to keep the encoder backward compatible, and the relationship between ducky script and the firmware constant.
The newer firmwares, just have enhancements and different modes of operation.
-
Just use another IP, or use a proxy, or look into proxy-chaining, TOR?
You can normally configure the shell to use a proxy, by setting an environment variable:
$ export http_proxy=http://server-ip:port/
Also you could try writing a patch, so the ruby code supports using a web-proxy, a bet everyone would appreciate it.
-
Your trying to execute the java file instead of the jar
$ java -jar encoder.jar
Or, compile the java source and run java against the class file
$ javac encoder.java $ java encoder
Hopefully, you'll see the encoder help message, then your good to go!
-
Then I guess the owners of jigsaw have gotten wise to the jigsaw script, and connections from your IP are throttled/limited. Google does a similar thing - that is why you have the API now (with limitations).
-
what version of ruby are you using?
-
Have you tried the instructions in the post above?
Sounds like you have the right version of kismet installed, did you remember to alter the kismet.conf file?
Add "pcapbtbb" to the "logtypes=..."
-
Im guessing you need to make sure your running the latest version: https://github.com/pentestgeek/jigsaw/
And you need an account at jigsaw.com, you can then pass your username & password via the command line, to complete the search.
-
Deluxe Package includes:
- USB Rubber Ducky board
- USB Micro SD Card Adapter
- Micro USB OTG Adapter (for Android)
- 256 MB Micro SD card
- Snap-on "Flash Drive" Case
- USB Rubber Ducky* and Hak5 decals
- Quack Start Guide
1: *Correction* You do get a rubber duck in the delux Pack
2:Only if you program a specific payload in Ducky Script
-
You are correct, the formatting needs to be FAT32.
-
Sounds like another dead micro sdcard, my advice is contact the hakshop about replacing the sdcard.
As an alternative, micro sdcards are pretty cheap and can be obtained from camera shops/supermarkets or ebay/amazon for as little as $3.
I haven't tried the ducky with a 32GB sdcard, but I had plenty of old sdcards lying around from old motorola/htc phones. I've successfully used a different number of cards ranging from 64MB to 2GB. The binary payload needed by the Ducky is only a few KBs so you dont need a lot of space, unless you using composite firmware (where ducky doubles up as a mass storage device), again this depends on how many binaries or scripts you want to use; but again you only need a few MBs.
Its upto you how you want to proceed.
Snake
-
Bit more complicated than a originally thought. Don't have a lot of dev time at the moment.
Got the mouse clicks down, it's just working on mouse movements and creating appropriate codes.
-
You really need the latest encoder.
Available from http://code.google.com/p/ducky-decode
-
C_duck_v2_s001 only triggers on keyboard lock keys, there is no auto trigger.
C_duck_v2_s002 only triggers on the ducky's gpio button, again no auto trigger
-
Are there any USB cases online that could be used for the USB rubber ducky that are different from the ones sold in the hak shop? The metal rotating thing is getting a little bit annoying.
Depends. On penetration engagements I've noticed customer USB cases can be taken apart (I admit this was a cheap drive, and it all depends if drive cases can be dismantled.). So I obtained one of these cheap drives separated the case and inserted the ducky.
Any case with the extract same swivel bit will work, there's a small hole at the end of the rubber case that can separate into 2x parts with a small watch makers screwdriver. After you've removed the metal bit.
These exact cases are normal obtained from vendors/ companies at info sec fairs/cons or if you ask people to send trial software via USB in the post (if your SE skills are good enough)!
My disguised Ducky worked a treat, Though I did have difficulty locating the ducky afterwards.
There are a few companies out there: google "custom USB cases"
Just remember to confirm the size of the ducky with manufacturer to ensure an appropriately fitting case! -
Depends on the HID Injection (m_duck.hex) or composite (c_duck.hex) the c_duck wants to mount the mass_storage parition, whereas you could wait (m_duck.hex) then use a keyboard trigger (CAPS/NUM/SCROLL Lock).
Alternativley, if your using the HID injection modules version 2 fimrware (m_duck.hex or duck.hex) you can edit vidpid.bin to spoof the identifier of the current keyboard - thus bypassing the need to wait for drivers to install as their already loaded. This additionally works for the USB and Composite devices (USB.hex and c_duck.hex) where you can spoof the VID and PID of an already allowed/authorised device; this not only bypasses device control software but the installation of drivers.
Check out ducky-decode website. Its in my signature.
-
I wasn't involved in the hardware creation.
But it's by going to chip manufacturers like ftdi,avr,stm32 and buying their demo boards and trialling their hardware and software demos.
Once you understand the demos you create your first prototype on a breadboard using your chosen chip. Then you translate your design in eagle cad or gerber cad. A board printer/manufacturer typically needs either eagle or gerber cad files to print your boards. Pay to get some boards printed, add you components and after testing decide if your going to self assemble, or find a manufacturer that can.
It's an expensive process, you can make it cheaper by teaming up with other makers, and submitting numerous boards for manufacture at once. Hackaday, sparkfun and adafruit can probably give you more details.
-
Rest assured that the Ducky now sounds fine as you've seen red & green lights.
Im not sure whats going on with the sdcards? Maybe their a cheaper brand of cant stand the current cold weather? Sounds like duff sdcard if your other 2GB sdcard works.
Ive seen micro sdcards for under $3 http://www.amazon.com/512MB-Sandisk-MicroSD-TransFlash-Memory/dp/B000JI5K94/ref=sr_1_sc_1?ie=UTF8&qid=1360566811&sr=8-1-spell&keywords=micro+sdcard+512mb, might be worth the extra small investment.
Maybe we should start a list of cards that are reliable, and cards that appear to break down often?
Edit:
If the sdcard is recognised on linux you should have a /dev/sd*, but be careful as hard-drives have a similar assignment. You can normally confirm the assignment from dmesg log output.
Incase your not aware mkfs.vfat (or mkdosfs -F 32 depending on distro (package dosfstools)) can format fat32 volumes on linux.
-
Most opensource packages (nmap, ruby, python, subversion, git, Xserver..... list goes on) are available under macports. You may just want to run OSX and a Windows OS in a virtualised environment (Parallels Desktop , Vmware Fusion, Virtualbox). You may want to read http://lifehacker.com/5861391/the-best-virtualization-app-for-mac-os-x first for pro's vs con's.
As for Apple Macs, I've used the cheapest 13" Macbook Pro with no problems ($1200 USD), for 2 years now.
- 2.4 i5 core
- 4 GB Ram
- 500 GB HD
- Intel Graphics Card
But if you've got the cash to spend, you might aswell spoil yourself, and buy a fuller spec'ed model (eg 13" retina), rather than the bigger 15" screen (unless you have even more money).
Also metasploitable is more for training - cant you just use that on an esxi server???
My 2 cents
Snake
-
Not bad for a first crack at a paper.
I would like to see charts e.g. comparing load/execution times on payloads; ducky vs teensy ;)
You briefly mentioned AV, you could expand on this seeing how effective AV and device control is e.g. Symantec, Sophos, ...
or device control specialists like lumension, gfi, devicelock
Other interesting research:
- http://www.slideshare.net/ppolstra1/philip-polstra (different build to Ducky, author uses FTDI chips, thought it was not possible with AVR)
- http://www.slideshare.net/wagnerelias/usb-security (securing the use of Mass Storage Devices on Windows)
- http://labs.mwrinfosecurity.com/blog/2011/07/14/usb-fuzzing-for-the-masses/ (looking for vulnerabilities in USB drivers)
- http://www.nccgroup.com/en/blog/2013/01/lessons-learned-from-50-usb-bugs/ (very similar mwr's research????)
- http://www.nccgroup.com/en/blog/2013/01/the-death-of-usb-autorun-and-the-rise-of-the-usb-keyboard/ (a quick a dirty write up after learning about the Ducky)
- http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET) (SET and Teensy)
http://labs.mwrinfosecurity.com/assets/135/mwri_t2-usb-fun-with-plug-and-0wn_2009-10-29.pdf(Pwn with USB devices)
[Suggestion][Payload] Ducky DoS
in Classic USB Rubber Ducky
Posted · Edited by midnitesnake
Its a possibility, but then depending on the network/application this could easily be scripted (and scripts tend to be faster).
Eg. samba logins to lock out windows domain credentials.
Sorry, if I'm shooting your plan down, but keep them ideas coming!