no42
-
Posts
925 -
Joined
-
Last visited
-
Days Won
17
Posts posted by no42
-
-
Make sure there are no spaces at the end of the line.
I get, the following:
Char not found:ASCII_72 Char not found:ASCII_70 Char not found:ASCII_6F Char not found:ASCII_77 Char not found:ASCII_65 Char not found:ASCII_72 Char not found:ASCII_73 Char not found:ASCII_68 Char not found:ASCII_65
This is because the ru.properties file is not finished, its just a start. Like the Italian keyboard post, you need to help build a working ru.properties file
-
You definitely need to move to Encoder 2.2 and build a valid it.properties, then the command will be:
java -jar encoder.jar -l ./resources/it.properties -i myfile.txt -o inject.bin
Inorder to generate a proper Italian Ducky Binary Payload.
-
Make sure your using the latest encoder (currently v2.2).
I think your our first Italian so ill help walk you through creating a new file it.properties for Italian keyboards
You best option is download the ducky-decode svn
inside the svn is the Folder
Encoder/v2/resources
This is the location of all the language maps.
keyboard.properties is the main file, it maps ascii characters to their HID values. Do not edit this file.
You probably now want to read a non-english language french/spanish/german to see how special characters are mapped.
An example from de.properties:
ISO_8859_1_A7 = KEY3, MODIFIER_SHIFT
This website http://www.charset.org/charactersets.php is good for finding your character map and ISO codes.
Basically, you need to create a new file it.properties, and build the ISO_8859_1_code = key_located_on_US_QWERTY_keyboard
It may be a long process, but do this for all the characters you need.
This is a brief post, if you need clarification, ask questions, and I'll edit this post to make things clearer.
-
Ok. Here we go:
Mass storage and HID load at the same time
HID wont fire until users lights one of the following LEDs: CAPS/NUM/SCROLL Lock. - Still Only 1x payload inject.bin
Hopefully, have safeties to prevent script, reloading mid-injection if special key is involved in Ducky script.
http://code.google.com/p/ducky-decode/downloads/detail?name=c_duck_v2_S001.hex&can=2&q=
After injection, Duck should return to default state.
Post feedback here.
-
hmm, my mate hasn't returned my pineapple, to see if i can duplicate your results - odd.
For the moment I'm stuck! and cant fathom it; maybe some-other pineapple expert can spot something i missed?
-
Sorry I wasnt clear earlier.
Can you either mount the sda drive on the pineapple / another linux OS.
it looks like the sdcard is assigned to /dev/sda, it could be 1 large partition or it could be that the sdcard is not formatted.
commands:
mkdir /mnt/test mount /dev/sda /mnt/test
or
fdisk /dev/sda > p
-
Depends if your emulating / spoofing
RSSI is a hard thing to fake, but the reset is achievable through Lorcon
I believe Lorcon2 is now part of Metasploit (its how metasploits fake AP modules work etc)
http://blog.opensecurityresearch.com/2012/05/installing-lorcon2-on-backtrack-5-r2.html
https://code.google.com/p/lorcon/
http://forums.hak5.org/index.php?/topic/26092-lorcon-error-metasploit-backtrack-5-r2/
-
One thing that would be cool with the latest firmwares would be when you set caps lock run inject. Bin numlock run inject2.bin.
Because when I run on a fresh computer it takes like 15 seconds to install both hid and drive making timing a payload hard. I've been plunging in then removing the duck just after the computer finishes installing then plunging back in to run the payload.
This would be awesome. Kinda like choose your own adventure;-)
I'm rather limited on memory, I have to load the inject.bin into memory, before starting the USB stack (as the AVR cant read from the sdcard, when functioning as Mass Storage). I've tried manipulating SRAM and the Heap - to no effect!
I'm either missing some info, or the Ducky is eating up the AVR's SRAM.
I'm limited to 4KB since each keypress is encoded as 2-bytes that's really 2048 keystrokes.
So implementing this function for one key (eg caps) should be relatively straight forward, for two keys (caps and num lock) - its really going to reduce memory again.
-
Not sure whats going on but looks like (from dmesg and /dev/s*) that the sdcard is mapping to /dev/sda, im not seeing any partitions.
Can you try to mount /dev/sda ? or fdisk /dev/sda?
-
The Naked Duck has been upgraded to version 2 firmware.
This means:
- VID & PID Controlled through vidpid.bin (on sdcard root).
Upgrades:
- Multi-payloads now trigger on Keypress (added interrupt B) )
- No longer have to press the GPIO button
Meaning the Ducky can put on his Black Dinner Suit like a real spy (or the USB case in reality); Probably means he needs a new codename.
Warning: the use of CAPS_LOCK/NUM_LOCK/SCROLL_LOCK in Ducky scripts may cause scripts to collide!
And if you didn't spot it:
- Inject.bin = default payload on boot
- Inject2.bin = Num_Lock
- Inject3.bin = Caps_Lock
- Inject4.bin = Scroll_Lock <- New Trigger Key
Usually procedure, provide feedback here. My laptop doesn't haves scroll_lock so its untested - the other keys work fine.
Download in usual place: http://code.google.com/p/ducky-decode/downloads/list
~~Snake
PS. Kind breaks rule 6 of Duck Club, for those unfamiliar with Duck Club see post http://forums.hak5.org/index.php?/topic/28323-happy-ducky-xmasnew-year/
-
The switchblade targeted Windows machines, with Auto-run enabled.
http://en.wikipedia.org/wiki/Autorun.inf
Since then Vendors like Microsoft have disabled Auto-run, thats why alternatives were searched for e.g Teensy PHUKED project, Ducky V1.
These initially used HID attacks, attacking the trust between a machine and a keyboard - keyboards are not usually limited by device control software (unlike mass storage drives).
The power of the Ducky was noticed quite quickly, and others like myself in the community had a crack at writing different firmware's for different purposes eg. mass storage; multi-payload(demo);composite-device (systems without internet access).
Hopefully, if more people invest in the Ducky, the price can drop further.... promote the power of the Ducky
-
VPN is the most secure option (assuming client data etc, is traveling between your two machines):
You have three options:
PPTP VPN - http://knowledgelayer.softlayer.com/procedure/setting-pptp-windows-xp
SSL VPN (openvpn) - http://openvpn.net/index.php/open-source/documentation/howto.html
IPSEC VPN - http://support.microsoft.com/kb/816514
The pptp is the easiest to set up, but recent hash attacks powered by the cloud, make this a bit worrying.
OpenVPN has a good setup guide, I know this is used by a lot of pentesting companies.
IPSEC I think is one of the harder VPNs to set up, if you use this ensure you use main-mode auth (not aggressive mode)
-
Both HID and USB actually load and enable at the same time, its your initial ducky DELAY X, that makes the keyboard appear 2nd.
You have a race-condition!
The stack is laid out as composite device - so both get loaded at the same time, not sure if the USB mounting can be delayed.
-
your probably looking at editing the c:\windows\system32\drivers\etc\hosts file, and mapping hostnames www.(google/facebook/hotmail/twitter).com to an ip, that has a rickroll as an index page.
You'll need admin user privs to pull it off.
-
Have you tried Encoder version 2.2?
-
you normally have a small RX, where X is a number in the corner of the board (usually appears on both sides)
I believe the color versions are:
- Green = R1
- Red = R2
- White =R3
So you probably have one with the sliding metal tab
-
Thats easy!
Ndiff
Part of the nmap package (I know its there when you compile from source): http://nmap.org/book/ndiff-man.html
You probably want to create a 2 scripts:
1 - periodically perform nmap scan
2 - ndiff previous result, email results to specific inbox
-
Look into the windows scheduler: http://windows.microsoft.com/en-GB/windows7/schedule-a-task
Or on Linux Cron: http://www.cyberciti.biz/faq/how-do-i-add-jobs-to-cron-under-linux-or-unix-oses/
-
Ive used these free providers in the past, there are many more options on google: "Free Web hosting"
Hosting:
DNS:
Free web hosting services are always quite low on resources, you may want to evaluate hosting providers.
It only costs an average of $2-3 month to host a small website and database, together with a domain and email.
-
Most free-shells additionally kick you out, if they catch you proxying/tunnelling, its usually against their policies. Probably due to people abusing connections in the past.
You can normally pay for proxies through VPS providers - then you get a decent speed, but lose anonimity.
VPS Proxies are useful for web developer's when you work in one country and are developing a website with country/language/ IP restrictive content (eg. gambling websites; like local lotteries).
I personally find VPS proxies useful to view US netflix content in Europe/UAE, Netflix content in Europe and UAE is limited or next to nothing.
The best proxy-chain for staying anonymous (conditions depending) is essentially TOR.
I know HD Moore was working on a de-cloak project (dont no if its still live?), in an attempt to expose people hiding behind proxy-chains.
-
-
My advice is powered USB hub.
Raspberry Pi's have the same issue, as the pineapple on battery packs. Assuming your using one or the other.
-
You run some kind of asterisk box at home or you actually using dial up? lol
If you're looking for fun with phone and voip systems HD Moore has a tool for tracking voice systems and being able to listen in and capture/record calls, but I don't know if hes ever released the code publicly. I've seen him give talks about it in the past and building stats on voip systems which can be used, I assume, to pivot into a companies network.
It was called warvox http://warvox.org
-
On Windows you should be able to use devcon to restart the Ducky
link: http://support.microsoft.com/kb/311272
There is this post on restarting usb devices based on their identifers in Linux, but I've never tried it, the author reported that his USB froze!
Ettercap DNS spoofing
in Questions
Posted · Edited by midnitesnake
Irongeek has a simple tutorial for replacing images
http://www.irongeek.com/i.php/i.php?page=security/ettercapfilter
and theres upside down ternet
http://www.triki.ca/index.php?option=com_content&view=article&id=60&Itemid=92