no42

Yeh, the Duck fires off a lot faster, you need a big initial delay to give the OS time to recognize the device, and prepare any drivers. Because the Duck is faster, it should now work on any OS.

Locked - Yes as it acts as a USB keyboard, but is limited to the focused screen/window, in this case the locked screen. Ducky can support CTRL-ALT DEL, so you could try to brute force accounts (dependent on account policies) You don't necessarily have to be admin, but you user might need permission to install drivers for the Ducky to install correctly. There are ways to block the Ducky like Device-Control - but this can be bypassed. Other methods include disabling USB (but then no USB devices work)

New version of the standard Duck firmware: duck_v2.hex New version of the USB Mass Storage firmware: USB_v2.hex Exactly like duck.hex (version 1). So why the release? VID and PID control is now easier - and can be achieved without re-flashing the firmware. How, I here you ask? Simple create vidpid.bin on the root of the sdcard. Use a hexeditor to write the first 2x bytes for the VID, followed by another 2x bytes for the PID, having a hex editor installed on the sdcard, allows easy manipulation of the VID & PID of the Ducky. ~~Snake

Why linux and backtrack. Most of the backtrack tools are either available in the pentoo/debian/ubuntu security tree, or you can download the retrospective packages from source. You should be able to dual boot through grub, unless the bootloader is UEFI which has its complications.

What language/keyboard are you using? Which Duck Encoder version are you using?

PPP script is firing off ok - but not finding the carrier - probably due to the drivers not being loaded yet. Secondly: cdc_ether 1-1:1.1: wwan0[/CODE] - is your 3g-interface, not the ttyUSB0......yet [/font][/color] [color=#282828][font=helvetica, arial, sans-serif]then usbmodeswitch kicks in, ttyUSB0,1,2 are created which are probably the CDC interface , CDROM emulation, and SDcard.[/font][/color] [color=#282828][font=helvetica, arial, sans-serif]If you can re-run the ppp script after this 2nd stage - hopefully it will work. [/font][/color]

Main site: http://www.usbrubberducky.com Encoder version 2.1 and extra firmware http://code.google.com/p/ducky-decode

For twice as fast, and insert the delay to create a small wait after each increment. for (r = 0; r < 256; r+=2) { analogWrite(REDPIN, r); delay(FADESPEED); } Just keep tinkering... Duplicating the code wont work Code above increases intensity, to decrease: for (r = 255; r > 0; r-=2) { analogWrite(REDPIN, r); delay(FADESPEED); }

Upto you , I have success with DELAY 2000 on most systems. Optionally use the m_duck payload, trigger a keyboard led then push the ducky's button, after you can see the OS has successfully registered the ducky. If your mailing Ducky's in as a social engineering gig, I would still go for duck.hex, and maybe a DELAY 3500 (middle value).

The loop controls the step of the intensity by 1 for (r = 0; r < 256; r++) { analogWrite(REDPIN, r); delay(FADESPEED); }[/CODE] [color=#282828][font=helvetica, arial, sans-serif]if you want to fade faster you could just edit the loop [/font][/color] [color=#282828][font=helvetica, arial, sans-serif]e.g. to make it 5x faster[/font][/color] [CODE] for (r = 0; r < 256; r +=5) { analogWrite(REDPIN, r); } [/CODE]

The first DELAY line, depends on your systems. Myself and Darren have had success with DELAY 2000, I've found on VMware I need a DELAY 5000, Others have had to put a high DELAY 10000 (seems odd). If your school has USB keyboards (not PS2) grab their VID and PID, and clone this onto the Ducky, as the drivers are already installed, you should be able to shorten the delay. Or use the multi-playload (m_duck), and push the ducky's button (after only num_lock/caps_lock LED is lit).

Your looking for a USB RJ11 Data/Fax modem There are several available online (Google) and eBay. I can not advise on the current best model, but in the past I was a big US Robotics fan.

This used to work for vmware: USB 3.0 support is available for Linux guests running kernel version 2.6.35 or later (Ubuntu 10.10) through a new virtual xHCI USB controller. To enable this feature, add the following line to the .vmx file: usb_xhci.present = “true”. Do not enable this feature for Windows guests. Because Windows does not currently have a generic xHCI driver, this feature will not work in Windows. If this fails, an alternative is Blackbox - I here good things about it (but personally never used it).

Use one dongle at a time and show logs and dmesg output. Power cycle, and repeat. Your dongle's aren't being properly disconnected from the system's kernel so they end up using the next ttyUSB_X (eg /dev/ttyUSB[1 2 3]), where the config is always looking on /dev/ttyUSB0 for the ppp modem I've used a Huwawei in the past with no issues. My pineapple is on loan to a friend, so I cant check my config right now. Lastly check your apn address ; this varies per contract/provider. username and password are usually blank, as authentication is usually provided at the SIM level. I tend to travel quite a bit, I've used a pineapple in the USA, various European Countries and Australia (with an appropriate dongle and SIM depending on location).

Ducky looks like it is working fine. Sounds like it is indeed a faulty sdcard You can get in touch with the hak shop, to exchange the sdcard, but you can normally pick one up cheaply and easily from ebay, local electronics/camera shop or even your local supermarket.

If you have an android/ blackberry phone, there is normally a micro-sdcard inside for extra storage for pics etc. Can you try another micro-sdcard that could be possibly lying around in the Ducky? When you insert the Ducky with the sdcard - what lights do you have on the Ducky?

Its always a little stiff at first... try to use your nail (any finger or thumb) and apply outward pressure on the small lip of the exposed part of the mini-sdcard. Eventually, it will come free... you may want to repeatedly insert remove the card, to break it in. After a few attempts you'll have no stiffness issues.

No - solely a mass storage device - it was the 2nd piece of puzzle before creating the composite demo.

Have you tried to use kismet / inssider, to identify how much wifi traffic (APs and channels in use) there is? Otherwise its likely other electrical products such as your microwave or cordless telephone could be causing interference.

I prefer pyrit (an alternative version even has cuda support).

Auto-run: stock firmware: the HID payload should execute relatively straight away community firmware: you need an initial delay eg DELAY 5000 (may need to be tweaked) composite firmware: not possible, as the drive initally mounts as mass storage, you need to push the button to trigger hid mode. Partitioning: Short answer no, the card can be partitioned but your limited to 1x access control (either ducky reads both partitions, or OS reads both) Look into c_duck_v2.hex (Twin Duck/composite) firmware that can use hid injection, to load a pre-defined script/binary on the sdcard partition.

The rules of Duck Club: You do not talk about Duck Club. You DO NOT TALK about Duck Club. If some Duck says "stop" or goes "limp", "taps out": the Duck-fight is over. Only two Ducks to a fight One Duck at a time No skins, or covers Fights will go on as long as they have to If this is your first night at DUCK CLUB, you HAVE to DUCK! For Ducky training head on over to: http://usbrubberducky.com/(temporarily down) http://code.google.com/p/ducky-decode For alternative firmware and encoders (ducky-decode)(multi lingual, or trying to be... with DuckEncoder v2.1!). A summary of this years progress: Firmware: HID emulation - multi-OS; Win,Unix,OSX,BSD,Android,IOS, + (duck.hex) Mass Storage (USB.hex) Multi-payload (m_duck.hex) Composite_payload (c_duck.hex) Language Support: US (United States) - ok UK (United Kingdom) - ok DE (German) - ok DA (Danish) (?) FR (French) - ok BE (Belgian) - ok NO (Norwegian)(?) PT (Portuguese)(?) SV (Swedish)(?) ES (Spanish) (in development?) RU (Russian) (in development?) Thanks to everyone that tested the firmwares and encoders (over the last year), without your support this project is nothing. I havn't recently heard too many complaints so I assume everything work's as intended. If not you need to provide feedback Composite payload brings back auto-run attacks, and can potential bypass device control software. Tell all your friends and promote the power of the Duck! ( leads to lower costs for all!) Have a Ducky Xmas and New Year! ~~Snake Support is needed to confirm validity of multi-lingual support! If you have a patch get in touch! If it works, please confirm! If your not supported, speak up, we will help to support! Lets make the Ducky the must have pentester tool of the year!

how are these characters normally accessed? are they accessed through another keypresses and shift? I think there may be two different keyboard types T1 and T2? might still work by editing the de.properties file? Ive got Unicode-221A as the following (needs 3-bytes, whereas the ducky only currently supports 2-byte codes, but i dont see how this is causing the problem with those 2x chars) U+221A √ e2 88 9a SQUARE ROOT

ISO_8859_1_A0 = KEY_SPACE // 160 Nonbreakng Space ISO_8859_1_A4 = KEY_E, MODIFIERKEY_RIGHT_ALT // 164 ¤ Currency Sign ISO_8859_1_A7 = KEY_3, MODIFIERKEY_SHIFT // 167 § SECTION SIGN ISO_8859_1_B0 = KEY_TILDE, MODIFIERKEY_SHIFT // 176 ° DEGREE SIGN ISO_8859_1_B2 = KEY_2, MODIFIERKEY_RIGHT_ALT // 178 ² SUPERSCRIPT TWO ISO_8859_1_B3 = KEY_3, MODIFIERKEY_RIGHT_ALT // 179 ³ SUPERSCRIPT THREE ... I've abbreviated the list - as theres a lot of missing codes at the bottom These are already in de.properties - looks like theres no translation for circumflex_bits & acute_accent_bits and grave_accent bits, it might be easier to change these labels to a particular key e.g. MODIFIERKEY_RIGHT_ALT

Look up your charset here: http://www.charset.o...ractersets.php? Then you have to match up the character to a sequence of key-scan codes (40,45,100) or their US QWERTY equivalent (HID_A, HID_B MODIFIER_SHIFT etc) insert the additional lines into resources/de.properties i think the following examples are right? I could be wrong: ISO_8859_1_FB = HEY_LEFT_BRACE ISO_8859_1_BA = HID_TILDE, MODIFIER_SHIFT[/CODE] continue, the process for the rest of your characters. Publish the patch on the "issues" section of ducky-decode, and ill push the changes into the svn. Thanks for your support. ~Snake