no42
-
Posts
925 -
Joined
-
Last visited
-
Days Won
17
Posts posted by no42
-
-
The rules of Duck Club:
- You do not talk about Duck Club.
- You DO NOT TALK about Duck Club.
- If some Duck says "stop" or goes "limp", "taps out": the Duck-fight is over.
- Only two Ducks to a fight
- One Duck at a time
- No skins, or covers
- Fights will go on as long as they have to
- If this is your first night at DUCK CLUB, you HAVE to DUCK!
For Ducky training head on over to:
http://usbrubberducky.com/(temporarily down)
http://code.google.com/p/ducky-decode
For alternative firmware and encoders (ducky-decode)(multi lingual, or trying to be... with DuckEncoder v2.1!).
A summary of this years progress:
Firmware:- HID emulation - multi-OS; Win,Unix,OSX,BSD,Android,IOS, + (duck.hex)
- Mass Storage (USB.hex)
- Multi-payload (m_duck.hex)
- Composite_payload (c_duck.hex)
Language Support:
- US (United States) - ok
- UK (United Kingdom) - ok
- DE (German) - ok
- DA (Danish) (?)
- FR (French) - ok
- BE (Belgian) - ok
- NO (Norwegian)(?)
- PT (Portuguese)(?)
- SV (Swedish)(?)
- ES (Spanish) (in development?)
- RU (Russian) (in development?)
Thanks to everyone that tested the firmwares and encoders (over the last year), without your support this project is nothing. I havn't recently heard too many complaints so I assume everything work's as intended. If not you need to provide feedback
Composite payload brings back auto-run attacks, and can potential bypass device control software.
Tell all your friends and promote the power of the Duck! ( leads to lower costs for all!)
Have a Ducky Xmas and New Year!
~~Snake
Support is needed to confirm validity of multi-lingual support!
If you have a patch get in touch!
If it works, please confirm!
If your not supported, speak up, we will help to support!
Lets make the Ducky the must have pentester tool of the year! -
how are these characters normally accessed? are they accessed through another keypresses and shift?
I think there may be two different keyboard types T1 and T2? might still work by editing the de.properties file?
Ive got Unicode-221A as the following (needs 3-bytes, whereas the ducky only currently supports 2-byte codes, but i dont see how this is causing the problem with those 2x chars)
U+221A √ e2 88 9a SQUARE ROOT
-
ISO_8859_1_A0 = KEY_SPACE // 160 Nonbreakng Space ISO_8859_1_A4 = KEY_E, MODIFIERKEY_RIGHT_ALT // 164 ¤ Currency Sign ISO_8859_1_A7 = KEY_3, MODIFIERKEY_SHIFT // 167 § SECTION SIGN ISO_8859_1_B0 = KEY_TILDE, MODIFIERKEY_SHIFT // 176 ° DEGREE SIGN ISO_8859_1_B2 = KEY_2, MODIFIERKEY_RIGHT_ALT // 178 ² SUPERSCRIPT TWO ISO_8859_1_B3 = KEY_3, MODIFIERKEY_RIGHT_ALT // 179 ³ SUPERSCRIPT THREE ... I've abbreviated the list - as theres a lot of missing codes at the bottom
These are already in de.properties - looks like theres no translation for circumflex_bits & acute_accent_bits and grave_accent bits, it might be easier to change these labels to a particular key e.g. MODIFIERKEY_RIGHT_ALT
-
Look up your charset here: http://www.charset.o...ractersets.php?
Then you have to match up the character to a sequence of key-scan codes (40,45,100) or their US QWERTY equivalent (HID_A, HID_B MODIFIER_SHIFT etc)
insert the additional lines into resources/de.properties
i think the following examples are right? I could be wrong:
ISO_8859_1_FB = HEY_LEFT_BRACE
ISO_8859_1_BA = HID_TILDE, MODIFIER_SHIFT[/CODE]continue, the process for the rest of your characters. Publish the patch on the "issues" section of ducky-decode, and ill push the changes into the svn.
Thanks for your support.
~Snake
-
From the video, looks like this adapter
Looks like prices very between $3 - $10 (RRP $20) (USD). Looks like similar prices in EU and UK
-
Theres kinda 2x on http://code.google.com/p/ducky-decode/
Your better off, downloading the svn.
Version 1 PoC, needs to be compiled.
Version 2.1 is a lot better
java -jar duckencoder.jar -l resources/de.properties -i infile.txt -o inject.bin
if you can report any problems, I will help you resolve them.
-
No.
The Ducky is a programmable Microcontroller, similar to the Teensy, but different family.Teensy $16 (sdcard adapter extra $9 with pins) http://www.pjrc.com/store/teensy.html
Ducky $40 (basic) http://hakshop.myshopify.com/collections/gadgets/products/usb-rubber-ducky
Not sure what has happened to support for the Teensy version, your probably looking at IronGeek's PHUKED Library.
For small form factor, you cant really beat the Ducky, it has a USB-A header, unlike the Teensy that has a mini-B header. Plus the Ducky fits in its own case, where the Teensy is rather bulky, specially with the sdcard adapter. -
Not necessarily, the Teensy was Ducky version 1.0
Without knowing you intensions, it's hard to advise.
If your simply after a low form factor usb /sdcard reader, you cant really beat the device you posted at the top.
-
No.
The Ducky is a programmable Microcontroller, similar to the Teensy, but different family.
Besides, the cost of the Ducky just came down.
Depends what you want to use the ducky for:
* keyboard emulation attacks
* mass storage (rather expensive, but can be used to bypass device control software)
* a device that brings back autorun style attacks
-
Did a clean install today on Windows7, XP should work in a similar manner.
Installed Flip.
Inserted Ducky (in dfu-mode, continually hold the ducky's button as you insert the ducky, if its not in dfu-mode - you were not pushing the button, and you can not flash the ducky)
Performed Manual Driver install (see pics)
Worked perfectly - I didnt have to modify/copy any additional binaries or environment variables
If this doesnt work, you might have a dead-duck. My advise would be to contact the hak5 shop (shop@hak5.org) for an exchange.
-
Lets try and get language support up and running again.
Examples:
http://code.google.com/p/ducky-decode/source/browse/#svn%2Ftrunk%2FEncoder%2Fv2%2Fresources
The community needs your help!
-
Why don't you just use https://github.com/grugq/portal
-
change the vid and pid of the ducky to the same vid and pid of the Teensy (cant remember if they're different). If the Teensy works, then in theory the Ducky should work to.
-
Page 27 of the PowerPoint midnitesnake posted contains the line:
The knowledge of how to emulate USB devices is not widespread
Interesting quote...
Yeah, the guy who wrote those slides cant even emulate USB devices. Thats where that quote comes from. I'd say the Teensy was quite widespread, since it was used to pwn the PS3. *cough*. Was speaking to him at Blackhat, he's just playing off other's work, that he mentioned on slide-10.
Philip Polstra (Uni of Dubuque) knows a lot more, and has written an interesting presentation & whitepaper:
-
If I was .gov funded, I would do something more along the lines of http://media.blackhat.com/bh-us-11/Davis/BH_US_11-Davis_USB_Slides.pdf
the Ducky is a possible platform to exploit USB driver vulnerabilities. Its just hassle to find them, most of the easy exploitable bugs are now patched (in common drivers).
-
Hmmm, rather destructive.
From a commercial perspective - it would waste time and money. A decent forensic analysis should be able to recover data, again costing money.
From a home user perspective - it would be really annoying. Specially if I had the family camera connected!
Again your relying on user permissions, at home (likely an admin user) at work (likely a low level grunt).
Probably, achievable through executing the commands through multiple run-box's.
From an infection perspective, wouldnt it be better to write a malicious script in visual-basic or wscript to append that script (if permissions allow) to any *.bat file detected on the system (including attached drives).
We already know the ducky can call a script/binary from mass storage (therefore not reliant on internet connection for payload delivery).
-
ok I think this new rubber ducky is bricked or something . I just got it up and running and tried out the lock your computer payload . And
instead of opening up a txt file and typing what it was suppose to . The thing tried to open up like 600 copies of my net gear program and
nearly everything else on the desktop . And each time i put it back in it tries to do something else .
Your probably missing a DELAY 2000 (may need adjusting) on your first line, the Ducky executes as soon as its plugged in. The OS has missed the GUI-R call for a run-box, and is instead proably executing all files/shortcuts on your desktop.
Easily fixed by appending DELAY 2000 as the first line on the Ducky Script
Today my new rubber ducky came in and Windows 7 doesnt want to install the drivers for it. I tried on two separate computers. I will continue looking for more answers but if anyone willing to give a newb a heads up I would appreciate it.
Im assuming your trying to flash the Ducky. Windows will initially install what it thinks is the correct driver.... this is wrong.
- Go to Device Manager,
- Locate the Ducky (usually under USB devices),
- It should look like DFU-xxxx
- Right Click
- Choose Update driver
- Manual Install
- Point it to the signed drivers from Duck_Programming.zip
- Click ok
It should then work with no further issues.
-
Try adjusting your timings, the Ducky fires off really fast (secret to multi OS support)
Try adding "DELAY 5000" (you may need to tweak this) as the first line of your Ducky-Script.
-
The overlap warning is to do with the boot loader - but that area of memory is protected and cant be overwritten.
I was worried the first time I flashed my Ducky, I have since flashed the Ducky approx 80x with no adverse affects.
From checking my system, I did the following steps:
Install Flip
Install Atmel Driver
put firmware.hex in same directory as program.bat
Atmel Driver
----------
I inserted the ducky in dfu mode (holding the Ducky's button down)
When Windows couldnt find the driver, I did a maunal install (sometimes a wizard will pop up, sometimes it wont)
Control-Panel ->Hardware & Sound -> Add a device -> select atmel-dfu -> manually search for driver -> point to unzipped atmel-driver folder -> ok ->done
If windows has installed a gernic driver, you have to go through device manger -> update driver, and then manuall select the relevant inf file from the atmel-driver folder. -
Works fine on my USB 3.0 ports?
-
msfencode is slightly outdated, msfvenom is newer (and combines msfpayload and msfencode)
But typically, decent AV's detect all metasploit code
-
ok so i managaged to get the driver to sucessfully install in windows xp only but when i run the programming.bat c_duck.hex
Could not find AtJniIsp.dll
Atmel installer has probably put that driver somewhere on your disk, try copying it into the local directory containing program.bat, and try again.
-
All the programs should be on ducky-decode (including Atmel's FLIP installer).
I have been flashing the duck successfully on Linux, and Windows.
If you download dfu-programmer from ducky-decode
try these instructionstar -xzf dfu-programmer-0.5.4.tar.gz cd dfu-programmer-0.5.4 make sudo make install dfu-programmer --help
alternatively after the make commandcd src ./dfu-programmer --help
-
[BugReport] Payload does not autorun
in Suggestions / Bug reports
Posted · Edited by midnitesnake
Auto-run:
stock firmware: the HID payload should execute relatively straight away
community firmware: you need an initial delay eg DELAY 5000 (may need to be tweaked)
composite firmware: not possible, as the drive initally mounts as mass storage, you need to push the button to trigger hid mode.
Partitioning:
Short answer no, the card can be partitioned but your limited to 1x access control (either ducky reads both partitions, or OS reads both)
Look into c_duck_v2.hex (Twin Duck/composite) firmware that can use hid injection, to load a pre-defined script/binary on the sdcard partition.