no42
-
Posts
925 -
Joined
-
Last visited
-
Days Won
17
Posts posted by no42
-
-
Hmm, your using a deprecated download use version 2.1 c_duck_v2.1.hex
We now know your Ducky is fine!
-
Can RSA tokens be use for the two way factor authenication. Plus is it compatable with SSH. I know with vpn is it but not sure with SSH and scp
Yes it can, example http://www.ssh.com/manuals/server-admin/44/RSA_SecurID_Submethod.html
-
point 2 - what script? can you post the script here? or a link please.
point 3 - version 2.6+ is available from the ducky-decode link in my signature
-
1) Do you know what firmware you are running?
2) What is your script?
3) What version of the Encoder
4) Have you read the FAQ / Guide
-
Also these links are interesting; do you know all the software that may be installed on your ISPs router? food for thought
-
3 steps I've taken in the past, bet we can think of some more on this forum?
1) SSH Console access ; then secure SSH
2) Web front-end/CMS eg Cpanel, PHPmyadmin. htaccess file to protect '/admin' directory (not necessarily labelled admin), in conjunction with (3) move the admin interface to a higher port, using vhosting
3) Firewall and restrict access of IPs allowed to access a management port
-
what are your lights? flashing green and red? or permanent red ? flashing red?
-
Its a known bug ... we're working on it.
For now that sole GUI can be replaced by GUI R and the script should still work
-
Ok i'm in a bit confused =S
So far the danish layout of the kaybaord seems near perfect... Just not the windows/gui key...
Am i alone in this or have others tried the same?
Yes we are currently having problems with the GUI key, sometimes you have to code a twice
GUI GUI
Really need to expand the ranks and get to the bottom of why its not working?
but GUI R should work fine.
-
glad your up and running!
-
ok so have you installed flip (from the Duck_Programming.zip) it should reside in either c:\program files or c:\program files (x86) (if your on 64bit windows)
browse to the directory in explorer and via cmd.
using explorer copy (drag n drop) program.bat from the Duck_Programming.zip and the hex file you want to flash into the same folder (example: c:\program files\flip.3.4.2\bin)
then in the cmd prompt window enter:
program.bat ??????.hex (where ????.hex is the firmware file your trying to flash)
hopefully this will work :)
-
I've had very little down time :( but its still on my todo list .
-
Ok been away for a bit just picking this up again.
hopefully your still using the Duck Encoder v2.6+ version and the twin duck firmware c_duck_v2.1.hex
I can tell the firmware is working - because the mass storage mounts.
Tell me about the lights, and can you print your payload script here.
Again, sorry for my absence, and my time is rather limited these days.
My firmware on ducky-decode, doesn't create a default inject.bin if one is not found - have to save on space these micro controllers are small after all :)
-
If your on windows you are missing the driver, unzip the Duck_Programming.zip
Goto Device manager, look for a usbdevice with a yellow circle and a bang, update driver, point the wizard to the inf file within the extracted folder from Duck_Programming.zip.
If in doubt, read the ducky guide in my signature.
-
Which version of the encoder are you using?
-
That one is discontinued as it used version 1 encoder (US only).
The other links next to the iducke picture work fine, and supersede iDucke
-
1) Which firmware did you flash? or is it stock? alternatively what is your dmesg (linux command) output?
2) Version should be outputted on the Encoder's Header, else look for current version on Ducky-Decode website.
3) Doesn't really matter, but you are limited to the maximum size of FAT32 (32GB)
-
best encoder to use the the v2 branch of svn or v2.6+ from ducky-decode - it will produce an inject.bin that must be stored on the root of the sdcard.
With the firmware you download, if inject.bin is not found? Darren/Jason's firmware will create a new inject.bin which redirects to hak5 website.
Change your firmware to one on ducky-decode, and use the v2.6+ encoder, then you might get better results.
-
it is possible see http://penturalabs.wordpress.com/2013/11/06/wifi-pineapple-decrypting-ssl-traffic-on-mobile-applications/ as an example.
Not sure what you have done wrong
-
Read the links in my signature!
Also, read the FAQ & other stickies in the Ducky Forum.
-
Im assuming you have a binary payload called duck.exe stored on the sdcard labelled "Ducky".
This is what the duck is trying to executed.
-
Depends on VID PID, has the driver been loaded before, what OS, current processor load on OS. Something out of our control.
Driver installation bypass, is only if you mimic the VID PID of a previously connected and valid device.
-
-
? What version of the Encoder? and we need to see the full error message.
New to USB hacking, not new to programming.
in USB Hacks
Posted
Ducky can fuzz USB stacks depending on your programming skills and ex filtrate data.
The ducky brought back auto-run attacks.
Guess it depends what your after.
Advantage of ducky is pull file from local storage. In case there is no internet!