Jump to content

overwraith

Dedicated Members
  • Posts

    742
  • Joined

  • Last visited

  • Days Won

    5

Everything posted by overwraith

  1. Perhaps it's OS specific, which version are you using?
  2. Hey, check this out they got a WIFI flak/gun emplacement in the hak shop! http://hakshop.myshopify.com/collections/wifi-pineapple-kits/products/wifi-pineapple-mark-v-ultra-directional-kit?variant=3489002501
  3. Well optical character recognition has already been implemented in some products, and once you recognize that "ok" has been printed on the screen, presumably over a button, and you have the coordinates of said text you should be able to make a script that moves the mouse pixel by pixel to the "ok" button (a for loop or something). I have a page scanner which uses optical character recognition. Isn't the best, but if you have the actual source of the info, the monitor feed you would essentially have a flawless picture to draw off of there wouldn't necessarily be the imperfections in lighting that traditional scanners have. We are not necessarily finding things on the screen as complex looking as birds, a prompt is a box with text and buttons on it. Even if the prompts change from time to time one could theoretically screen shot it, and send it to a centralized DB to be uploaded to other devices once the scripts stop working. If one was using OCR, this prompt upload probably wouldn't even be necessary much of the time.
  4. What if they resize all the windows? I completely see what you're saying though, most people wont go through the effort to resize windows.
  5. Interesting, but do you always know where the button will be in every OS, on every screen size?
  6. No, basically just wanna try to figure out how to build a device that can do keyboard and mouse and be effective at them both. The mouse thing requires a visual aspect. I can try to accomplish at least half with the teensy, perhaps I can learn something on the way. Will be a while until I can actually get some hardware development books. I am basically an entry level web programmer/C#, I might be able to grock the C++/C code but it might take some time. If there is some kind of curriculum for learning about bread boards and stuff please post, but that too costs money which will take a while.
  7. Oh no! Things just got real! How would one do that? Seems like I would require a lot of hardware experience that I just don't have. The "computer" in the equation seems like it would already need upgraded to something more like a laptop. I am thinking one could get the optical recognition to work however if one had a robust enough API.
  8. I think 32 GB is the max SD card a raspberry pi can handle, but make sure you check that stat. I do know that a 64 was too big. Also flash memory has some problems. There are wear leveling algorithms and stuff, but there is only a finite number of writes that the SD cards support. Also, I have bought some crappy SD cards before, you kinda get what you pay for in this situation.
  9. Well, this looks like a pretty good start, if anything else comes to you, this thread will still be here. Also if anybody else has good tutorials or anything concerning this please post. The thing that most concerns me at the moment is that I wish to be able to use the output from the monitor to make decisions based on where Windows and buttons pop up, that means either a webcam with recognition software, or a special monitor cable or something with scraping software (is that what they call it?). Ideally I should be able to use a script to recognize where windows are on the screen, or move the mouse like a person would. The script could run on the laptop/other computer.
  10. Adult Detention Deficit much? Ok, so you say you don't really need to tweak OS libraries etc, you use a teensy? Do you have a specific setup/links I could check out? And to be clear you can send data to the teensy while it is plugged into a computer, and alter the data while it is running? I don't really know anything about teensy so I would be starting from scratch. Which part did you say you did, the teensy or the image processing via cable? The OCR, and image processing would be something a programmer would do, don't worry about it, I could probably figure it out if this works exactly as you claim it does.
  11. I wonder if the jammer infusion uses de-auths or something else? Someone else may know more about what you're trying to do than me. Anyone else have any ideas?
  12. So I was wondering would it be possible to take a raspberry pi or some small computer and alter the USB protocols on it so that it would essentially act like a USB rubber ducky, as well as a mouse? One would essentially be altering system files/libraries on the device. If this were possible we could add image processing to the mix via a raspberry pi camera and essentially create a little autonomous robot that actually accepted input from the screen. Think about this, if we had some image processing, and optical character recognition we could literally use the mouse to click buttons via the connected computer, and literally could process and turn off AV etc. The idea would be to connect the sawed off pi to the computer via a male to male USB cable, set it up on the desk looking at the computer screen and have it do its scripted magic. This might not be possible I don't know nearly enough about messing around in the egg salad that is operating systems/protocols. The raspberry pi might not have enough processing power though, so one might need to use an actual laptop. Does anybody know whether something like this is actually possible? If there was some device that actually accepted monitor input then that would be able to parse the screen data as well. This would not be something you could easily pass off as a flash drive, but it would be interesting if it was actually possible, and it might open lots of doors in terms of automated physical attacks.
  13. Ducky's are keyboards, they have to type, and the only way to execute their commands is via vb script, batch, etc all of which require you to type into a command prompt or power shell. The Ducky attack will not be completely silent, especially when the duck has to run it's code, but the script does have an invis.vbs script which trys to make it more silent than it would be otherwise, by making the batch script which waits for the ducky SD card to connect silently. The SD card (micro sd) attaches to the USB rubber ducky, and that is where the injection file resides, the actual bytes the ducky types out are in the inject.bin file on the micro sd. You need to compile scripts into these binary files and put them on the SD, and plug the sd into the ducky for it to run anything. There are firmware types which allow you to use the SD card attached to your ducky for mass storage as well, which is what I am asking you to install on your ducky (is called flashing). The SD card usually takes a while to connect, but I think it has gotten faster for some reason over the past couple of years. Don't know if it is associated with my computer rebuild or firmware upgrades or what. Another feature that attempts to minimize the ducky's impact to the screen is this part of the script: ALT SPACE STRING M DOWNARROW REPEAT 100 This basically takes the command prompt which pops up, and moves it off the screen via the down arrow and some keystrokes. If the user is looking at the screen they will notice, but this is at least an attempt to minimize the screen footprint. Some people have said you could use the windows screen saver by calling some DLLs in order to completely shroud the visual impact. I would have to go hunt for that post. I would love to have the ducky revamped in order to support a separate mass storage section, in addition to the SD card, but It would probably make the ducky bigger, more expensive etc. I wouldn't mind if there was a specific version I could buy which was a little more expensive, but some attacks seem to require different parameters. For instance what if you are exclusively running exes on one ducky off attached mass storage, and you are never going to loose that one in a parking lot or something. You would be able to invest a little more money into it. Now say on the other hand you wanted to literally blanket parking lots with these things, then you want it as cheap as possible because you might not get them back. You almost need a couple of different versions. The additional flash drive in the video is to expedite the mass storage attachment, because ducky mass storage can sometimes be slow. It is especially slow when moving files onto the duck, and it is slow to connect. This script is designed however to support either the firmware upgrade, or the addition of the flash drive. If you are running an exe off the duck the slowness of the duck should be ok, especially if the exe isn't very big (the best viruses aren't big). If you want to use this script you will need to rename the target drive "DUCKY", or find the associated text in the batch script and change it to whatever you want to rename your SD card to. You should label the SD card something that will be unique that the script will be able to discern where it is. Read the whole text on the associated page I linked you to. This script does not appear to require powershell, if it does it should be fairly easy to remove. The scripts are in sequential order from oldest version to newest versions at the bottom of the page. The newest version has a special brute force type drive selection technique because we were having problems with not having admin access on previous scripts. Now it does not require that pesky diskpart command to parse the attached drives. for %%d in (A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z) do (
  14. So I have to wonder, are you intentionally spelling bad, is English your non-native language, or are you trying to mask your speech patterns/identity through some kind of bad English obfuscation algorithim? ("cofe", no capitalization, little punctuation) Just kidding, you just go on with your bad English thing we will try to decipher. Regardless here is a script designed to run an EXE from your SD card provided the drive has the correct firmware installed on it. https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---runexe-from-sd You will have to time this one, it might be a bit longer than your requirements specify, and a little coding might be required to translate to VB etc. There may be ways to trim down the amount of coding but the functionality is already fairly bare. What you could do is put a big delay at the beginning of the script so that it executes some time after he plugs it in. There isn't really a way of determining whether he is actually away from the computer. Another thing you should be aware of is that many of the firmware types have a limit on the size of the scripts you can build, and delays essentially count as a byte for each delay to the ducky. So too big of delays will cause the end of the script not to execute if you get it wrong. Is essentially an overflow condition without the associated exploitation. The limit is on the ducky's memory. I am not sure if further firmware development would fix the problem, or if it has already been fixed just experiment with it (the delays). I often wonder if there would be some way of intercepting keystrokes with the ducky to determine if the computer is idle or not, but I think that it would probably be impossible but I have no evidence either way.
  15. Does the raspberry pi get no love at all? It actually has mini peripherals you can plug into GPIO, etc.
  16. You are masquerading as his AP in order to pull his clients off their network, so yes I think if you de-auth his AP, you would essentially be de-authing yourself. I think that most wireless devices automatically try to reconnect when de-authed which is why I recommend de-authing the client. That is how I got handshakes on my own network when trying to crack my own WPA-2 password, I would de-auth the client, then it would reconnect, then I would repeat until I had enough connection packets. Airodump would tell me when it got the handshake. In your case you want to redirect the client to connect to your AP. It would make sense to de-auth it then. You would have to check on whether you get better performance out of the yagi or the antennae you have. There should be something in the form of stats in the store or somewhere. While watching some of the Hak 5 videos however it appeared that the yagi would get ridiculous range, but somebody else could probably fill you in on better specifics. When I needed to de-auth I ended up having to send a ridiculous amount of packets in order to actually make my targets disconnect, I think there is a certain number of packets they will just ignore. There is a count flag in Aerodump/whatever though, so you can specify like 10 or in my case 100 until it works. Writing a batch script might help with the timing for something like this. Scripts usually execute faster than people can type, and could help you get the traffic sent just right. If all else fails you could essentially get another device like a laptop or a raspberry pi or something and use the extra radios/device in order to get things working. If they were connected via fast/Ethernet you could possibly make a script that tells one device to do one thing, and the other device, the pineapple to do the AP portion, bringing up the right MAC address after the de-auth packets have been sent. I make no promises for the supported hardware/software on the raspberry pi this is just an idea. I also have never made a script that was distributed in this fashion so make sure it is actually possible (it should be).
  17. No comment on key loggers. There are probably better ways of getting the information the employers need. Key loggers wouldn't be able to detect executable code which is usually the main problem. Most companies have some way of monitoring their employees DNS requests, that is how they monitor where the employees are browsing. Slightly more useful than a key logger. There is also usually all sorts of network and OS logging that is going on.
  18. You would probably need a Yagi antennae in order to have comparable signal strength to coax his hardware to prefer yours. The Yagi is directional, and can therefore make stronger signals at greater distances. I am not sure how well de-authing the AP would be, I have never tried it, perhaps deauth the client, then when it tries to connect you may be able to snag it. You would also need to utilize the DNS spoofing built into the pineapple to forward your web content (it's DNS spoofing right? I got this one right? ). Not sure how you would host the web page, you may want to ask some other pineapple people how this DNS spoofing attack normally works I only have introductory knowledge of pineapple. P.S. If my "friend" did this to me I would probably do very unfriendly things back to him. Just saying.
  19. I am just worried that those tiny screens aren't good for operating that close to the eye. This idea although interesting is probably sunk until somebody develops a purpose built screen. We already have issues with screens causing eye problems, and that close to one's eye the display would probably look distorted or way too close to visualize correctly.
  20. I don't consider either tactic a waste of money. Sometimes you are going to have situations where the rootkit might be a little bit too prone to detection, and reversing. From what I understand in order to install a rootkit you need an exploit in some form in order to install it. The OS may log some of the crashes, and other such things associated with this right? If you are using the network and pivoting in order to install the rootkit there will be network logging. Other times you will have the opportunity to use one of these hardware solutions which are less noisy in terms of interactions with the OS, but more prone to being viewed by some passerby. A rootkit has to call back to a server. A hardware key logger does not. If there is a position where the computer is under a desk or something and not easily viewed, then a hardware solution may be warranted. It is cool that there is something that doesn't necessarily have to utilize the call back to the server, and is therefore non-attributable. It is more difficult to say which solution is actually "better" as in my own opinion there are downsides to both. I am betting the loss of one of these keyloggers might be a little bit annoying though, how much do they cost? The hardware keylogger does assume physical access as well. The rootkit could be administered physically, but not necessarily.
  21. This looks really good, good job. I did some superficial research on IE, and it appears that it stores the passwords in the registry. Could be a little more involved to extract such information, and hopefully the pass recovery tools would be able to accept the extracted data. You may have to read the values back into the registry on another computer in order to extract the passwords with a password tool. It should be possible to save as .reg files elsewhere. I am not a registry savant. I don't know though. I was looking at this site; http://www.majorgeeks.com/content/page/how_to_manage_your_internet_explorer_saved_passwords.html I think my Win 7 registry is set up a little bit different however, so you would need different payloads for XP, Win 7, and Win 8, or some sort of if statement within the script in order to preform the right operations.
  22. I think Windows XP probably has some sort of VB Script engine, but don't quote me on that. That's the only way I can think of doing this activity.
  23. I do not know, I was thinking of building an oculus, out of a pi, not plugging an oculus into the pi. It supports cameras, so I would think there would be enough processing for my purposes, and it also supports very tiny screens like the ones in cell phones, but my problem appears to be that there would probably not be one that is designed to be that close to somebody's face. The B+ has 512 MB of RAM. Some of the other versions have up to 1 GB, and varying processors. If it supports a camera though it would probably handle what I want to do with it. I have a very specific idea in mind, more like a HUD really. Another problem that might arise would be somehow figuring out how to support two screens or something. It is probably a bad idea. I just thought I would ask for input from the community.
  24. Perpetual electrical machine... like a perpetual motion machine, just as effective.
×
×
  • Create New...