Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Recent Profile Visitors

4,497 profile views

skysploit's Achievements


Newbie (1/14)

  1. S3V3N, Yes, I am still around. Not as much as I would like, but still here. Simple-Ducky v2 is well underway, hopefully it will be available soon. v/r ~skysploit
  2. Casual, Thanks for your support. I only do it because of the effort that Hak5 has put forth in developing such an awesome tool. Some people over look the Dusky because of its simplicity. I say you have to look at who is using these devices. Most agencies/companies dont have the time/money to train and reproduce expert programmers. They need simple devices with a simple programming lanuage to conduct security audits. The USB Rubber Ducky and the simple-ducky meet those needs. From the novice to the expert, this device can do everything from boosting the confidence to the operator to performing complex security audits, resulting in better overall security of the network/people. I will be here to help as long as Hak5 and the folks using these products need me to. v/r ~skysploit
  3. ITHKS, Yes, there are some payloads that will work on guest accounts. Just use the payloads that do not require User Access Control (UAC). The powershell, download, and execute payloads are perfect for that. Granted you will have to do some privilege escalation. Take a look at the payload builder and DBD w/o UAC, let me know if you have any issues. v/r ~skysploit
  4. DrDinosaur, Yes I'm working on v1.1.2 at the moment. I have been back logged with work, so its been slow. Hopefully, I'll have it ready by the end of the month. ~skysploit
  5. Try modifying the payload and use dbd. DBD uses an SSL connection and is pretty darn good at bypassing AV without having to obfuscate at all. Not only that the size of the payload itself is tiny... I am currently working on a new version of the simple-ducky and it should be ready in the next couple of weeks. Great job TeCHemically! ~skysploit
  6. jjd, What version of the simple-ducky are you running? In your terminal run: simple-ducky-update and see if that fixes the problem. It appears that dbd is not getting forked over properly.
  7. zuma01, The simple-ducky has the ncat.exe binary built in. You can get the simple-ducky here; https://code.google.com/p/simple-ducky-payload-generator/ . If you would like to be a little more stealthy try using dbd instead (also included in the simple-ducky). ~skysploit
  8. Guys, I was messing around with my Pineapple today and for the life of me I couldn't get the "WPS Button Script" to work. I looked into the script itself to see if there was something strange going go. I noticed that when I initiated the "Update Script" button in the control panel that it was appending a "^M" to the end of every line in the script (see below). My work around was to just ssh into pineapple and alter the script using nano. Hope this helps anyone that is having the same problem. ~skysploit "Update Script" bug #!/bin/sh^M #Script is executed when WPS button^M #is pressed for 2-4 seconds.^M ^M interface=$(ifconfig -a |grep HWaddr | cut -d"L" -f1)^M ^M for i in $interface; do^M ifconfig $i down^M macchanger -a $i^M ifconfig $i up^M done^M ^M Edit the script via nano (To exit NANO use "Ctrl+x" press "y" to save changes, and press "Enter" to close) root@Pineapple:~# nano /etc/pineapple/wpsScript.sh MAC changer script #!/bin/sh #Script is executed when WPS button #is pressed for 2-4 seconds. #This script changes the MAC address of every interface... #Script by skysploit interface=$(ifconfig -a |grep HWaddr | cut -d"L" -f1) for i in $interface; do ifconfig $i down macchanger -a $i ifconfig $i up done Ensuring that the script is executable root@Pineapple:~# chmod +x /etc/pineapple/wpsScript.sh
  9. green, What distro are you installing the simple-ducky on? If the installer fails to pull burpsuite from the repository it will take another approach to installing it. Only a few distros have burpsuite in the their repos. For that purpose I have an alternative installer that will take over when you see that error... Check your machine to see if it is installed. ~skysploit
  10. Phobic81, To encode the payload.txt file that you have created just place it in the "/usr/share/simple-ducky" directory and open a terminal window and "cd" to the same directory. Run this command: java -jar encoder.jar -i payload.txt As far as importing the wallpaper prank into the simple-ducky, i would perfer not to. The simple-ducky is designed for professional penetration testers and the payloads in the are geared specifically for that purpose. However, I am in the process of completely revamping the simple-ducky. I am going to make it 100% modular, that way plugins can be added by each user. This is going to take some time to complete but it is well worth the effort. ~skysploit
  11. 411, This looks great! Thanks for putting in the work... ~skysploit
  12. If you can't find the script, that's probably because you are using v1.1.0 or prior. With version's prior to 1.1.1 the simple-ducky resides in a different directory. If you are unsure of the version use the install instruction below. It will remove the old ducky install as well install the new version. Sorry for the delay... ~skysploit
  13. I was playing with Nishang when i came across this post... I cant wait to get this integrated with the simple-ducky.
  14. DrDinosaur, Great job on the video! I'm glad to see that people are still using the simple-ducky. Hak5 does a great job with the show and the products that they offer. Hopefully, these videos of the simple-ducky entice folks to go out and buy the USB Rubber Ducky.... I'm slowing working on gathering all the payloads within the forums and github. The hard part is vetting all of the payloads. Some are broken or have delay's that not realistic with what a corporate computer would be able to handle. So it takes time to make sure that all of these payloads will work the best can. With that said, I am always looking for people to help with the vetting process. Thanks again ~skysploit P.S. DerbyCon anyone??
  15. What version did you install? If you are on version 1.1.1 (current version), then issue these commands.... sudo ln -sf /usr/share/simple-ducky/simple-ducky.sh /usr/bin/simple-ducky sudo ln -sf /usr/share/simple-ducky/update.sh /usr/bin/simple-ducky-update Also inside /usr/share/simple-ducky/ there's a file called "install.sh" run that by using... sudo bash /usr/share/simple-ducky/install.sh Let me know if this works... ~skysploit
  • Create New...