ApacheTech Consultancy

Keyboard emulation is different to what the ducky does though. The keyboard emulators do not break the inherent trust of the host PC. Something like Synergy on the other hand, might. It is more likely with a Nokia phone because of the similarities in the chipsets between the Nokia and the ATMega. Either way, you'd need a heavily modded phone with custom bootloader, firmware and possibly even a few kernel tweaks. If it worked though, it would change the way in which DuckyScripts are written. You could use Python or Mono or Java to produce keystrokes on the fly. The ducky would end up going OOP. :D But, it's all about spoofiing the VID and PID and still allowing the phone to function, including charging.

There are tons of options available on HTTrack. I haven't had a chance to look through everything on it, but it might help you out. http://www.httrack.com/

12 different scripts! :p You could have separate Mac, Windows and Linux cards. The nextGen firmware would auto-detect the OS and mount the appropriate card.

I actually agree with you, it would be amazing to have everything segmented into handy pigeon holes. Usually, forums end up waging war on my OCD. The process of adding a sub-forum is very simple, but that's not what the phrase is about, it's about the fact that it sets a precedent. Should we have sub-forums for DuckyScript IDEs and Encoders and for Firmware. They are even more important than the scripts themselves. People can write their own scripts very easily with just notepad, a repository isn't overly helpful, it's just a time saver rather than writing out 10 lines of code. But then again, people for some reason will search for hours through a list of payloads to find a basic script that would have taken them less than a minute to type out from scratch. Utilities and Encoders are different because we don't expect everyone to compile their own encoders from scratch.

They're no Sub-forums. They're merely different forums. Sub-forums appear within the main forum, see Suggestions/Bug Reports in the USB-RD forum, where it says Sub-forums for reference. http://forums.hak5.org/index.php?/forum/56-usb-rubber-ducky/ It's just as easy, if not easier just to search for "[Payload]" on the USB-RD forum to generate a list of payloads. Unfortunately, the laws of the internet won't allow us to perform a simple split. "One does not simply add a sub-forum to an established board". People would petition for further splits. We need a sub-sub forums for Linux, Windows, MacOS, Cross Platform payloads, even more for Black Hat, Grey Hat and White Hat. It opens up a Pandora's box which, for a support forum, doesn't need to be opened. Platforms such as Github allow for such deep nesting and genre-splitting, a forum can end up too messy. This is all my opinion though; I've moderated on a few different forums in the past, but never here. The admin here may want to expand into a more all round "hacking site", but from the show over the last 8 years, I highly doubt it.

Github is separate to this site. It's not a part of the Hak5 franchise. The Pineapple/Jasager forums do not have sub-forums for payloads. In fact, this forum is the only one on these boards to have any kind of sub-forum.

I think the problem is that because the majority of payloads are malicious, the forum can't glorify them. Whilst this is a site about hacking, it is not a hacking site. While the USB-RD is a very valuable tool in anyone's SET, the standalone use can be seen as quite "script-kiddyish". The forum doesn't want to be seen just giving people black-hat and malicious scripts that can seriously affect people's privacy merely for personal gain. There's a thin line between "educational tool" and "aiding and abetting" which must be kept. A separate sub-forum specifically to post malicious scripts could be seen as the latter.

Hak5 did a really good series that takes you through the whole process of SSH. It starts on season 11, episode 8. This series taught me pretty much everything I needed to know about the subject and goes into a lot of detail without supposing too much prior knowledge. Starting here may be your best bet. http://hak5.org/episodes/hak5-1108

1. Have you made sure that the SD Card works correctly using a card reader? 2. Is the SD card formatted in FAT (or FAT32 if above 2GB)? 3. Have you made sure that the SD Card is not write protected? 4. Is there any more specific information you can give us regarding your setup? Type of board you're using, the OS you're using, what steps you've already taken to fix the problem, how to replicate the problem. 5. Have you searched for similar cases on these forums that have already been solved?

Could this possibly be the ultimate in Rubber Duck technology? I really hope it's possible to interface the RD with one of these one day! :

I haven't had that problem personally, but I've seen a few have on here. I have found though that sometimes the "Installing new device" balloon can strip the focus away from the target window; crashing the script. Once the device is recognised, this problem will go away, but for new victims, this problem may occur. For windows not being opened at the front of the stack, the easiest option is to fully minimise all windows (GUI d) prior to launching the CMD.

There is a fad amongst kids at the moment to "hack" each others FB accounts. They inbox/private message each other the passwords. On FB, hacking has been reduced to "logging in on someone else's account, after they have sent you their password willingly". I think the world has wised up since the days of Mitnick and McKinnon. If it gets serious, talk to 2600.org; they've campaigned on behalf of many such cases. The biggest thing for you to do is to pull together a a family. Make sure she tells you the absolute truth about what happened, even if this is not what is portrayed publicly. The more transparent you are with each other, the easier it will all be. Start by asking the school for advice; how far will they push this, why is it being taken so seriously? If necessary, take legal aid and involve a lawyer, but they don't need to be involved until a summons to court is issued. Don't waste legal aid money on lawyers when you don't need them. Hold off until you do. If the "attack" happened on school property then school has every right to be involved. If it didn't then the dispute is between yourselves and the injured party. The school can be seen, in this case, as a mediator. Depending on their stance, the can be leaned on more or less for support. Hacking, in America, seems to still have the Mitnick effect upon people. Everyone is scared about what they don't understand. But you know your stuff. If one element of whatever they say is impossible, or highly improbably, then push them hard on it. Squeeze every ounce of knowledge out of them regarding the subject they're charging on. Stick to your guns. You have a whole world of support out here, use as much of it as you can.

Thank you for your comments. I will endeavour to get my head around a lot of the jargon. I've never really needed to look outside of .NET for anything. I've only used frameworks in WebDev, I take it the word means something different in AppDev. Eclipse does not make it easy to see the difference between Java and Groovy; if I'm honest I'm in way over my head with it. I'd just got to grips with the basics of Java when I found out they didn't provide the basic functions I needed to use as the foundation of the app I was making. I read into Groovy, it was publicised as an add-on for Java. I installed it on Eclipse, converted the project over and carried on coding just as you'd expect to be able to. Then I found out that Groovy isn't what I thought and doesn't even use the same syntax; yet, Eclipse didn't convert anything, it just changed the file name. For now though, I think I'll stick with C#; it suits my coding style a lot more and IMO, a much better and more powerful language to use. There's nothing I need Java for anyway apart from that on program, in which the clumsy Java workarounds will have to do.

True, if a drive is that fragmented that its affecting performance, you'd just re-image it and think nothing else of it. If a pattern formed, you'd keep an eye on the terminals use on a day to day basis (its probably next to a radiator or in line to catch the sun through the windows in the afternoon or something) rather than attempt any form of forensic tests on it. I was thinking more though of the "helpdesk" side of things. When I was at college before uni, we had to do RP exercise where we got called out to a client's station that had something wrong with it; identify, fix and explain the problem to the non-techy client. We found the trouble with the random bit arrays was that it didn't take long enough in real world terms to correct. We ended up using naturally fragmented drives. This is only one very specific case I'll grant, but I'm sure there are similar scenarios in industry where such a tool could be used to some effect.

I think the main use for a Reverse Defrag program would be to "subtly" obfuscate recently deleted files. Shredding and zero-byting leave tell tale signs, but a reverse defrag would make it seem as if it was just ware and tear on the drive rather than purposeful deletion of data. From a white-hat perspective, such a tool could be used to observe rapid fragmentation of drives, seeing what data is overwritten, where and how over a matter of hours rather than months. The process would have to create and delete random size files though, rather than writing random bits to random sectors if the aim is to replicate real world conditions. It could lead to a better understanding of real-world vs. pseudo-random defragmentation, shredding and zero-byting. Could you use something like scalpel once a drive is re-fragmented? The other way such a program could be used is as an educational tool for rapid configuration of test-cases in sys-admin simulation exercises. It would be a more realistic setting than just coming across yet another randomly allocated bit array on a drive to simulate performance loss through fragmentation. Also, as a benchmarking tool for defragmentation applications, S.M.A.R.T and partitioning software. It does have its uses.

Strongly Typed Collections are the base stone of any OOP-centric language. If you master them then you begin to think and plan your programs around STC principles. It's actually a very simple process once you've done it a few times.

The above is how to create the Class Objects ready to store, here is how to use the Strongly Typed Collections: Assumptions I have made a few assumptions during this post: The reader understands VB.NET syntax Examples are given as a bare-bones demonstration only and any implementation will incorporate Defense Programming into it's design. Option Explicit in VB.NET is turned On Option Strict in VB.NET is turned On The reader understands that although this post is written using VB.NET syntax as an example language, the concept and implementation can be used in most modern high-level programming languages. The reader has already read my previous post: Object Orientated Programming (OOP) Overview A strongly-typed collection is one where all the Types within a collection are known at compile and do not need to be cast during runtime, or outside of the collection itself. A Collection is similar to an Array, but much more powerful in the ways it can be used. Collections have a dynamic capacity, so if a new entity is added, the index will automatically increase. They are also sortable, enumerable and can be cast to many other forms of collection. Within this post, I will be using a simple List Collection, which is the most simple Collection to work with. Full Code I have placed the full code for the project here and will expand on it below. I have expanded the Student Class Object slightly, adding in Set options within each property and removed the ReadOnly restriction. As mentioned in my previous post, this has merely expanded the use of the Student Class Object and has not altered any of it's uses prior to this post. Option Explicit On Option Strict On Module StudentData Sub Main() Dim ClassList As New MMU.StudentList ClassList.Add(New MMU.Student("12345678", "John", "Doe", "BSc (Hons) Computer Network Technology")) Dim JaneDoe As New MMU.Student("87654321", "Jane Doe", "BSc (Hons) Computer Network Technology") ClassList.Add(JaneDoe) Console.WriteLine(ClassList("12345678").ToString()) Console.WriteLine(ClassList(1).ToString()) Console.ReadKey() End Sub End Module Namespace MMU #Region "Student (Custom Class Object)" Class Student #Region "Private Members" Private m_sid As String Private m_firstName As String Private m_lastName As String Private m_course As String #End Region #Region "Constructors" Sub New(ByVal _sid As String, ByVal _firstName As String, ByVal _lastName As String, ByVal _course As String) m_sid = _sid m_firstName = _firstName m_lastName = _lastName m_course = _course End Sub Sub New(ByVal _sid As String, ByVal _fullName As String, ByVal _course As String) m_sid = _sid m_firstName = _fullName.Split(CChar(" "))(0) m_lastName = _fullName.Split(CChar(" "))(_fullName.Split(CChar(" ")).Count - 1) m_course = _course End Sub #End Region #Region "Public Properties" Public Property SID As String Get Return m_sid End Get Set(_sid As String) m_sid = _sid End Set End Property Public Property Name As String Get Return String.Join(" ", m_firstName, m_lastName) End Get Set(_fullName As String) m_firstName = _fullName.Split(CChar(" "))(0) m_lastName = _fullName.Split(CChar(" "))(_fullName.Split(CChar(" ")).Count - 1) End Set End Property Public Property Course As String Get Return m_course End Get Set(_course As String) m_course = _course End Set End Property #End Region #Region "Public Methods" Public Overrides Function ToString() As String Return Me.Name + " (" + Me.SID + "), " + Me.Course End Function #End Region End Class #End Region #Region "StudentList (Strongly Typed Collection)" Class StudentList #Region "Inheritance" Inherits List(Of MMU.Student) #End Region #Region "Default Overloaded Property" Default Overloads Property Item(ByVal _index As Integer) As MMU.Student Get Return MyBase.Item(_index) End Get Set(_student As MMU.Student) MyBase.Item(_index) = _student End Set End Property Default Overloads Property Item(ByVal _sid As String) As MMU.Student Get For Each Student As MMU.Student In Me If Student.SID = _sid Then Return MyBase.Item(Me.IndexOf(Student)) End If Next Throw New KeyNotFoundException("Student was not found in list.") Return Nothing End Get Set(_student As MMU.Student) For Each Student As MMU.Student In Me If Student.SID = _sid Then MyBase.Item(Me.IndexOf(Student)) = _student Else Throw New KeyNotFoundException("Student was not found in list.") End If Next End Set End Property #End Region End Class #End Region End Namespace Output John Doe (12345678), BSc (Hons) Computer Network Technology Jane Doe (87654321), BSc (Hons) Computer Network Technology Inheritance When a class inherits from another class, it becomes an extension of that class. The class from which we inherit is known as the Parent Class and any child gains the properties and methods of it's parent. Here, we are creating a Child Class, or Derived Class or the List(Of T) base Collection class. This means that everything that we could do with a list, we can now do with our own class. It is important to understand this difference as we continue on. The class we have created is now bound only to work with the type MMU.Student, and is now, therefore, strongly-typed. Class StudentList #Region "Inheritance" Inherits List(Of MMU.Student) #End Region End Class Default Properties By specifying a Default Property, you are able to access that property directly by just specifying Object itself. Think of how you just specify Array(0).Property rather than Array.Item(0).Property, although both will work just as well. Here, we Overload the Item Property, just as we did previously with the constructor within the Student Object. This is so that, as well as the regular index iteration, we can also iterate through the List by the student numbers. It is important to specify within these default properties, only fields which are unique to each record. Like in a database, each entity in a collection is uniquely identified by it's index. Using non-unique fields has the possibility of bringing up multiple records. This is possible, by returning a new collection rather than an individual record, much like how multi-dimensional arrays work. However, this is beyond the scope of this demonstration. #Region "Default Overloaded Property" Default Overloads Property Item(ByVal _index As Integer) As MMU.Student Get Return MyBase.Item(_index) End Get Set(_student As MMU.Student) MyBase.Item(_index) = _student End Set End Property Default Overloads Property Item(ByVal _sid As String) As MMU.Student Get For Each Student As MMU.Student In Me If Student.SID = _sid Then Return MyBase.Item(Me.IndexOf(Student)) End If Next Throw New KeyNotFoundException("Student was not found in list.") Return Nothing End Get Set(_student As MMU.Student) For Each Student As MMU.Student In Me If Student.SID = _sid Then MyBase.Item(Me.IndexOf(Student)) = _student Else Throw New KeyNotFoundException("Student was not found in list.") End If Next End Set End Property #End Region Usage As seen in the code above, we can enter the student's details in a number of different fashions as before and to output, you use the collection just like an array, but specifying the methods or properties you want to display from the Object held within the selected index. Final Thought If you're still having problems with the idea of a strongly-typed collection, think of it like this: In a weakly-typed collection of Students, each index holds a Object of the Student Type. In a strongly-typed collection of Students, each index is a Student Object.

What you're after is Strongly Typed Collections. I wrote a blog about this on my Uni course page. I'll post it here for you to give the basics. Sorry if it seems a bit pedantic, it as written for very new programmers. Assumptions I have made a few assumptions during this post: The reader understands VB.NET syntax Examples are given as a bare-bones demonstration only and any implementation will incorporate Defense Programming into it's design. Option Explicit in VB.NET is turned On Option Strict in VB.NET is turned On The reader understands that although this post is written using VB.NET syntax as an example language, the concept and implementation of OOP can be used in most modern high-level programming languages. Overview OOP is a brilliantly elegant way of coding that is both easier for onlookers to understand and far more extendible than procedural programming. Procedural programming relies on things being done in order. A followed by B followed by C and so on; if you need to add something in between A and B once the program is stable, it involves redirecting the program from A to the new B and then to the old B, now C and everything moves along one in order. This isn't the way with OOP, you can add new Properties to an Object and everything you have done previously with it will be largely unaffected. An Object, in programming terms can be pretty much anything. In this article I'm going to stick with the all too familiar Student/Class/Tutor schema that seems to work quite well in textbooks. In every class, we sign a register. In programming terms, the Register is simply an Object. It contains within it a few Public Properties such as Tutor, Unit, Course, Students and so on. In this example, Students is Strongly Typed Collection of Student Objects. I will go into Strongly Typed Collection in another post, as it is another topic entirely. Each Student will have properties such as Name, DOB, SID, ContactDetails and so on. Creating Objects To create an Object, you create a class, within a namespace, with the name of the Object you want to create. Option Explicit On Option Strict On Namespace MMU Class Student End Class End Namespace Regions Next, we add the regions we're going to build on. There are four basic regions we will use: Private Members, Constructors, Public Properties and Public Methods. We only add these regions to aid our extensibility. It makes the object easier to read, and therefore upgrade when needed. There are other useful Regions to add to more complex objects, such as Events, Delegates, Destructors, Interfaces, Enums, et al, but for this example, the basic four will suffice. Option Explicit On Option Strict On Namespace MMU Class Student #Region "Private Members" #End Region #Region "Constructors" #End Region #Region "Public Properties" #End Region #Region "Public Methods" #End Region End Class End Namespace Private Members These are the local scope variables that are used within the Object. Within OOP, these variables hold the data once the Object is constructed and pass the data to the Properties to be outputted. This way, the local variables are never exposed to the public; they can be manipulated within the class as normal. Here, I have used a simple model of Student Number, Name and Course. In real world examples, this would be a much more extensive list. #Region "Private Members" Private m_sid As String Private m_firstName As String Private m_lastName As String Private m_course As String #End Region Constructors The constructors are an essential point of any object. They are known as "Entry Points" to the Object and will tell the class how it gets the data for the object and how to store it once it's there. Here, I've overloaded the New sub procedure twice with different options to create a new student. This gives more flexibility to the program, and therefore the user to input data. It will check the number of string arguments and load the correct New Sub. #Region "Constructors" Sub New(ByVal _sid As String, ByVal _firstName As String, ByVal _lastName As String, ByVal _course As String) m_sid=_sid m_firstName=_firstName m_lastName=_lastName m_course=_course End Sub Sub New(ByVal _sid As String, ByVal _fullName As String, ByVal _course As String) m_sid=_sid m_firstName=_fullName.Split(CChar(" "))(0) m_lastName=_fullName.Split(CChar(" "))(_fullName.Split(CChar(" ")).Count - 1) m_course=_course End Sub #End Region Public Properties Public Properties make up the specific "Exit Points" of the Object. They output the data in the private members, in a manner of your choosing. Here, I have given very basic examples for outputting the data, merely converting the local scope variables to public scope variables. For the name, I've added a simple concatenation to create a full name. Real world examples, of course, would be much more complex. #Region "Public Properties" Public ReadOnly Property SID As String Get Return m_sid End Get End Property Public ReadOnly Property Name As String Get Return String.Join(" ", m_firstName, m_lastName) End Get End Property Public ReadOnly Property Course As String Get Return m_course End Get End Property #End Region Public Methods Methods are things that will affect and manipulate the data within the object. Public Methods are available outside the scope of the Object. Private Methods may be used to do internal manipulation of the data without allowing access from outside; this is mainly for utility or foundation level methods that alter the data in minor ways. In this basic example, I have overridden the canon .ToString() method to create a concatenated string of the relevant data. It uses all four of the input parameters. #Region "Public Methods" Public Overrides Function ToString() As String Return Me.Name + " (" + Me.SID + "), " + Me.Course End Function #End Region Full Class Code Here is the code for the Student Class Object in full: Option Explicit On Option Strict On Namespace MMU Class Student #Region "Private Members" Private m_sid As String Private m_firstName As String Private m_lastName As String Private m_course As String #End Region #Region "Constructors" Sub New(ByVal _sid As String, ByVal _firstName As String, ByVal _lastName As String, ByVal _course As String) m_sid = _sid m_firstName = _firstName m_lastName = _lastName m_course = _course End Sub Sub New(ByVal _sid As String, ByVal _fullName As String, ByVal _course As String) m_sid = _sid m_firstName = _fullName.Split(CChar(" "))(0) m_lastName = _fullName.Split(CChar(" "))(_fullName.Split(CChar(" ")).Count - 1) m_course = _course End Sub #End Region #Region "Public Properties" Public ReadOnly Property SID As String Get Return m_sid End Get End Property Public ReadOnly Property Name As String Get Return String.Join(" ", m_firstName, m_lastName) End Get End Property Public ReadOnly Property Course As String Get Return m_course End Get End Property #End Region #Region "Public Methods" Public Overrides Function ToString() As String Return Me.Name + " (" + Me.SID + "), " + Me.Course End Function #End Region End Class End Namespace Usage The usage for Objects is the same for using any other class. You must first declare the class, with any mandatory arguments and then you can use the methods and properties of that instance of the class In this example, I have created two students, using both methods of construction and have used the .ToString() method on each of them to output the data. Both JohnDoe and JaneDoe are separate entities, or instances of the same class. What happens to one, will not affect the other. Sub Main() Dim JohnDoe As New MMU.Student("12345678", "John", "Doe", "BSc (Hons) Computer Network Technology") Dim JaneDoe As New MMU.Student("87654321", "Jane Doe", "BSc (Hons) Computer Network Technology") Console.WriteLine(JohnDoe.ToString()) Console.WriteLine(JaneDoe.ToString()) Console.ReadKey() End Sub Output John Doe (12345678), BSc (Hons) Computer Network Technology Jane Doe (87654321), BSc (Hons) Computer Network Technology

One thing I would say about VB.NET; as soon as you feel confident with it, jump over to C#. You'll get a lot further with C# than you will with VB. Both learning wise and in industry. I stuck fervently with VB for a long time. Whilst learning the intricacies of .NET, I was searching high and low for tutorials and example project written in VB and there wasn't much around. Whilst learning C# you have all the help of the community at your fingertips. VB.NET is more powerful than C#. That comment will probably be jumped on by C# fanboys, but the cold hard truth is that it is. Because VB is Microsoft's baby, they've introduced a lot more into the Microsoft.VisualBasic namespace than into Microsoft.CSharp. VB has elements of hyper-level programming* in it which make C#'s implementations look low-level in comparison, even though they're both on the same plateau. In C#, you sometime even have to Interop over to Microsoft.VisualBasic and borrow some of it's functions because C# doesn't have any way of implementing them itself. Having said that, C# will be infinitely more useful in the world of work. Once you understand and can read through C-style syntax, you can quite easily pick up many other languages which use the similar syntax base. From VB, you might be able to go onto Delphi or Cobol relatively easy, but pretty much everything else will require learning a whole new syntax-base. * I'm not sure if this is actually what you call the step above high-level programming, if it's not this, it should be! :D

With the three-key combinations, you usually get the third result by pressing ALT_GR + <KEY>. Does that work?

Or try: ASCII_5E = KEY_6, MODIFIERKEY_SHIFT

But that leaves a question; should a base programming language need an add-on framework just to be able to be usable? Java claims to be OOP-centric, then takes away (in its core syntax-base) the means to manipulate objects in elegant and straight-forward ways. Nested classes are an integral part of any OOP-centric language, but Java uses them in ways that they were never meant to be used; or at least in out-dated, now superseded ways which make the code clunky and inelegant. I will have a look at the Scala pattern. I've seen Groovy as well, which does add in delegates in the form of Closures but they seem to be quite clunky as well and I haven't had time to look into the syntax patterns for it. Going into Groovy, or any other framework after only a week or two of learning Java is a daunting task. I want to learn the core, convoluted workarounds just so that I know how to use them. The same way you'd learn the intricacies of C# before using LINQ for everything.

I've only used the very basic functions of it whilst developing the Duck Encoder v3.x on the USB Rubber Duck forum. My main problem is that I know in my head exactly how I would write the program in C#; exactly what would go where, how the different elements would fit together and the overall program flow. But, in Java, this would have to be split down into really convoluted segments. Take, for example, the new Ducklings I've developed for v3. In C# you can use delegates to create a dictionary of methods which you can call dynamically without needing to use reflection or any convoluted anonymous inner classes. The Ducklings are designed for relatively new, if not first time coders to develop their own strongly-typed, secure plugins and distribute them across the community. Java's method of doing this took a day of research just to find out I couldn't do it as you would logically think of doing it in a high-level programming language and more time to implement a clumsy workaround. The v1 Ducklings are not as elegant as I would like them to be, they are still very clumsy and not amazingly easy to write for a first time user; hence the long detailed thread explaining their generation. I'm not really sure about makefile and such, I've only used the basic "Right Click -> Export as Runnable JAR" in Eclipse. Because Java is a proprietary language owned by Sun, they govern what goes into it and what doesn't. Their excuses for why they have not introduced delegates is laughable; mainly because it would break anyone's code who has used workarounds for such things and called their variable "delegate". This is a pitiful excuse for not bringing out new coding structures; breaking issues are something that every developer expects to have to cope with and plans in advance to protect against.

Do you have the datasheet for the chipset it uses?

Ahh yeah, I forgot it breaks it down into 255ms chunks. "DELAY 260865" would max it out. When you start adding commands in though, it ramps up the byte-count a lot.