Broti
-
Posts
233 -
Joined
-
Last visited
-
Days Won
6
Posts posted by Broti
-
-
I'm currently rebuilding my EDC kit and I'm open to suggestions.
Content so far:
Thumb drives
- SanDisk Cruzer Blade 16GB: Portable Apps + Sysinternals Suite + Other tools
- 3x SanDisk Cruzer Slide 32GB (empty)
Gadgets
- USB Rubber Ducky (standard firmware)
- LAN Tap Pro
- USB MicroSD card reader
- Plectrum
- 3.5mm audio jack
Adapters
- USB to MicroUSB
- Data Blocker: USB, MicroUSB, Lightning
- Watson MicroSD HC
Cables
- kos-OTG
- Cat5 Loopback
-
LiveOverflow? Doesn't ring a bell here.
Of course I meant legit keygens, hence the mentions of CrackMes. If anyone wants a keygen for <insert product here> he or she is looking in the wrong place.
What about obsolete algorithms like DES or even more vintage stuff like ENIGMA or Playfair?
-
2 hours ago, PoSHMagiC0de said:
Aren't the CrackMe more binary exploit than crypto? But if it is solving a crypto challenge then yelp.
Well it really depends. One could patch the binary to accept any code given OR the more elegant way is to RE it, find the key-algo and then build your own KeyGen for the specific CrackMe.
So it teaches two things at once. Understanding of the algorithm in use and how to implement it in your program.
-
Sounds like an interesting sub-section.
So basics for starters and more advanced levels explained and possible "CrackMe!" challenges like in those Reverse Engineering boards, right?
-
My favourite password manager: KeePass. Open source and it supports different systems
-
1 hour ago, Dotan said:
maybe cause im using mass storage firmware?
Yup, that's should be the reason why
Iirc the mass store firmware can't run payloads. If I'm mistaken, please correct me.
I never tested another firmware. -
Just hold down the button on the ducky while inserting for DFU mode. :-)
-
Yay ... nice hacking-to-go gadget
-
Hi,
First question: Here's a good flashing tutorial https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Flashing-ducky
Second question: Payloads for Windows only work on those. But you can compile them on any system, though.
Since the ducky emulates a keyboard, the keystrokes work like the systems behaviour. If you use Windows-specific key-compo, they won't have the same effect on Linux/Mac OS - if any.Third question: The standard firmware works like a charm. Depending on your payload-needs you may need to use another firmware.
-
53 minutes ago, digininja said:
If someone found a bypass then it would open holes in so many apps that it would be patched within hours if not quicker.
That would be like hell on earth for webhoster/webmins.
-
I'm not yet convinced by Win10, not to mention the aggressive "Upgrade now" policy.
So I'll stay with 8.1 + Classic Shell on my desktop. -
I'm currently reading books about 6502 assembly language.
-
For starters you could write a password generator.
Depending on the programming language you could also check projects of interest on github for example.
-
Well since all questions hav e been answered so far, I'll just want to add my experiences to some of them
Question #5:
I usually use the GUI version of DuckyEncoder. But the other options are good aswell.Question #6:
An initial DELAY 3000 should be sufficient for more or less modern systems - even for one of my old 800MHz Laptop (XP SP3). -
Did you select the right language keymap?
Missed that more that once before compiling a script.
-
Hi,
according to the FAQ.
A flashing RED LED means the Ducky can’t read the SDcard.
My Ducky is flashing RED, what now?
Take out the SDcard (it can be stiff first of all, so don’t worry), some people have used tweezers or have been fairly gentle with a flat-tipped screwdriver.
Try reinserting the SDcard, or alternatively insert the card into an SDcard adapter/reader, and see if the host OS (Windows/Unix/OSX) can natively read the card.
If the host OS can read the card, re-insert it back into the Ducky and try again.
If the host OS can’t read the card, you may try re-formatting the card (FAT), or simply try another SDcard that you may have (commonly found in mobile phones, cameras, etc).
A red light is also flashing if now inject.bink is found (iirc)
-
you need Java to compile a payload-script to an inject.bin file using duckyencoder.
This file has to be copied to the micro sd card of the ducky.
After that, the ducky will run your script. :)
-
Sure. Any system has to be up-to-date, but yet nothing is a 100% secure.
It's possibly that an even lesser known OS is more secure even it is more out-of-date.
A small recommendation: Lightweight Portable Security by the Department of Defense
Also runs from USB (which is not accessable after bootup for security reasons)
PS: Ultimately if anything has memory access, it can screw with the system in one way or another ^_^
-
The Ducky is recognized as a HID (human interface device) [keyboard]
It's not shown as a normal thumbdrive, except you hold down the button on the Ducky board while inserting it.
A good way to get started is:
- The FAQ: https://forums.hak5.org/index.php?/topic/28824-faq-frequently-asked-questions/
- Darren's "Quack" start video:
-
Thanks! Working on it, though I'm having a busy weekend, but will update the main post with each step forward.
No sweat.
Take your time ;)
-
An AIO tool would be marvellous.
Keep on coding!
-
Well I used Basic on different platforms and I still like it.
- Basic V2 (Commodore 64)
- Basic V7 (Commodore 128) - just wrote 2 or 3 code examples
- Amiga Basic (Amiga 500) - actually I hated coding on Amiga, but enjoyed gaming
- Quick Basic 1.1/4.5 (PC/DOS)
- Visual Basic 4/5/6/.NET (PC/Windows)
-
And since you asked about the Ducky too:
- Check out the Ducky FAQ
- Look at the different payloads in the section
- Start small (e.g. : open Notepad and type "Hello World!")
- Don't hesitate to ask
-
Cool idea
Why not rick-rolling the guests?
-
1
-
Hacker EDC? defcon EDC? every day carry?
in Everything Else
Posted
Phone: Samsung Galaxy S2 (yeah I know, not the latest model ;) )
About the pick: It comes quite in handy to open casings, especially when you don't have long fingernails.