Jump to content

SilentHacker

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by SilentHacker

  1. I made this post a while ago, it should help with the "run hidden" part: https://forums.hak5.org/index.php?/topic/36589-extra-stealth-and-nircmd/
  2. To erase the run command history, simply make the ducky type this in the powershell: This will erase ALL of the history, not just what the ducky did. But no one should notice and even if they do, they shouldn't find it suspicious. To give credit where credit is due: Source
  3. I've noticed that the script that mutes and restores sound to the system loses track- so to speak- of the powershell window. To solve this, you should use the one that just mutes the system and afterwards make the ducky type the script that returns the sound: (And then make the ducky type:) Since at this point, the window is already hidden, there should be no rush to unmute the system. And this way, the ducky can continue typing in the powershell whatever you want it to. Again: Do remember to change the " F:/nircmd/nircmd.exe" to the actual path of the file on your ducky. Thank you for the feedback, and thank you for pointing out the need for the Twin Duck firmware. Always happy to help :)
  4. Hi! Before anything else, I should mention that I am new to all of this (my Rubber Ducky hasn't even arrived yet), but I've been digging around and I think I've come up with a pretty decent alternative to hiding windows in Windows (without having them scroll down and out of sight, which is very unstealth-like). Like I've mentioned, my Rubber Ducky hasn't arrived yet, so I haven't gotten around to learning the script to its fullest for that reason I'm going to be sharing what the ducky should do, step-by-step, instead of the actual inject.bin. The Stealth enhancer: After having the Ducky open the run command (GUI + R) instead of having it write something like "cmd" or "powershell", give this a try and see for yourself: Now you have to make the ducky go LEFT and ENTER to accept opening powershell as administrator. You can still catch a few glimpses of the 2 powershell windows that get open, but they immediately disappear. Although it's not visible, one of the windows IS STILL OPEN so long as you don't click anywhere else. To prove that the powershell running as administrator is still open, type this out (without quotes,it's important that you type it): "start-process notepad.exe", this will open the notepad. This works fine all my computers (Windows 8 and 10), I'm not sure about others, please let me know. Removing the "Run as Admin" sound: Some computers have this annoying warning sound when the box to confirm to run something as admin pops-up. This sound is specially annoying if you want to go undetected. There are two alternatives: 1) You could make the Ducky type "FN + ESC", this will mute or unmute the computer. The problem with this option is that, if the target computer is already muted, this will produce the contrary effect of the desired one. So if you are using this one, make sure the target computer is not muted. 2) For this one we need the help of a tool called NirCmd, this tool is, I believe, a great asset for the Rubber Ducky users. The potential for pranks is enormous. Here's what to do: - First of all, you should get NirCmd: http://www.nirsoft.net/utils/nircmd.zip - Unzip the file and copy the "nircmd.exe" or "nircmd" to the Rubber Ducky's SD card. - Next make the Rubber Ducky run this after (GUI + R): What this does is open a hidden powershell, mutes the system, the dialog box pops up, a hidden administrator run powershell opens (closing the previous one) and restores sound to the system. Alternatively, you could run this (if you don't want to restore sound to the system and keep it muted): WARNING: Make sure to change "F:/nircmd/nircmd.exe" to whatever path your nircmd.exe file has on your ducky. Other applications for nircmd: - open and hide apps. (Open notepad and hide it, but it remains active and you can write whatever you want as long as you don't click anywhere else) I don't know the full extent of this "hide" feature I tried it with google chrome, but I didn't know the "class" so it didn't work. Play around with it and let me know. - show hidden apps. - Make the computer read a text file (Cool Prank) This is all I have had time to play with in the past few days, please point out any mistakes I might have made and let me know on your ideas. Play around with NirCmd's other features and share it here. Sorry for the messy post.
×
×
  • Create New...