Just_a_User
-
Posts
1,822 -
Joined
-
Last visited
-
Days Won
54
Posts posted by Just_a_User
-
-
3 minutes ago, Charlie86 said:
But now I have problem how to copy it to Ducky.
read line 3-5 of the readme ?
https://github.com/hak5darren/USB-Rubber-Ducky/blob/master/Encoder/README
-
6 hours ago, Dave-ee Jones said:
I hate to say it but I don't think this is correct..
IIRC it is, - I think iOS 8 and Adroid 6 onward's started doing this to avoid tracking.
EDIT: However there seems to be methods around it to see real MAC addresses https://arxiv.org/pdf/1703.02874v1.pdf @Sebkinne would/could that be a potential feature that the pineapples could use?
-
1 hour ago, Jimmy_G said:
This is what I'm looking at:
The newer version lanturtle buttons look like this, I also took some time to pluck up the courage to push it hard enough to click ?
-
12 minutes ago, The Power Company said:
Since the Hak5 stickers are no longer available for standalone purchase in the shop,
https://hakshop.com/products/sticker-set
? not easy to find but still there
-
nice project, did you already consider float switches? https://www.amazon.com/Copapa-Horizontal-Liquid-Switch-Sensor/dp/B00AKW29U2 can proib find cheaper.
Just tells you if water is above or below the switch position but you could use a few at different levels of the water container to give you an idea of water level. e.g. Full, 3/4. 1/2, 1/4, pump min.
The bottom one (pump min) I would perhaps use some redundancy 2x in parallel (if using NO, serial if NC) at the same lvl so you only need one to switch to make sure you don't pump dry.
-
14 minutes ago, zetta said:
Thanks for the help
Its obviously not your router, contact the owner of the router/property and ask them for the login details. if they want to let you have them they will.
Otherwise ask your other housemates to stop downloading torrents and streaming pron ?
-
1
-
-
7 hours ago, pixelz11 said:
What does the root rubber ducky bin file do?
its your encoded payload. Best brush up https://www.hak5.org/gear/duck/the-ducking-workflow-usb-rubber-ducky-101
-
34 minutes ago, Foxtrot said:
the super hero that defends your router against all kinds of malicious packets?
not just routers ?
-
10 hours ago, KCSEC said:
Hello,
So trying to create a script for windows 10,
Here is the example code
DELAY 1000
GUI r
DELAY 200
REM Prompt UAC for PSH
STRING powershell Start-Process powershell -Verb runAs
ENTERNow the UAC prompt starts in the back ground, so need something like
ALT+TAB
ALT LEFT LEFT
ALT Y
However Can't get it to work correctly any ideas ? ALT TAB brings up the menu and then need to keep holding ALT then nav left twice to be on the UAC prompt
I dont have a windows box in the house but a fair amount if the bashbunny payloads tackle similar ducky issues so its worth checking out some bashbunny payloads for ideas
just for example, might not solve your issue - https://github.com/hak5/bashbunny-payloads/issues/50 or https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/execution/exe_UACBypassD%26E
-
1 hour ago, aideux said:
Okay, do you know if the key (caps or num) needs to be pressed prior to ducky insertion, or if you insert the ducky and then press the key?
As it seems to be looking for the gpio button push im guessing it can be inserted, key pressed then gpio to run script.
// injection state machine switch(state) { case state_IDLE: // check switch in_affect=false; LED_Off(LED1); if( gpio_get_pin_value(GPIO_JOYSTICK_PUSH) == GPIO_JOYSTICK_PUSH_PRESSED ) { // debounce if( debounce == 0 ) { state = state_START_INJECT;Maybe wrong tho
-
21 minutes ago, aideux said:
Also, num lock would affect payload 1 and caps would initiate payload 2? This block of code makes me think that:
Yes thats looks good to me
-
1 hour ago, aideux said:
What do I need to name the payloads, and is the setup any different, or is it like “inject.bin” and “inject2.bin”. Thanks ?
its in here ?
Maybe its always GPIO button but payload1 if caps on and payload2 if not?
-
OK but thats slightly different, thats using the ducky as a first stage to launch a second stage powershell script. Darren does say the Caps/Num/Scroll lock LEDs state is stored on the computer and not the keyboard so could potentially can be read but im not sure the ducky could do this itself - at least not with standard firmwares. But in the powershell script it could read LED status and base logic off of that im sure. But if the first stage script fails the second may never run. at least thats how i see it, maybe someone else will add to this thread with more details.
-
6 minutes ago, Skynet2018 said:
I see some ducky payloads that show as the command it was executed, by the caps lock led.
For the ducky? or for the bashbunny?
AFAIK I think the ducky can check for a keypress before running a script but once that script is running theres no stopping it for logic. In the ducky the logic is in firmware not payload. So would require a firmware mod and then im not sure of available space etc.
-
On 6/29/2018 at 2:17 PM, aideux said:
I understand that one payload would be executed when Caps Lock is active and the Ducky is inserted, while the other would work when Num Lock is active before the Ducky is inserted
Im not sure thats the case, i think its payload one when cps/num/scroll lock are pressed and GPIO button for payload two? I think the term twin duck refers more to Storage and Payload. Maybe im wrong someone will correct me. but its worth searching the forums for more info - like the below
-
1 hour ago, Skynet2018 said:
Hello I have a question. Can the ducky auto correct himself, if something is going wrong. Like this https://www.offensive-security.com/movies/teensy-offsec-payload.mp4
No the ducky is just replaying the script with no real feedback other than keypress check before running the script (twin duck style). The Bashbunny however can do logic with the possibility of fedback and error checking/correcting.
Im just reading about that peensy and seeing how its doing it, e.g. it downl;oads a file to check Internet connectivity, bashbunny can do that for sure. It seems to use num/scroll/caps keys once a command is successful by checking keyboard LED status. I don't know if that already exists in a bashbunny payload but seems like it should be something achievable by the bash bunny also.
Interesting stuff, thanks for sharing
-
@Exmix @Bigbiz @trapman16 guys take a look at this thread
-
1
-
-
1 hour ago, digininja said:
Are some of your posts done by a bot as this makes no sense at all.
I'm prob wrong but i think i deciphered part of it
Mate = google - "my old trusted mate.......his name is Google!"
Mates Cousin = Binary - "My mate has a cousin, his name is Binary,"
Binary search is a Search engine? or tool? i dunno lol
-
21 minutes ago, mikebax10413 said:
software given to students to use on their personal computer to complete assignments. Unfortunately it blocks access to cmd
ummm are you sure its not pre installed onto school supplied computer provided to students? ? haha
-
Sounds suspicious lol I hope for your sake your telling the truth ?
Basicly if you can do what you want with a keyboard and USB stick you can do it with a ducky.
-
14 hours ago, mikebax10413 said:
work on a computer (not my own) with Respondus Lockdown Browser
if its not your own computer or you don't have explicit permission from the owner its best to leave it alone - thats illegal.
-
1 hour ago, Domain0@engineer.com said:
I've had nothing but trouble with this device from day one. If its not trying to configure it to link to WiFi its modules, and or staying connected. It's something that might work or wont work. They should take lessons from the developers of QubesOS who not only thoroughly test their system but also provide excellent support documentation with easily understood support pages. Obviously their testing is flawed, as is the support here. Having to attempt configuration on four systems, ultimately resulting in a clean install of Kali linux to finaly get the thin to somewhat work, I experience a great deal of trouble with modules. Having to reset the device to factory three times. Its not friendly to switching between running on android and back to linux. the script for wifi sharing is flawed or incomplete, and must in many cases be configured manually. That tkes time away from doing with the device what it was designed for, aggravation many don't have time to dedicate. I certainly would not recomend this to anyone other than a casual hobbyist who has time to tinker. As for me I will tear mine down into base components and use them for a worthwhile project in my spare time. Its unworthy for any professional applications and totally unreliable.... A POS, take youre chances its 505-50 weather or not it works as intended.
Ummm you have made 3 posts on the forums, first one you given pointers by @Foxtrot on how to read logs to aid fault finding , your second post I offered support to help you and you didn't respond.
Maybe this isnt the device for you, fair enough but don't say people didn't try to help you ?
-
12 hours ago, sponbobs said:
mips_24kc.ipk
I have zero experience of mips 24k, so Im unsure whats required. I would have thought that if python and aircrack-ng were compiled for running on mips 24k then the python written wifite2 would run on it, but i really don't know having never tried it.
-
27 minutes ago, tcunha said:
How can i do that? I tried to save in the directory /tmp/captiveportal.log but the user save fill the form and NEVER saves on the file.
Take a look at @kbeflo's portals as they write to a log in /root/ https://github.com/kbeflo/evilportals
-
1
-
non US key layout
in Classic USB Rubber Ducky
Posted
Ah i don't apple ? so im guessing but - maybe the OS X keyboard needs a slightly different ascii key map file. take a look at an existing one and compare the ascii for OSX maybe you can modify it to work.
Is it all keys that don't work for OS X or just some?