netzwerg

After a bit of "research" (AKA "googling"), I found the solution to the problem. The solution is to use a forked (and more recent) version of the duckencoder, which can be found here.

I am running VMware Fusion on a Mac with a Windows 7 guest. My goal is to run the Invoke-Mimikatz payload for credential pilfering, which involves sending WIN-R (GUI R) to the Windows OS. However, because Windows 7 is running as a guest VM, the Windows OS doesn't actually see the ducky connect as a USB keyboard. The ducky connects to the host OS (Mac OSX) instead. When the script sends a 'GUI R', this doesn't seem to get passed to the guest VM (Windows), even if the focus is on the VM at the time. However, if I write a basic script that simply sends a 'STRING Hello World' and 'ENTER', then I see these characters appear, if I first open notepad to give it something to type into. Has anyone tried something like this before, or does anyone have an idea how to go about addressing this?

I read, on another site (https://ducktoolkit.com/), that starting a script with REM will have it wait until the button is pressed. Maybe you could give that a shot.

Same reason that I am looking at it too. I REALLY wanted the USB Armory, but I can't justify the expense right now. I also want to use it as a portable Kali instance.

Nice. I have just ordered my Pi0. I'll try and run it over the micro USB port, as I am pretty sure I will burn stuff out if I try and solder again. Been way way way too long since I picked up a soldering iron.

@b0N3z - I am curious - why did you have to go down the path of soldering a USB port to the Pi Zero for this purpose? Couldn't you just use the existing micro USB port (not the PWR port) and configure it as Ethernet over USB? Or did you want to have the ability to plug it in like a USB thumb drive? Got any links you can share?

That was a sensational presentation. Some really cool stuff in there.

Depends on what you are trying to do on the endpoint. If you are trying to deploy pre-compiled executable, into which you want to embed shellcode, then something like shellter (as mentioned by @anode) is a good choice. I have used it to deploy putty with an embedded meterpreter reverse_tcp shell to an endpoint. The handy thing that shellter can keep the executable functional, which is really cool when used with putty, when you consider that it is used by IT professionals, and they make for good targets (holding the keys to the kingdom and all). If you want to take an existing executable and make it bypass AV, then you can use any number of packers and/or crypters. One that I have had a lot of success with recently was Hyperion. As @digip says, there are other ways that ensure that executables don't even land on the endpoint. An example of this is the reflective DLL injection used by the Invoke-Mimikatz.ps1 powershell script, which was demonstrated by Hak5 with the USB-RD in their 15 sec credential hack, a la Mr Robot.

Oh well. I fall victim to impatience yet again.

Are you talking about a host-based utility, or something to be deployed in your network? If host-based, what is your target OS?

I ended up ordering the WP, LT, and USB RD as standalone items. Just received them a few days ago. Can't wait to start playing around... :)

I use Password Gorilla on my Mac and PasswdSafe on my Android. They both use the same database format, which I sync between them via Dropbox. Both are free. Just make sure that the password that protects your databaseis your strongest one, ok? ;)

BTW, I know this info is now "after the fact", but it turns out that you didn't need to add the book to your cart and then use FREEBOOK to discount it. You were supposed to use the FREEBOOK on your order, and that would result in someone manually adding the free WiFi pineapple book to your order in the back end. Luckily for me, the kind people at Hak5 shop refunded the book that I had added to my cart in error.

Just placed an order for a Nano, USB RD, and LT yesterday. I tried using the FREEBOOK coupon but, even though it applied successfully, it didn't discount the book at all. Now I'm trying to work out who I email about getting that fixed. Can't wait for my kit to arrive here in Australia though... :)

Maybe take a look at this video. I believe that they did what you are looking for in their ducky script, and may have linked to it too. I think they did it with "ALT y", rather than LEFTARROW. https://www.hak5.org/episodes/season-21/hak5-2101-15-second-password-hack-mr-robot-style https://www.hak5.org/blog/15-second-password-hack-mr-robot-style