Jump to content

uintdev

Active Members
  • Posts

    22
  • Joined

  • Days Won

    2

Everything posted by uintdev

  1. For what you are wanting to do, as far as I am aware, it would not be possible on the USB Rubber Ducky. It uses HID. It can use mass storage as well if you program the device with the Twin Duck firmware but the data transfer will be very slow and there would still be no way of detecting all major desktop platforms. Using a Bash Bunny would be ideal as that would allow you to determine the platform used (USB Ethernet & nmap) and quickly exfiltrate user data via mass storage in the same script (either by using HID to issue copy commands or setting up a hidden reverse shell that would then be interacted with via USB Ethernet and netcat).
  2. Even if you were to go with PS2 only, you could always get an adapter for that. Not as convenient and fast but in theory it should work. If we were talking about modern laptops then no worries about exposed PS2 ports. You might have the ability to disable USB completely via BIOS as well as setting a unique BIOS password.
  3. Have you tried putting the commands in quotes? For example: Q STRING "foobar"
  4. Having the string encoded with base64 would add on more characters to type out (including the base64 decode function). If I were to encode the PowerShell part (without the variables becoming an IP and a port number): it would be 458 characters long base64 decoded but 611 if base64 encoded (this includes escaping so it could be slightly shorter). This is without the function required to decode base64. I figured having it harder to read in a small window would be somewhat good enough (won't be in full view, goes by fast, Windows may lock up cursor during keyboard input). It's not like we're passing over a small binary file via netcat, so my question is if it would be worth adding in the extra steps.
  5. Minimum on mine was 15. Perhaps it's to do with the display configuration. The changes have been made in v0.1.3. I have to say, this one really gives it a boost. Thanks.
  6. v0.1.2 is out. 'cmd' is now directly ran by default (avoiding that very noticeable window with a deep blue coloured background).
  7. It should allow commands that would be admin-only sent from the BB to work. Pushed out v0.1.1. It uses the shortcut @Dave-ee Jones suggested for the UAC, ADMIN is now false by default, CMD background processes created as a result of the payload now close once done and delays have been shortened. If the newly set delays are too short, let me know and I'll try adjusting it to something reasonable. If you've used the previous version of the payload on a computer, check task manager and kill "Windows Command Processor" processes that were created by the payload if you want. They use up a little RAM.
  8. It would need to remain connected. The LED will indicate once it's done. Indeed it sucks for there to be such character limit. I did manage to decrease $sm to 254 characters (without IP and port) but that is definitely not enough still. I could use SimpleHTTPServer to host the PowerShell file on the Bash Bunny. As for being to be able to execute it as a privileged user (optionally), that could be a bit of a challenge. EDIT: Hello. Future me here. Dismiss that comment about using a HTTP server. Can't put the variables in the script that way. Ah, yes. I heard of that shortcut but kinda forgot about it being a thing. Would speed it up a bit, so thanks for that suggestion. The ADMIN variable changes the method it would run the CMD. So if it were to be set to false, it won't go through the UAC at all.
  9. Discussion thread for the RevShellBack payload. I've seen quite a few Rubber Ducky projects to do with getting a reverse shell running on a PC so that the shell can be accessed remotely on a different computer. But what got me thinking is this: the Bash Bunny is a full-on Linux ARM computer, right? It has netcat and it can do HID and ethernet simultaneously. So.. why not use that instead? At first, this payload will use a bit of HID trickery to hide itself from an observer as best as it can. As soon as it has done executing the final PowerShell command, HID is no longer used. User-defined commands will be sent to the computer in the background. By default, 4 commands are executed as a demo: Write file (with content) to the desktop Eject CD/DVD tray (if it exists) -- thank PowerShell for making that possible Open calculator application Message box -- powered by PowerShell For information about the payload, the payload script itself and how to configure it, it can be found at this GitHub repository: https://github.com/uintdev/RevShellBack
  10. You can make it use the German keyboard layout. java -jar encode.jar -i inject.txt -l de
  11. If you're using the GB keyboard layout, use something like this: java -jar encode.jar -i inject.txt -l gb By default, it uses the US keyboard layout.
  12. Introduction Ducky HID WSI is HID-only firmware for the USB Rubber Ducky based off of midnitesnake's Ducky_HID firmware (clicky). WSI is short for 'with status indication'. This firmware is like the one that comes with the USB Rubber Ducky but it uses the LEDs to show when it's in the injecting keystrokes stage and when it's complete. LED indications Red with green slightly flashing :: keystroke injection stage Flashing green :: starting; finished Red :: unable to use/access file Download The firmware is available to download from the release section in the GitHub repository.
×
×
  • Create New...