KSEC ARK
-
Posts
10 -
Joined
-
Last visited
Posts posted by KSEC ARK
-
-
The twin duck firmware adds the feature for the memory card to be used as mass storage.
flash that firmware and should be good to go.
-
What firmware are you using?
-
Added updated and easier to read readme.txt
- Added categories
KCSEC Ducky-Payloads
KCSEC Ducky-Payloads To Host-Payloads Packages
-
Added new and working with the latest windows 10 Fodhelper UAC bypass to execute Empire Launcher.
https://github.com/KCSEC/USB-Rubber-Ducky/tree/master/KCSEC-Payloads
** FOR BOTH TWIN DUCK/SPECIAL 2 ** Fodhelper bypass to Empire Launcher ** Key info ** * Twin Duck Special 2 required (See Ducky Flasher OR Firmware list) * This version has a delay added to allow the USB Storage to mount * Drive must be called KCSEC to work (Can be changed in ducky code) * Empire-launcher.ps1 Must be changed to have the right IP/Port * Ducky_code.txt shows inject.bin decoded (Not needed for setup) ** Explaination ** Ducky commands runs a hidden powershell calling the fod.ps1 This bypasses UAC and runs the Empire Launcher with admin rights without a UAC prompt More info on fodhelper UAC bypass here https://pentestlab.blog/tag/fodhelper/
-
Added new and working with the latest windows 10 Fodhelper UAC bypass to execute meterpreter reverse shell.
This Rubber ducky module for TwinDuck original
Fodhelper bypass to Metasploit reverse shell ** Key info ** * Twin Duck orginal required (See Ducky Flasher OR Firmware list) * This version has a delay added to allow the USB Storage to mount * Drive must be called KCSEC to work (Can be changed in ducky code) * meterpreter-32.ps1 Must be changed to have the right IP/Port * Ducky_code.txt shows inject.bin decoded (Not needed for setup) ** Explaination ** Ducky commands runs a hidden powershell calling the fod.ps1 This bypasses UAC and runs the metasploit shell with admin rights without a UAC prompt
-
Added new and working with the latest windows 10 Fodhelper UAC bypass to execute meterpreter reverse shell.
This Rubber ducky module for TwinDuck Special 2 .... Will released a standard twinDuck version 2 soon.
** Key info ** * Twin Duck Special 2 required (See Ducky Flasher OR Firmware list) * Drive must be called KCSEC to work (Can be changed in ducky code) * meterpreter-32.ps1 Must be changed to have the right IP/Port * Ducky_code.txt shows inject.bin decoded (Not needed for setup) ** Explaination ** Ducky commands runs a hidden powershell calling the fod.ps1 This bypasses UAC and runs the metasploit shell with admin rights without a UAC prompt
-
I've got it running on a VM at the moment but yeah LEFTARROW ENTER does not seem to work anymore on windows 10.
Could be the VM, will try a local machine just to be sure.
-
Hello Everyone,
Were creating an updated fork of the Rubber Ducky repo on github
https://github.com/KCSEC/USB-Rubber-Ducky
Toolkit changes so far
* Updated Ducky-Flasher
* Firmware version list & Infomation
* KCSEC fodhelper UAC bypass to Meterpreter payloads (TwinDuck+TwinDuck Special 2)
* KCSEC fodhelper UAC Bypass to Empire Launchers (TwinDuck+TwinDuck Special 2)
In Development
*Twin Ducky Specific Payloads for local exfiltration
* 2018 working payload list for windows 10
- MimiKatz
- KeyLogger
* 2018 working payload list for windows 7
Want to request a payload idea ?
Feel free to comment or post for any payload ideas
-
2
-
-
Hello,
So trying to create a script for windows 10,
Here is the example code
DELAY 1000
GUI r
DELAY 200
REM Prompt UAC for PSH
STRING powershell Start-Process powershell -Verb runAs
ENTERNow the UAC prompt starts in the back ground, so need something like
ALT+TAB
ALT LEFT LEFT
ALT Y
However Can't get it to work correctly any ideas ? ALT TAB brings up the menu and then need to keep holding ALT then nav left twice to be on the UAC prompt
after years in storage, what’s the first things to do?
in Classic USB Rubber Ducky
Posted
We’ve made a bit of a guide here if helpful
https://www.ivoidwarranties.tech/posts/kcsec/rubber-ducky-toolkit/