Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by chrizree

  1. Try any suggestions that can be read in the USB Rubber Ducky documentation that is available online Solid red: https://docs.hak5.org/hc/en-us/articles/360010555093-My-USB-Rubber-Ducky-shows-a-solid-red-LED-now-what- Flashing/blinking red: https://docs.hak5.org/hc/en-us/articles/360010471194-My-USB-Rubber-Ducky-is-flashing-RED-now-what-
  2. No one is a veteran when it comes to the CyberSec area of expertise :-) It's an ever changing profession that never rests, so in that aspect it doesn't matter how many years you have in your backpack. Of course, it's an advantage to know a bit of many things, but there are others that are far more skilled than I am. So, with that said, if I would buy some Hak5 device myself, I would rather go with the Bash Bunny instead of the USB Rubber Ducky. The Ducky is cheaper and can be more "stealth", but the Bunny is more powerful and versatile and easier to use in my point of view. If you by
  3. You should perhaps look into using a cluster to share CPU resources between computers. Raspberry Pi examples linked below just to get a picture about what it is all about. https://magpi.raspberrypi.org/articles/build-a-raspberry-pi-cluster-computer https://projects.raspberrypi.org/en/projects/build-an-octapi https://ubuntu.com/blog/building-a-raspberry-pi-cluster-with-microk8s https://medium.com/swlh/how-i-built-a-raspberry-pi-cluster-for-cheap-38ab661bd641
  4. Please explain what you are trying to achieve with your Ducky script, or at least the part where the keyboard fails. Alternative keyboards (apart from US) works for me when using the Bunny.
  5. When it comes to email, you aren't restricted to Gmail only. Any smtp based email delivery should work. As far as I know, you have to go with an alternative firmware for the Ducky to be able to store files on the Ducky SD card. The original firmware is read only in "attack mode". Check the article linked below from Null Byte, it's a bit aged, but gives a hint of what might be needed. https://null-byte.wonderhowto.com/how-to/modify-usb-rubber-ducky-with-custom-firmware-0177335/ As an alternative, it's possible to use an ordinary USB flash drive attached to the same computer as th
  6. I've documented my "USB Charger Router" on my GitHub, check the link out: https://github.com/chrizree/UCR It offers an AP using OpenWRT and when connected to the wireless network, it's of course possible to SSH into it as well as using the LuCI web gui that comes with OpenWRT. It is possible to configure it to join an already existing wireless network that can automatically be connected to when starting the device. In its current configuration, it doesn't have any reverse VPN, but it's pretty easy to add using an OpenVPN-AS to create a "bridge" into the device from a remote location.
  7. Do you mean known "ordinary" wireless networks? It's possible in the WiFi Pineapple web interface. I always have my Nano to connect to one of my own networks when in reach. I use the USB port for an additional WiFi adapter (wlan2) and let it connect to provide the Nano with an internet connection without interfering with the Nano functionality using the onboard radios (wlan0 and wlan1). It's for sure possible to use one of the onboard radios but, as said, it might reduce the functionality of the Nano. It all depends on how you use the Pineapple. It might not be a problem in your specific case.
  8. OK, then you have the exact same scenario as me, i.e. you have never had any VPN connection successfully working even though the Nano web GUI has indicated the opposite. There should be no need to wipe anything, a reboot will get the Nano back where it was before issuing the command.
  9. What happens after the last line of the output of the OpenVPN connection attempt is shown? Can you access the Nano? Is it responsive in the way that you get back to the command line prompt or is it stuck? Do you have to reconnect to the Nano using SSH? Does the LED of the Nano turn off and then start blinking?
  10. Have you tried with or without the "equals sign" (=) when specifying language? Not sure if it makes any real difference (I don't have my Bunny around at the moment so I can't test it), but the documentation is rather non-stringent when it comes to the use of the equals sign or not. The Ducky Script page for the Bash Bunny at docs.hak5.org does not specify the use of the equals sign, and the documentation on the Hak5 GitHub uses as well as does not use the equals sign on the same docs page. Kind of confusing, but might not matter at all. You can at least try with or without the equals sign, i.e
  11. I usually leave it powered on using a "charger" that doesn't exceed the limits of the Shark Jack (i.e. not using a USB port on the PC even though it should work well, depends on the type of port of course). When charging, the Shark Jack is pulling about 0.2A with my setup, then less and less as the charging progresses (just like an old school car battery charger). When the Shark Jack is still attached to the charger, but not charging (i.e. solid blue LED), it is consuming about 0.00 - 0.01A, i.e. stops charging but still powered on. I can't say anything about the charging circui
  12. If you use the standard Hak5 firmware (and not any of the alternative firmwares around for the Ducky) then you cannot write data to the flash memory of the Ducky. It's read only when inserted into the Ducky. You have to supply an alternative USB memory device if selecting the "Save To USB" option in the Duck Toolkit. To send the report (or whatever) using the email option, you need access to an smtp service to get it all to work. The Ducky won't supply this for you.
  13. This issue is already being discussed in other threads https://forums.hak5.org/topic/53188-sd-card-cant-get-to-work/ I have never had any problems with SD cards on my Nano, so I haven't dug any deeper into the matter. It seems as if there is some kind of solution coming for it. Not sure when though. The Hak5 team has to answer that, but I guess they are pretty occupied with the Mark VII and Cloud C2 v3 at the moment, but... just my guess. There might be other dev resources linked to the Nano specifically.
  14. It would be easier to help if you elaborate on the scenario at hand, i.e. what are you trying to do in a "step-by-step" fashion. Even posting your current payload script code would be good. Code is worth a thousand words 😉 To know if the payload has finished, you need to look at the screen. The Ducky just keeps on blinking the same way and (as far as I know) this is why Hak5 started to use its now "standard" application of using LED colors and blink patterns for other Hak5 products to communicate with the user/operator. At least that's my guess. There might be alternative firmware for the Duck
  15. Yes, I agree to your thoughts on having Arming Mode as a way to recover. If one messes around with Arming Mode, it might end up in a Owl that gives you problems. Better to leave it "as is". You can get at least some inspiration from the Owl script/payload example that I have on my GitHub. It connects to a known network if available, otherwise it goes on doing any attack set up in Attack Mode. https://github.com/chrizree/Hak5-SignalOwl-Loot-or-Scan
  16. Yes, the configuration for the client is most often supplied by the VPN service provider (such as ExpressVPN) as an ovpn file.
  17. OK, try another encoder. I'm not up to date on how recent the online encoder is. I used the duckencoder.jar when I was verifying it just before posting. Try to add the language flag for the target environment when encoding, not sure if it makes any different in this specific case, but you can at least try it and see if it helps. https://github.com/hak5darren/USB-Rubber-Ducky/blob/master/duckencoder.jar
  18. Is it mandatory that this needs to happen in arming mode specifically? You could include the possibility to connect to a known wireless network if it's available "in the air" and circumvent any scripted attack in attack mode if so.
  19. CTRL-SHIFT ENTER works on my USB Rubber Ducky in scenarios where I, for example, want to run a Command Prompt in Windows 10 as Administrator.
  20. If possible, I would suggest that you verify it all in a "clean" environment. I.e. in an OS installed in an ordinary fashion, no Docker container or virtual environment. Just to rule out the fact that there might be some problem with the Bunny itself. If that works, I would then start to hunt down issues in the Docker implementation.
  21. This works for me... With no Bash Bunny plugged in, run bb.sh sudo bash ./bb.sh or just sudo ./bb.sh (sudo not needed on Kali if you run as "in the old days", i.e. default to use root all the time) Run the setup if it hasn't been run on the particular PC before [G]uided setup (recommended) Plug in the Bash Bunny in step 3 After the setup is done, unplug the Bunny and run bb.sh again Then select (this is most likely the step that you have missed doing) [C]onnect using saved settings Plug the Bunny in You will get the "Cloud>PC>Bunny" Ascii art after a
  22. GuitarGuy has written both posts (here and GitHub)
  23. Well, even if I can't get my own Nano running, I won't keep any OpenVPN secrets from you 🙂 Try the following... Note that this has been done on a LAN Turtle (and also on my "non Hak5" mips_24kc based GL-AR150), *not* the WiFi Pineapple Nano since it crashes/panics all the time when initiating a VPN connection. As a matter of fact, I'm writing this post using the LAN Turtle based autostarted OpenVPN connection. I'm adding a standard "Do this at your own risk" message to begin with 😬 The OpenVPN modules are of course available in the Pineapple file system, but I wouldn't go down t
  24. The changelog for 2.7.0 says "Fixed an issue where OpenVPN would cause a kernel panic upon establishing tunnel." However, I'm experiencing this specific issue even with 2.7.0 installed on my Nano. I've tried several different VPN services that works perfectly fine with more beefy distros using CLI, so I'm 100% sure that the setup is working. I can follow the "negotiations" on screen when the VPN is established on the Nano, but in the end when the interface is to be brought up, the Nano resets/reboots. This happens all the time. I'm not using the available GUI module for this, but pure CLI conf
  25. So you get a tun interface listed when you ssh into the Pineapple and run ifconfig (or check the available interfaces in the Networking "tab" of the Pineapple web GUI). The "running..." status in the web GUI doesn't necessarily mean that the VPN is up. I forced the Nano into that status just with some bogus settings that doesn't actually establish any VPN connection, so I wouldn't count on that it actually is a 100% reliable status indicator. However, my Nano reboots all the time as I try to do the "non GUI" setup of a OpenVPN client. It doesn't matter if using different VPN providers or diffe
  • Create New...