[If query from the duck]

Well, if the LOCK-Keys are If-Programmable (which they should, AFAIR I read that these keys are sent from the OS to all HIDs) then that would be enough.

eg.: I'm writing a Script in AutoHotkey (AHK). I can add a If-statement in the script which checks if the compiled script is running with administrative privileges or not. If it doesn't, I can enable CapsLock with the script which would also be sent to the ducky, which knows then, when the script is executed.

With this method, there could be a failsave implemented so that you've neither a too early Enter Keystroke from the duck OR a suspicious UAC window 5-15 secs on the screen while you are waiting for the duck.

Any other If loops would be unnecessary. At least for Data exfiltration...

[If query from the duck]

Hi!

I'm a quite long owner of multible teensys but sadly I haven't done much with them until I bought them. After watching the Show where Darren exfiltates Passwords with the Duck, I ordered one.

A couple days later, the duck swam through my door ;)

So I started writing my own little script wich calles another batch on the sd card, but I'm running in some issues.

First and foremost, if I run the powershell command to gain administrative powers, time varies to display the UAC dialogue from pc to pc.

Also, a program, like written in AutoHotkey or AutoIT could be stealthier than a batch file.

This could be even more interesting since you are able to trigger Keystrokes with either Scriptlanguage.

To interact with the duck, is there a possibility to write If-commands in the duck payload, so it waits to execute some code?

If not, it would be a really nice addition to the duck.

But if it isn't possible, may someone can explain me why?

THXIA

Obi-Wahn

[Episode 4x15]

Cool episode. I liked the skype interview. It was really different.

As far as it belongs to mp3, I have only 10-12 Gig of MP3, which are basically ripped from CDs I have, or downloaded from Jamendo.com and Chilirec.com

Another gig are streams from the CCC (Chaos Computer Club [Germany/German]).

I personally use MP3Tag to sort and tag my collection, which is very handy, because I can query the freedb, amazon.com and amazon.de for tags. It takes only 2 clicks to rename the files with the tag-data or change the tag-data from the filename.

[Bypass Eula on PStools?]

What about adding the "EulaAccepted" Regkey before?

eg 4 pskill:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USERSoftwareSysinternalsPsKill]
"EulaAccepted"=dword:00000001

EDIT: Sorry, overread the last part of your 1st post.

EDIT2: I've downloaded v 1.12 of pskill from microsoft, and see there, if you start it the first time with -accepteula, it accept the eula, and you can kill a process with the first run. I think this parameter is included to the ps-suite from now...

eg:

pskill.exe -accepteula winrar.exe

EDIT3: M$ Technet Link to PsKill

[feb desktop!!!! yes its here]

Heres mine...

http://img153.imageshack.us/img153/9746/screenpi8.th.jpg[/img]

[copying entire drives]

All my released tools are Open-Source. just type "usb_copier.exe /Src" in the commandline. Coded in AHK, downloadable @ www.autohotkey.com

[copying entire drives]

Hi!

Actually, I've coded something that copies the entire drive or even only specific filetypes from any removable drive.

DOWNLOAD

Just doubleclick it, and it'll ask you.

But:

I've tested the syntax. Doesn't matter if I try

xcopy "D:*.doc" "C:files" /S /C /Q /R /H

or even

xcopy "D:*.doc" "C:files" /S /E /C /Q /R /H /Y

it copies all files to the directory.

Have you created the directory before?

[Januari desktops :D]

http://img153.imageshack.us/img153/9574/laptopscreendd2.th.jpg[/img]

My new Laptop Desktop.

I created a hybrid from a official AVP2 Wallpaper and a screenshot from the Homepage.

[Obi-Wahn's Switchblade]

@islandcastaway: No, it's an .u3p File (U3 Program Installation) but in fact U3P is a renamed .zip or .rar. It works, but maybe the Icon is false on your system.

[Obi-Wahn's Switchblade]

@USBHacker: I'll try...

[Obi-Wahn's Switchblade]

Sorry Guys for late answer but I've to do a lot in the past.

@Skunkfoot: To 1st post: It's possible, that you cant just add the Hacksaw, because I've coded only the Switchblade part, and I never had to use the Hacksaw. If I found some time (maybe behind my desk *gg*) I look at the hacksaw and maybe -depends on time- I'll start developing.

But it's possible that the release came in January or so (cause I've to sell @ my Christmas market).

@RadarG: As far as I know, the entire Software is installed to the Writeable partition of the U3 Device. The Installations are Stored in "J:SystemApps" ("J" is the Letter of the writeable Partition), and my Switchblade should be in the Folder "65FAEC39-85E2-4CA5-A53F-D738C97D1538".

It's possible that some AV scanners detect some stuff, but that's a false positive. Most Tools I've used are from Nirsoft, and they're often detected by Scanners, because they're looking for Passwords. It depends on the Scanner and/or the User Input if the Files are only blocked or deleted. I'm working on a solution to prevent the detection, but that's far away.

The "ff_passwordsXX.txt" should contain Passwords of an Firefox Installation. It could be, that there's a Bug. I've to look at the Code to see if there's a failure. If there's so, I'll fix it.

[October Desktop]

Reinstalled Machine, new Wallpaper and Rainmeter Skin...

Rainmeter: Panthero Glass

TopBar: Rocketdock

Style: Aero Glass Light

[September Desktop]

Windows XP :

Wow. This is a awesome Background. May I get the Wallpaper from you (or a link)

Thanks

[September Desktop]

My September Desktop

Wallpaper: Light Modification of a WP from NetTools 4.5 (Removed Nettools Logo and resized wallpaper)

Cmd.exe: Console, Modifyed Console_small.xml

Rainlendar: Clear Skin

Top Bar: RocketDock

Style: VTP 6.0

Clock: LClock

OS: Windows XP SP 2 Home Edition

Also Running: WinRoll, YZ Shadow

[Your number 1 tool/utility]

cmd.exe or Autohotkey

[August Desktops]

@all: Rainmeter counts the Uptime since the last reboot/shutdown. My last reboot was 30 days before. But over night, my notebook is in idle state.

[August Desktops]

Rainmeter, Digi-Skin

[August Desktops]

My Notebook desktop.

Modified Wallpaper (original 4:3, now 16:10)

ORIGINAL WALLPAPER

[Obi-Wahn's Switchblade]

I found a big bug into my switchblade.

On one system, Switchblade hangs when Ignoremycomputers=Yes.

I'll fix it, and upload it asap.

[Obi-Wahn's Switchblade]

@Charlie: Believe it or not, I wasn't ever on myspace, so may your post is joke (cause of "lol") or not. If not, show me a tool, and I'll try it.

@setzer: Actually, I've tested it only on AVG, Norman and Avast AV. And there wasn't any beep (accordingly to ZA Firewall). And I've add a FF password reader, which works on a testinstallation of FF on my machine. Setting into the .ini File: Section "DUMP", Key "FFPasswords"

[Some Tools I've coded]

May I do, but file.exe is in fact a updated version of fc.exe. I've fixed several bugs and added more features. however, at the moment, I've currently a  lot to do with my diploma thesis, so I don't do very much coding work now.

May I seperate the copy-part of file.exe and put it into a updated version of fc.exe

[Obi-Wahn's Switchblade]

After installation of the Package, you have to start the switchblade on your computer.

It'll create a hidden Directory "Switchblade" on the writeable partition. there are two files into. A processlist and a .ini-File.

In the .ini File, there's a Section called Mycomputers. There you can add computers / users to ignore by adding lines like "index=Computername_username".

on startup, it checks the section and if it's plugged into a system with the correct Computer_Username combination, it'll exit.

Example:

[MYCOMPUTERS]
# If you want to add more Computer-User combinations
# Write in every line a Array of numbers. Eg:
# 1=Computername_Username
# 2=...
# ...
1=OBI-WAHN_Andreas
2=ANDREAS_Obi-Wahn

This is my configuration. The #1 entry is filled in by starting the package the first time. so you have to plugged it into your computer while starting.

Yes. I mean this dialog.

[Pseudo "Start Menu" using Autorun.inf]

I like this better than all those start menu replacement programs, because this does not add a process, and thereby uses no ram or CPU cycles.

Of course, that's right, but this will work only with a few items in the list. If there are many Items, may it's chaos in the list or -'d be worse- on a lower res, you wouldn't see all items.

BTW.: I think "modern" computers (from P2 with 128 MB RAM upwards) should be able to handle a process that "weight" 7.5 Megs of RAM.

[Some Tools I've coded]

Thanks.

Unfortunately, I detect one bug til jet. On the Searchmask if the search should performed into a subfolder, containing a plus symbol (+), then it doesn't work. Because I split the Searchmasks on a plus symbol.

I've to change this, but at the moment I've only a rare amount of time.

EDIT: New tool added: pkill.exe

[Obi-Wahn's Switchblade]

May THIS will work.

And yes, I wrote the complete switchblade (.exe / .bat, Manifest-File, processlist) and created the Icon, based on the Switchblade-logo from the wiki and the HAK5 logo.