Search the Community

I recently purchased the Rubber Ducky (thanks HAK5, awesome tools thus far). I bought it because. I thought I could bypass the lock screen by injecting my payload (lets say ultiman exploit for ease of use) from the outside looking at a windows lock screen. I routinely find myself in need of capturing a computers RAM (passwords through Rainbow tables....malware discovery....you name it) and cannot if the lock screen is on. For those of you out there who are going to jump on this, yes I could do it through DMA and firewire (IF THEY HAVE FIREWIRE and then I would only get 4 GB of the RAM by DMA design), but I want all the RAM not just what DMA is willing to provide. Basically, I wrote a bat file to conduct the ultiman exploit then encoded it into base64 and placed it in the inject.bin file with a vbs to revert the base64 file back into the .bat file. Then the inject.bin file would execute the .bat file. This works awesome when I plug it in with no lock screen on, however when the lock screen is activated, it never gets to open the command prompt to conduct the injection. HELP HELP HELP I thought because Rubber Ducky would be seen as a HID device it would bypass the lock screen in windows and inject my code. Am I wrong or is this not a capability of the tool?

Hey guys, I just got my Rubber Ducky in the mail the other day and decided to put it to use around my office teaching my coworkers to lock their screens. I wasn't having any luck with some of the other wallpaper replacement payloads (it looks like setting a background from Paint doesn't work very well in Windows 7 for some reason), so I took a slightly different approach. At least half of this was borrowed from You Got Quacked by Caleb Hutchinson. Thanks for the solid foundation! Have fun everyone!