Jump to content

[Version 1] Usb Rubber Ducky Password Stealer


Madkat
 Share

Interested?  

35 members have voted

  1. 1. Would you want something like I describe (I'll go more into detail if People are interested)



Recommended Posts

Hi guys,

I was originally here helping on the USB Switchblade, also helping to do the Rainbow Tables that actually did the password cracking (helped more with this part)

Anyway, I was working on trying to do an ultimate switchblade with an automatic payload and decryption without needing admin access for pwdump. When I checked my Sub box on youtube today, I saw the USB Rubber Ducky. AND the fact someone found a way to run escalated privileges. AND the fact it has an onboard processor (abit slow).

Anyway.

If I can pull the $90 out of my ass for a rubber ducky for testing, is anyone interested in a password tool that would run automatically and decrypt your password automatically all from your rubber ducky (I don't know so much about the decrypt automatically, but I can send the hash off to a remote server, and have it Cracked there, then either displayed online (you'd match your hash to the cracked password), or E-mailed back to you?

Let me know guys, if so I'll start coding as soon as my plate isn't overflowing with stuff I have to do (hopefully about a week!)

If anyone wants to help, let me know. If I can't get my hands on a ducky, I might need a few test subjects running different OS's. There's no windows boxes in this house. I can sorta test in a VM, but Until someone releases a ducky emulator, I can't fully test it (or learn how to access the CPU, if at all possible)

Link to comment
Share on other sites

Ok, I guess 4 people sofar isn't a bad start, so I'll go into a little more detail (This is still pre planning, I'm going off my old project that I'm sure I can copy over to the Ducky)

Features I've written and know work

  • Antivirus Disable (and re-enabler) (My favorite part) - Although I don't remember if it required Admin privileges or not (probably did)
  • The actual password dump (worked 95% of the time when I wrote it, until 64 bit came out), (Although I just found the solution to that problem)
  • The actual password crack (worked every time, automatically when run off of USB).
  • Inability to be detected by an antivirus (really simple way to do it, although I never got word back if I was able to bundle the program with it)

Stuff I never got to work:

  • Admin exploit, although I was just made aware in the video that someone did it...
  • Coding it in anything other than batch

I've come up with a project name (probably going to change for the Final/beta release): Black Duck

If you guys have any suggestions on what else you want it to do, let me know, I'm sure I can try and add to it :)

Link to comment
Share on other sites

USB Pass Through on virtual machines. Then you would be able to test it.

The biggest problem is I want to try to utilize the processor for cracking (at least try and see how slow it is). And I plan on using a VM to test it, I'm mostly looking for someone with a ducky. (due to the economy I can't afford to buy a ducky, Hell I can't afford to feed myself on a regular basis)

Link to comment
Share on other sites

Great ideas. Would love to see what you can come up with. I've been chatting with the guys at Derbycon getting inspiration for some new payloads. Already have a wicked new one done that takes win7 laptop pwnage to the next level. Should help in extracting hashes. Will publish when I get back.

Link to comment
Share on other sites

It's not stealing, but you could have some fun with the recent Lion exploit.

dscl localhost -passwd /Search/Users/`whoami`

should let you change the local user's password. I wonder if /Search/Users/root works... :unsure:

I was mostly planning on doing this on windows. As far as I know, linux password stealing is still a thing of dreams, and the only mac I currently own is a G3 iMac.

Maybe some day I'll attempt it, but for right now, it's just a dream of mine.

Link to comment
Share on other sites

  • 1 year later...

This just died? Or did there come a better alternative I'm not finding?

Sadly, a lot of stuff just "die" from time to time.. people lose interest.. But I'm at least trying to do my part and deliver some payloads to the community.. working on some cool stuff regarding password dumping without any admin privileges. But it will take some time since I am looking into some flaws in Windows 7 currently.. Don't know if there are others still around working on new payloads.. Some seems to still be here.. I myself just got my ducky like a week ago.. :P Wonder if we can get this forum really active by releasing a 0day exploit in the form of a payload to the ducky.. ;)

Take care now..

/crashie

Edited by crashie
Link to comment
Share on other sites

I just got my ducky a week ago and dear lord it isn't easy to find any payloads! I mean I've searched for a simple downloader type script and come up empty. There's nothing in the FAQ. The barrier to entry on this thing is kind of steep. I would love to see any one of MadKat's ideas brought to these forums. Antivirus disabler? ok, post it! password cracker that works "95% of the time", ok, let's see it! If I could just get some brief samples of code to work with I know I could come up with something.

So to respond to the poll, yes, obviously we'd all like to see a password stealer. Who wouldn't?

Link to comment
Share on other sites

Guess I spoke too soon. I just found some payloads. Doh. The other day there was nothing, I swear!

Hehe, I'm working on my new stealer payload, for almost all browsers.. at least the ones used by the 99%.. ;)

I will post it when it's finished and tested. But I'm also thinking of adding some other stealers to it, like messenger stealer and such stuff.. One payload to steal all the goodies ;) together with the SAM and so on...

But since I do this on my spare time (have to work also) it won't be finished this week.. but maybe in 1-2 weeks I'll have a first version finished..

But keep up the work with your payloads and post them here :)

/crashie

Link to comment
Share on other sites

  • 1 month later...

What you want is to install a persistant keylogger. Not to hard to build, just have to evade AV.

should not be too hard, you should be able to do this yourself. You should see this as a personal development challenge.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...