Madkat Posted September 30, 2011 Share Posted September 30, 2011 Hi guys, I was originally here helping on the USB Switchblade, also helping to do the Rainbow Tables that actually did the password cracking (helped more with this part) Anyway, I was working on trying to do an ultimate switchblade with an automatic payload and decryption without needing admin access for pwdump. When I checked my Sub box on youtube today, I saw the USB Rubber Ducky. AND the fact someone found a way to run escalated privileges. AND the fact it has an onboard processor (abit slow). Anyway. If I can pull the $90 out of my ass for a rubber ducky for testing, is anyone interested in a password tool that would run automatically and decrypt your password automatically all from your rubber ducky (I don't know so much about the decrypt automatically, but I can send the hash off to a remote server, and have it Cracked there, then either displayed online (you'd match your hash to the cracked password), or E-mailed back to you? Let me know guys, if so I'll start coding as soon as my plate isn't overflowing with stuff I have to do (hopefully about a week!) If anyone wants to help, let me know. If I can't get my hands on a ducky, I might need a few test subjects running different OS's. There's no windows boxes in this house. I can sorta test in a VM, but Until someone releases a ducky emulator, I can't fully test it (or learn how to access the CPU, if at all possible) Quote Link to comment Share on other sites More sharing options...
thomas@ Posted September 30, 2011 Share Posted September 30, 2011 I have a few Mac box's, 1 windows machine and a shit load of VM's I can lend a hand if you need it. Quote Link to comment Share on other sites More sharing options...
Madkat Posted September 30, 2011 Author Share Posted September 30, 2011 Ok, I guess 4 people sofar isn't a bad start, so I'll go into a little more detail (This is still pre planning, I'm going off my old project that I'm sure I can copy over to the Ducky) Features I've written and know work Antivirus Disable (and re-enabler) (My favorite part) - Although I don't remember if it required Admin privileges or not (probably did) The actual password dump (worked 95% of the time when I wrote it, until 64 bit came out), (Although I just found the solution to that problem) The actual password crack (worked every time, automatically when run off of USB). Inability to be detected by an antivirus (really simple way to do it, although I never got word back if I was able to bundle the program with it) Stuff I never got to work: Admin exploit, although I was just made aware in the video that someone did it... Coding it in anything other than batch I've come up with a project name (probably going to change for the Final/beta release): Black Duck If you guys have any suggestions on what else you want it to do, let me know, I'm sure I can try and add to it :) Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted September 30, 2011 Share Posted September 30, 2011 USB Pass Through on virtual machines. Then you would be able to test it. Quote Link to comment Share on other sites More sharing options...
CanadianTaco Posted September 30, 2011 Share Posted September 30, 2011 I could help test. (Win7 and XP) Quote Link to comment Share on other sites More sharing options...
Madkat Posted September 30, 2011 Author Share Posted September 30, 2011 USB Pass Through on virtual machines. Then you would be able to test it. The biggest problem is I want to try to utilize the processor for cracking (at least try and see how slow it is). And I plan on using a VM to test it, I'm mostly looking for someone with a ducky. (due to the economy I can't afford to buy a ducky, Hell I can't afford to feed myself on a regular basis) Quote Link to comment Share on other sites More sharing options...
1n5aN1aC Posted October 1, 2011 Share Posted October 1, 2011 Send me some code, i'll read through it and try it out, but some of the stuff you want to do is kinda hard to do based on the nature of the ducky..... Quote Link to comment Share on other sites More sharing options...
Madkat Posted October 1, 2011 Author Share Posted October 1, 2011 Send me some code, i'll read through it and try it out, but some of the stuff you want to do is kinda hard to do based on the nature of the ducky..... I'll have some code in a week or so. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted October 1, 2011 Share Posted October 1, 2011 Great ideas. Would love to see what you can come up with. I've been chatting with the guys at Derbycon getting inspiration for some new payloads. Already have a wicked new one done that takes win7 laptop pwnage to the next level. Should help in extracting hashes. Will publish when I get back. Quote Link to comment Share on other sites More sharing options...
Netshroud Posted October 3, 2011 Share Posted October 3, 2011 It's not stealing, but you could have some fun with the recent Lion exploit. dscl localhost -passwd /Search/Users/`whoami` should let you change the local user's password. I wonder if /Search/Users/root works... Quote Link to comment Share on other sites More sharing options...
Madkat Posted October 3, 2011 Author Share Posted October 3, 2011 It's not stealing, but you could have some fun with the recent Lion exploit. dscl localhost -passwd /Search/Users/`whoami` should let you change the local user's password. I wonder if /Search/Users/root works... I was mostly planning on doing this on windows. As far as I know, linux password stealing is still a thing of dreams, and the only mac I currently own is a G3 iMac. Maybe some day I'll attempt it, but for right now, it's just a dream of mine. Quote Link to comment Share on other sites More sharing options...
MS1605 Posted October 7, 2011 Share Posted October 7, 2011 I would love to see this... Quote Link to comment Share on other sites More sharing options...
nopenopenope Posted October 7, 2011 Share Posted October 7, 2011 Im in, send me the code, ill see if I can add anything too it. Quote Link to comment Share on other sites More sharing options...
#?! Posted March 13, 2013 Share Posted March 13, 2013 This just died? Or did there come a better alternative I'm not finding? Quote Link to comment Share on other sites More sharing options...
crashie Posted March 13, 2013 Share Posted March 13, 2013 (edited) This just died? Or did there come a better alternative I'm not finding? Sadly, a lot of stuff just "die" from time to time.. people lose interest.. But I'm at least trying to do my part and deliver some payloads to the community.. working on some cool stuff regarding password dumping without any admin privileges. But it will take some time since I am looking into some flaws in Windows 7 currently.. Don't know if there are others still around working on new payloads.. Some seems to still be here.. I myself just got my ducky like a week ago.. :P Wonder if we can get this forum really active by releasing a 0day exploit in the form of a payload to the ducky.. ;) Take care now.. /crashie Edited March 13, 2013 by crashie Quote Link to comment Share on other sites More sharing options...
shutin Posted March 14, 2013 Share Posted March 14, 2013 I just got my ducky a week ago and dear lord it isn't easy to find any payloads! I mean I've searched for a simple downloader type script and come up empty. There's nothing in the FAQ. The barrier to entry on this thing is kind of steep. I would love to see any one of MadKat's ideas brought to these forums. Antivirus disabler? ok, post it! password cracker that works "95% of the time", ok, let's see it! If I could just get some brief samples of code to work with I know I could come up with something. So to respond to the poll, yes, obviously we'd all like to see a password stealer. Who wouldn't? Quote Link to comment Share on other sites More sharing options...
shutin Posted March 14, 2013 Share Posted March 14, 2013 Guess I spoke too soon. I just found some payloads. Doh. The other day there was nothing, I swear! Quote Link to comment Share on other sites More sharing options...
crashie Posted March 14, 2013 Share Posted March 14, 2013 Guess I spoke too soon. I just found some payloads. Doh. The other day there was nothing, I swear! Hehe, I'm working on my new stealer payload, for almost all browsers.. at least the ones used by the 99%.. ;) I will post it when it's finished and tested. But I'm also thinking of adding some other stealers to it, like messenger stealer and such stuff.. One payload to steal all the goodies ;) together with the SAM and so on... But since I do this on my spare time (have to work also) it won't be finished this week.. but maybe in 1-2 weeks I'll have a first version finished.. But keep up the work with your payloads and post them here :) /crashie Quote Link to comment Share on other sites More sharing options...
angelburnt Posted April 16, 2013 Share Posted April 16, 2013 i would pay someone who could code a ducky to catch wireless keys and microssoft outlook passwords and send them to an email account... its that possible? Quote Link to comment Share on other sites More sharing options...
no42 Posted April 16, 2013 Share Posted April 16, 2013 What you want is to install a persistant keylogger. Not to hard to build, just have to evade AV. should not be too hard, you should be able to do this yourself. You should see this as a personal development challenge. Quote Link to comment Share on other sites More sharing options...
kmichael500 Posted April 17, 2013 Share Posted April 17, 2013 I can help test. This sounds like an awesome project! Quote Link to comment Share on other sites More sharing options...
Bountyhunter50 Posted April 29, 2013 Share Posted April 29, 2013 Agreed, anything I can do to help, please let me know! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.