Jump to content

[Question] Minimal Visual Impact


marc
 Share

Go to solution Solved by raytri3,

Recommended Posts

Received my rubber ducky yesterday and I'm having great fun playing with some payloads. Sadly I don't have a win7 box to play with outside of my VM, and the Mac keyboard layout as well as being in the UK isn't the greatest thing in the world, but still loving the device. I recommend getting yourself a USB hub that also has a microSD slot; it makes for much faster payload writing and testing.

Here's an idea.

Given that the rubber ducky doesn't receive any info from the system itself, it completes its commands without receiving any feedback. As this is the case, longer payloads could be covered up visually with the following idea:

We write a small app that takes the clipboard, displays it fullscreen and always-on-top, and doesn't exit unless a certain key command is pressed. Say CTRL-H.

1. Printscreen is pressed

2. Code is executed to quickly download/run this app, which launches as above.

3. Other elements of the payload are completed in the background. Meanwhile, the printscreen from the beginning is being displayed due to the app running.

4. Eventually, the other elements of the payload are quit on completion, such as command windows etc etc.

5. CTRL-H is pressed to quit the printscreen display app which cuts back to the desktop looking exactly like the printscreen.

This would produce no more visual giveaways than the payload executing this app. Of course, when we have access to the microSD data itself as well as the HID, this should be a lot easier to implement. But it's just an idea to "lock" the screen whilst executing more complex procedures to avoid suspicion.

Edited by marc
Link to comment
Share on other sites

  • 3 months later...
  • Solution

My favorite way to hide is: STRING cmd /Q /D /T:7F /F:OFF /V:OFF /K followed by ALT SPACE M downarrows to move it off screen.

Received my rubber ducky yesterday and I'm having great fun playing with some payloads. Sadly I don't have a win7 box to play with outside of my VM, and the Mac keyboard layout as well as being in the UK isn't the greatest thing in the world, but still loving the device. I recommend getting yourself a USB hub that also has a microSD slot; it makes for much faster payload writing and testing.

Here's an idea.

Given that the rubber ducky doesn't receive any info from the system itself, it completes its commands without receiving any feedback. As this is the case, longer payloads could be covered up visually with the following idea:

We write a small app that takes the clipboard, displays it fullscreen and always-on-top, and doesn't exit unless a certain key command is pressed. Say CTRL-H.

1. Printscreen is pressed

2. Code is executed to quickly download/run this app, which launches as above.

3. Other elements of the payload are completed in the background. Meanwhile, the printscreen from the beginning is being displayed due to the app running.

4. Eventually, the other elements of the payload are quit on completion, such as command windows etc etc.

5. CTRL-H is pressed to quit the printscreen display app which cuts back to the desktop looking exactly like the printscreen.

This would produce no more visual giveaways than the payload executing this app. Of course, when we have access to the microSD data itself as well as the HID, this should be a lot easier to implement. But it's just an idea to "lock" the screen whilst executing more complex procedures to avoid suspicion.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...