Jump to content

Recommended Posts

Posted

Just one quick question. The ducky emulates a HID e.g. a keyboard. So whatever input you did on their is probably going to show up on the screen just like user doing it on keyboard? That isn't very good, is it?

Hypothetically speaking, I'd like to install a "backdoor" in someone's computer. I somehow get the ducky onto their USB port and start injecting keystrokes. The whole process, however fast it is, will show up somewhat on the screen. Wouldn't that raise suspicion? The user finds it suspicious and run anti-virus, and boom, you got caught.

And btw, do you guys have a backdoor script for recommendation? Something sleek. Finish installation backstage during the one minute or so the target plugs in the ducky. Doesn't have to do much. Just enough to give me remote admin access.

  • 2 weeks later...
Posted

Ideally, the user has walked away from their computer without locking their computer, and also ideally they are already an admin, but if you have an exploit, not always necessary. I guess it is mostly just another option for pen testers and such. Also, pen testers don't necessarily have to be stealthy (but they can be), they are there to reveal the vulnerabilities.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...