JoeMac Posted February 23, 2014 Posted February 23, 2014 Just one quick question. The ducky emulates a HID e.g. a keyboard. So whatever input you did on their is probably going to show up on the screen just like user doing it on keyboard? That isn't very good, is it? Hypothetically speaking, I'd like to install a "backdoor" in someone's computer. I somehow get the ducky onto their USB port and start injecting keystrokes. The whole process, however fast it is, will show up somewhat on the screen. Wouldn't that raise suspicion? The user finds it suspicious and run anti-virus, and boom, you got caught. And btw, do you guys have a backdoor script for recommendation? Something sleek. Finish installation backstage during the one minute or so the target plugs in the ducky. Doesn't have to do much. Just enough to give me remote admin access. Quote
overwraith Posted March 9, 2014 Posted March 9, 2014 Ideally, the user has walked away from their computer without locking their computer, and also ideally they are already an admin, but if you have an exploit, not always necessary. I guess it is mostly just another option for pen testers and such. Also, pen testers don't necessarily have to be stealthy (but they can be), they are there to reveal the vulnerabilities. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.