Total Stealth possible?

[ilikepineapple]

Hello,

I have just received my first duckies and started playing around with them and I gotta admit it is pretty fun. I have also found a great interest in the wget + execute function, especially if something can be worked out to do the same for .app on Mac OS X (if someone could help me out with that it'd help, I don't have any mac to help me out find which keys would allow me to remote download + execute).

But most importantly, what's bothering me, is the lack of stealthiness of the actions.

***

Bob tells his friend he needs a certain doc

Adam answers him sure, let me put it on my USB and let me hand it to you.

Adam quickly makes a payload (pre-written and probably pre-compiled too) and puts it inside the SD card.

Adam tells him hey, here's the file!

Bob inserts the rubber duckyB

Bob only sees a couple of things popping up by themselves on the screen, but never ends up with the actual file he's looking for.

***

This is a payload for social engineering 2.0 that I'm looking for, as, for now, the only ones available can remotely download and execute files, or fuckup the OS it's on, but anyone looking at the screen while the USB key is plugged will still see something fishy going on, especially if nothing happens afterwards.

THEREFORE (getting to the point), I'd like to know if a payload exists, or if it is even possible to actually mount the SD card that is inside the emulator so that we get a double-entry, one of an emulator, and the other one of a stoarge unit, that would allow the opening of a new folder that would appear as an external drive to the user, and where we could put whatever .doc or .pdf that is needed to be transfered?

Such a method would allow stealth targetted-infection and much less social engineering and "hoping" that someone just picks up a random USB key and plugs it in to see what happens. Also, the success rate would be much bigger, since you'd be standing right by the person inserting it and he would trust you, since after the little payload of wget and execute is loaded, a windows showing up a mounted external drive with the requested files appear (any non-IT guy would then assume that whatever happened beforewards was just to mount the card/storage)

It has been brought to me the idea of creating a folder in %temp% and name it USB KEY where we would download the file to afterwards open it, but it still seems fishy in case the internet connection isn't quite good, and simply because of the location of the "drive", and, MOST OF ALL, because there actually IS an SD card that should be available to be mounted somehow.

I have read through a lot of forums and guides and yet couldn't find a payload or any hints as to how to make the emulator recognize the SD card it's using as a drive that's browsable and put some files inside that could be used by whoever plugs the key.

If anyone could help me out with that, this would bring the ducky's power to a brand new level.

Thanks in advance,

-pineapple

[MB60893]

I think the best way is to cover your actions by bringing up a screensaver while things execute. It tales 10 seconds, and nothing will be shown providing you don't touch the mouse.

Have a look across the forums.

Cheers,

MB60893.