AndreeU17 Posted October 26, 2014 Share Posted October 26, 2014 So i'm working in the IT field as an intership. My current goals in the job are simply assisting students with basic tech knowledge, repairing equipment (Working on my Electrical Engineering Major), setting up Window servers, maintaining Server rooms (Very Limited Work there) and thats about it. My job is simple, but lately i've encounter students with laptops issues, most of the issues has been them not remembering what theyre computer password is. Now these students are a bit older than the average youngster (+30), mainly my instructor has told me to simply hook it into the network via ethernet ports and re-image the laptops, however, i was assuming with my New RUBBER DUCKY USB, i can find a way to either bypass the user account and log in or simply create a temporary Admin user which would allow me access to be able to change the password. Now this might sound fishy but its all for both my pleasure and for educational reasons. I have programming knowledge, so overall my general question is this: Is it possible? Has it already been created? Has it been given to the public for usage? If so can you direct me to the link! Also i work with Linux and Mac computer apart from Windows, so if its possible to find a specific one that can easily target all those OS's then that will be more than great but if not no biggies, my biggest concern is Windows OS since thats what i see most of the time! Thanks! Quote Link to comment Share on other sites More sharing options...
StZ Posted October 26, 2014 Share Posted October 26, 2014 Over at DuckToolkit there are some options for creating new user accounts with administrative privileges. Not sure if that's what you're looking for since you need command prompt access. For targeting multiple OS's, you obviously can't use the windows payload. I remember seeing a custom firmware somewhere that would excute different payloads based on capslock, numlock or scrolllock beeing turned on. Perhaps that helps. Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted October 26, 2014 Share Posted October 26, 2014 You have to remember that the ducky is just a automated keyboard. So if you can't do manually, the ducky can't do it either! Quote Link to comment Share on other sites More sharing options...
AndreeU17 Posted October 26, 2014 Author Share Posted October 26, 2014 You have to remember that the ducky is just a automated keyboard. So if you can't do manually, the ducky can't do it either! Okay thats understanding, however, the ducky surely can open a CMD and create and Admin, as well as create an admin user thru the selection of buttons like it normally would, but the issue i see, is that i first need to log on to one of the users, so if the current user isnt an Admin, then the Ducky can not create an Admin! Also is it possible to contain two Different Payloads together? Or can i only contain 1 injection.bin file? Quote Link to comment Share on other sites More sharing options...
overwraith Posted October 26, 2014 Share Posted October 26, 2014 (edited) Also is it possible to contain two Different Payloads together? Or can i only contain 1 injection.bin file? If by contain, you mean run one right after the other, then yes, you can use the command line binary copy command to combine multiple inject files. If you mean select from multiple payloads at runtime, then you would have to get creative, essentially uploading all the scripts at once, and then choosing one to run using a script, and delete the rest. If each script requires certain macros etc in the Windows OS, then would not be very feasible to select from multiple payloads (wait, I just remembered something read more >>). There are some firmware types that allow you to select from multiple payloads by pressing caps lock, or pressing the button on the ducky, but I don't use them very often. You could also have multiple small SD cards, since most firmware has a byte limit anything larger than the minimum is waste unless you store a library of ducky scripts on the SD card. I think currently there is no ability to automatically detect OS types etc without some form of scripting involved. Edited October 26, 2014 by overwraith Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.