fourchette Posted January 18, 2015 Posted January 18, 2015 hello, [dunno if i'm posting at the right place, please advise.] i recently acquired 2 USB Rubber Ducky. They are fantastic. I simply love them. What it does with android devices is simply awesome. the only downside is that it's a prepare and fire **static** scenario. meaning that you only type keys using a previously written scenario I am thinking of the following usecase 1. plug the USB Rubber Ducky in the device (assume android) 2. make it request a webservice i own to actually download the keys i want the Rubber Ducky to type, using the victim's device network. i could be in the form of a inject.bin prepared and sent by my webservice. 3. if possible i'd like to grab some information from the device to upload to my webservice, such as if the following information displayed on screen (example : settings menu actually opened), takescreenshot. understand that some of this behavior could very well be an app that i install on the device using the ducky instead of the something that the ducky does by itself. Let's focus on step #2 for starters. I 'm guessing it would require to modify https://github.com/hak5darren/USB-Rubber-Ducky/blob/master/Firmware/Source/Duck_HID/src/main.c in order to introduce a new state (REQUESTING_INJECTOR) once the default script has worked + somehow use a per-type-of-device driver to use the device network stack for webservice acces ? basically what i want to do is to control the set of keys to type after the USB Rubber Ducky has been inserted, instead of preparing everything in the inject.bin is it doable ? Quote
Oli Posted January 18, 2015 Posted January 18, 2015 I prefer a low tech approach of just swapping out SD cards or using a "duck-like" arduino device that can have configurable (via dip switch) payloads or have more logic built into the code. Quote
fourchette Posted January 18, 2015 Author Posted January 18, 2015 can you elaborate on this or using a "duck-like" arduino device that can have configurable (via dip switch) payloads have you seen a duck-like device running on a an arduino or raspberry pi around ? Quote
fourchette Posted January 18, 2015 Author Posted January 18, 2015 are suggesting somethign like http://arduino.cc/en/Reference/MouseKeyboard ? Quote
Oli Posted January 18, 2015 Posted January 18, 2015 This is the kind of thing: https://www.offensive-security.com/offsec/advanced-teensy-penetration-testing-payloads/ Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.