jdorrough Posted August 10, 2015 Posted August 10, 2015 (edited) I gave a presentation last week on two variants of rubber ducky payloads that decrypt wireless ssl traffic.The first variant uses the ducky firmware (keyboard only)The second variant uses the twin duck firmware (keyboard and mass storage) I’ve tried to acknowledge other people’s code I used, but if I missed someone, let me know. Give it a shot and I’ll try to help get it working if you have any questions.****Payload 1 using Keyboard only “trusted-root.txt”****** Before the attack will work, you will need to setup your MITM listener. There are lots of walkthroughs online. The payload will need to be adjusted to reflect what SSID your AP will be using. After the MITM AP and proxy are setup, you will need to export the signing certificate and convert to base64 encoding.I’ve listed commands to do that in the attached presentation slides. If you are using the “trusted-root” variant, you will need to update the syntax to use your exported certificate instead of the one I used. That should be all you need to make the keyboard only payload work. *Note you may need to adjust timers or acknowledge pops differently than what my test machine needed. This version will work on IE and Chrome but not Firefox. ****Payload 2 using Keyboard and USB Mass Storage “Twin-trust-root.txt”***** Like the pervious payload, you will need to setup a MITM listener and export a certificate. For this payload you will need to add the certificate to your own copy of Firefox. Then you will need to copy your Firefox key3 and cert8 files. I’ve included slides in the presentation to show you where they files are located. *Note you may need to adjust timers or acknowledge pop ups differently than what my test machine needed. This version will work on IE, Chrome and Firefox. Edited August 11, 2015 by jdorrough Quote
jdorrough Posted August 10, 2015 Author Posted August 10, 2015 Sorry for the weird formatting above. The forum is not allowing me to attach the files used to run the payload. There is also a 3 post per day max, so I'll try to add the files tomorrow. Quote
Mr-Protocol Posted August 11, 2015 Posted August 11, 2015 Manually upgraded your account to allow more features. Try again when you get a chance, and good work. We are all slowly getting back from DefCon. Quote
jdorrough Posted August 11, 2015 Author Posted August 11, 2015 Hey thanks Mr-Protocol. Instead of fighting with the attachment problems, I've uploaded everything to github. https://github.com/jdorrough/Defcon-23-presentation Quote
Mr-Protocol Posted August 11, 2015 Posted August 11, 2015 Even better! I wanted to see this talk but the booth was so busy. I will be downloading the talks when they are available. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.