GraafG Posted September 4, 2016 Share Posted September 4, 2016 http://hackaday.com/2016/09/03/software-usb-on-the-esp8266/ Quote Link to comment Share on other sites More sharing options...
basic4 Posted September 17, 2016 Share Posted September 17, 2016 It's a good solution. Although I built a wifi ducky based on arduino boards and the ESP8266, since combining both gave the possibility of full speed USB and multiple end points. I built prototypes and used these until I found the 'Cactus Micro' , which is a combination of a Leonardo and ESP8266. Wrote various controllers for Python, .NET and Android. Works well. Since the Atmel chip is recognized as both a HID device and a Serial port, You can (via a script) run command prompt in a windows target, and return the output of the script (via serial) to the duck and then on back to the attacker machine! Can supply the code if you're interested. Quote Link to comment Share on other sites More sharing options...
basic4 Posted September 17, 2016 Share Posted September 17, 2016 It's all here https://github.com/basic4/WiDuck Quote Link to comment Share on other sites More sharing options...
GraafG Posted September 25, 2016 Author Share Posted September 25, 2016 Thank you basic4!!! The url is missing a y : https://github.com/basic4/WiDucky Quote Link to comment Share on other sites More sharing options...
youretheone Posted December 7, 2016 Share Posted December 7, 2016 I'm new to this and want to make sure I understand, please - you're using the Cactus to inject the same password-capturing commands as the Ducky, just over wifi instead of by direct USB fake-keyboard entry? So you can enter them at your leisure instead of having to distract the user for 15 seconds? I was trying to think how this would be useful, and if I understand the basic concept, it makes sense - you could plant the Cactus when the computer is turned off (possibly after hours when no users are around, minimizing chances of detection), wait for them to walk away and lock their screen, then run the Ducky Script over wifi? That way there's much less chance of them seeing the powershell window, and you can retrieve the Cactus later when no one's around again. Have I got this right, or am I misunderstanding something critical? :) Thanks! Quote Link to comment Share on other sites More sharing options...
youretheone Posted December 7, 2016 Share Posted December 7, 2016 (Sorry, I don't mean "run the Ducky Script", I mean "run the powershell commands the Ducky Script would run".) Quote Link to comment Share on other sites More sharing options...
basic4 Posted December 15, 2016 Share Posted December 15, 2016 Hi 1. No ducky will work when a machine is locked. That's one of their limitations. 2. Yes - the WiDucky can just sit there and do nothing until you connect to it over WiFi - and send keystrokes. Basic4. Quote Link to comment Share on other sites More sharing options...
basic4 Posted December 15, 2016 Share Posted December 15, 2016 (edited) See the following projects I've built around the Ducky HID attack.. https://github.com/basic4/WiDucky - Wifi Ducky with windows/Python/Android controllers. https://github.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle - A basic ducky with microSD for under $10. Basic4. Edited December 15, 2016 by basic4 Quote Link to comment Share on other sites More sharing options...
youretheone Posted December 18, 2016 Share Posted December 18, 2016 Hi basic4! Thanks for responding! Apologies, I'm confused (and a newbie)...I thought the whole point of a ducky was that they plugged into computers when the user was still logged in, but had locked the screen. Is that wrong? Thanks! Quote Link to comment Share on other sites More sharing options...
basic4 Posted December 18, 2016 Share Posted December 18, 2016 Hi - A ducky only works if the user IS logged in AND the screen isn't locked. Using a ducky requires that the user has walked away from the target machine without locking it. Or if you can distract the user from the screen for the amount of time needed to insert the ducky and run its script. When a machine is locked, can you use the keyboard? (except to login) - No you need the password - which we don't know. So a Ducky is just a tool to type commands very quickly - that's all. Regards, Basic4. Quote Link to comment Share on other sites More sharing options...
zibri Posted December 23, 2016 Share Posted December 23, 2016 (edited) I have a question about the serial port used as exfil channel. Does it require some specific drivers enabled on the victim machine? I am referring to this [1] This command batch file allows feedback from the target Windows machine to be sent. If the Widucky types 'remrec4.bat dir/w', the batch file executes the the 'dir/w' command and sends the output of the command to the WiDucky serial port. The output is then returned via wifi to the controller application and displayed remotely. (*This requires the Arduino drivers to be loaded on the target machine.) From my understanding, if the target machine doesn't have those drivers previously installed, the exfil channel will not work. Thus we will not be able to have an interactive (sort-of) remote shell. Am I right? [1] https://github.com/basic4/WiDucky/blob/8ce8d217040448bf7b654c1eab4eae5da5596767/Test-Scripts/Remrec-Script/readme Edited December 23, 2016 by zibri Quote Link to comment Share on other sites More sharing options...
basic4 Posted December 23, 2016 Share Posted December 23, 2016 Hi Zibri - Yes. You'd need to install the serial drivers via a script (powershell etc) to get full 2-way communication. Quote Link to comment Share on other sites More sharing options...
zibri Posted December 23, 2016 Share Posted December 23, 2016 Yeah right! Maybe wouldn't be easier to have it running automatically at the boot (e.g. rc.local in a Linux OS) once the widucky is inserted? However, this will also requires the victim machine to be able to reach internet and hope the attacker's webserver (i.e. where those drivers are located) is not blacklisted. P.S. Can you provide an example of drivers needed. I would like to create a Powershell one-line script to try install them. Thanks! Quote Link to comment Share on other sites More sharing options...
youretheone Posted December 23, 2016 Share Posted December 23, 2016 Thanks for clearing that up basic4! I don't know where I got that misconception from. :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.