payloads

[Rayvn]

I got a ducky for X-Mas so im trying to learn how to code duckyscript which is going to take awhile since i have never coded anything before (could also use a link to the most obvious guide ever i am having a bit of a hard time picking it up ) but my question is while i learn  is there any where else i can get premade payloads i have the github payload links would like any links possible but preferably pent-testing ones thanks!

 

[Broti]

Hi,

if you need a guide it's all here: https://www.hak5.org/gear/usb-rubber-ducky/docs or you could purchase the new bookthat covers the Ducky.

Don't worry about "never coded before". Duckyscript is easy to learn.

Edited January 8, 2018 by Broti
added book link

[Rayvn]

i tried that generator one im trying to add a admin account by the funny thing is it needs a admin account to do so (why the hell would i be doing this if already had an admin account) any way to bypass this???

[Broti]

11 minutes ago, Rayvn said:

why the hell would i be doing this if already had an admin account

I think your thoughts a little bit confused. Imagine the following scenario:

Mr.X (equipped with a Ducky and a small "Create Admin Account") walks into Company B and has a nice chat in the office of the Admin. He asks for a map-out of the LAN. Admin stands up turns around and searches on the shelves.

Mr. X quickly inserts the Ducky and cretes another Adminstrator account. Just in time before being discovered he removes it again. The Admin showss him a printout. After some smalltalk he leaves and hides inside the building.

After everyone left the building Mr.X returns to the Admins office, boots up the PC, logs into the newly created Admin account and looks through the company's files. He then copies internal and confidential material to another stick.

He leaves and the next day he sells the stolen data to Company A.

 

24 minutes ago, Rayvn said:

trying to add a admin account by the funny thing is it needs a admin account to do so

Makes sense. But I don't see a problem here, since you should have admin rights on your own system.

[Rayvn]

On 1/8/2018 at 2:28 PM, Broti said:

I think your thoughts a little bit confused. Imagine the following scenario:

Mr.X (equipped with a Ducky and a small "Create Admin Account") walks into Company B and has a nice chat in the office of the Admin. He asks for a map-out of the LAN. Admin stands up turns around and searches on the shelves.

Mr. X quickly inserts the Ducky and cretes another Adminstrator account. Just in time before being discovered he removes it again. The Admin showss him a printout. After some smalltalk he leaves and hides inside the building.

After everyone left the building Mr.X returns to the Admins office, boots up the PC, logs into the newly created Admin account and looks through the company's files. He then copies internal and confidential material to another stick.

He leaves and the next day he sells the stolen data to Company A.

 

Makes sense. But I don't see a problem here, since you should have admin rights on your own system.

i can see the problem i bought a few laptops from some cheapo places and craigslist .ect to test my ducky on for a bit of fun sorry to worry you 

[Rayvn]

@Broti you still gonna help me? Can you or is the problem to much work? Would like a response. Thanks!

[Broti]

@Rayvn well there is payload I know of to directly help you in this matter. If anyone else know: Please enlighten me.

As for resetting admin passwords there are tons of tutorials online.

One thing you could check though is boot 'em in safe mode. Some machines then reveal an admin account (with no password/master password ion manial) but it really depends on the vendor/re-seller.

But that's nothing that can't solely be handled with a Ducky.