Jump to content

KCSEC - Rubber Ducky 2018 Pentesting Toolkit


Recommended Posts

Hello Everyone,

 

Were creating an updated fork of the Rubber Ducky repo on github

 

https://github.com/KCSEC/USB-Rubber-Ducky

 

Toolkit changes so far

* Updated Ducky-Flasher

* Firmware version list & Infomation

* KCSEC fodhelper UAC bypass to Meterpreter payloads (TwinDuck+TwinDuck Special 2)

* KCSEC fodhelper UAC Bypass to Empire Launchers  (TwinDuck+TwinDuck Special 2)

 

 

In Development 

*Twin Ducky Specific Payloads for local exfiltration 

* 2018 working payload list for windows 10

- MimiKatz

- KeyLogger

* 2018 working payload list for windows 7

 

Want to request a payload idea ?

 

Feel free to comment or post for any payload ideas 

 

Edited by KCSEC
Updated
  • Like 2
Link to comment
Share on other sites

Added new and working with the latest windows 10 Fodhelper UAC bypass to execute meterpreter reverse shell.

This Rubber ducky module for TwinDuck Special 2 .... Will released a standard twinDuck version 2 soon.

https://github.com/KCSEC/USB-Rubber-Ducky/tree/master/KCSEC-Payloads/fodhelper-UAC-Metashell--TwinDuck-special2

 

** Key info **

* Twin Duck Special 2 required (See Ducky Flasher OR Firmware list)
* Drive must be called KCSEC to work (Can be changed in ducky code)
* meterpreter-32.ps1 Must be changed to have the right IP/Port
* Ducky_code.txt shows inject.bin decoded (Not needed for setup)


** Explaination **

Ducky commands runs a hidden powershell calling the fod.ps1
This bypasses UAC and runs the metasploit shell with admin rights without a UAC prompt
Link to comment
Share on other sites

Added new and working with the latest windows 10 Fodhelper UAC bypass to execute meterpreter reverse shell.

This Rubber ducky module for TwinDuck original 

https://github.com/KCSEC/USB-Rubber-Ducky/tree/master/KCSEC-Payloads/fodhelper-UAC-Metashell--TwinDuck-Orginal

Fodhelper bypass to Metasploit reverse shell

** Key info **

* Twin Duck orginal required (See Ducky Flasher OR Firmware list)
* This version has a delay added to allow the USB Storage to mount
* Drive must be called KCSEC to work (Can be changed in ducky code)
* meterpreter-32.ps1 Must be changed to have the right IP/Port
* Ducky_code.txt shows inject.bin decoded (Not needed for setup)


** Explaination **

Ducky commands runs a hidden powershell calling the fod.ps1
This bypasses UAC and runs the metasploit shell with admin rights without a UAC prompt
Link to comment
Share on other sites

Added new and working with the latest windows 10 Fodhelper UAC bypass to execute Empire Launcher.

https://github.com/KCSEC/USB-Rubber-Ducky/tree/master/KCSEC-Payloads

** FOR BOTH TWIN DUCK/SPECIAL 2 **

Fodhelper bypass to Empire Launcher

** Key info **

* Twin Duck Special 2 required (See Ducky Flasher OR Firmware list)
* This version has a delay added to allow the USB Storage to mount
* Drive must be called KCSEC to work (Can be changed in ducky code)
* Empire-launcher.ps1 Must be changed to have the right IP/Port
* Ducky_code.txt shows inject.bin decoded (Not needed for setup)


** Explaination **

Ducky commands runs a hidden powershell calling the fod.ps1
This bypasses UAC and runs the Empire Launcher with admin rights without a UAC prompt

More info on fodhelper UAC bypass here https://pentestlab.blog/tag/fodhelper/
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...