Jump to content

Rubber Ducky’s problem

Ict

By Ict
in Classic USB Rubber Ducky

 Share

Recommended Posts

Ict Newbie

Ict

Posted
Posted

Hi

I recently buy rubber Ducky and I have some questions:

1- at frist when I connected my rubber ducky to my pc I can able to see as an usb drive, but know I cant see anything,why!? What should I do!?

2- I am an administrator to my own private network and I have a lot of security features like : Anti viruses,DLP,Firewall, GPO , UAC and etc, when I connect the rubber ducky to one my network computer , nothing happened!!! But I heard and read all of PCs as a keyboard or etc, Could please what should I do that When I connect that usb to the pc I can run my code!?Is it possible to do it with Rubber Ducky or bash bunny (I have bash bunny too)!?

3- Can I use rubber ducky for a pc that is in lock or logoff mode and execute my own code!!?

4- I test Rubber Ducky in my MacBook Pro, but when I connect it to it I face a message that said I have a better keyboard and it doesn’t let the code to run, what should I do not to face this message it apple products!?

 

5- How can change the usb recognition from keyboard to mouse or printer!?

 

Thanks

Link to comment
Share on other sites
charliechar_ Newbie

charliechar_

Posted
Posted

I'm new here, so I don't know if my answers will be accurate, but:

 

1: If you didn't flash anything onto the RD, more if It's a newer version, it SHOULD NOT be detected as a normal USB drive when plugged in, meaning it should not appear in the explorer, but rather detcted as a keyboard. So it's actually more normal that you don't detect a thing in the explorer when connecting the rubber ducky.

 

2: This also happened to me at the beggining. Did you added a delay just at the beggining of the code? If you didn't, the rubber ducky will probably start to throw keystrokes faster than the PC can recognize something was plugged in, so it won't launch the payload 

DELAY 100

should do the trick. Again, if you didn't flash anything different than the retails firmware, it should strat to execute the payload as soon as it is plugged.

 

3: You can, but it'll probably just start to write on the password text field, since you can't do much else on the logon screen without touching registry keys. If the user has no password, adding two 

ENTER

at the beggining of the script should be sufficient to enter the desired user (Windows 10)

 

4: Don't know much about apple products, can't answer this one

 

5: Someone else should answer this, but i think you can without, again, modyfying the software inners of the rubber ducky: Why would you want tho? You can do pretty much anything with just the keyboard. (And what is the advantage of the rubber ducky being detcted as a printer? imo, useless)

Link to comment
Share on other sites
Ict Newbie

Ict

Posted
  • Author
Posted

Thanks

about number 2 :

I didn’t change and update the frimware,It means If I add a Delay at the beginning I can bypass the UAC,Firewall and antivirus?!and I can excuse my code?!

about number 3:

It means that I can’t enable the CMD and then creat a user or enable Administrator user then login the OS?!

Can I dump the memory in this situation?!if yes how?!

 

about number 5:

I want just know and test the different status of this tool 

New question:

imagine the OS (win 7,8,10 both 32 and 64 bit) are Login and the UAC is high and the antivirus are running 

6- How can I bypass them to install an application or execute my code?!

7- Can I tell the ducky that run my 1Mb application that are stored in my sd card that install in my custom directory?!

Link to comment
Share on other sites
charliechar_ Newbie

charliechar_

Posted
Posted
16 hours ago, Ict said:

If I add a Delay at the beginning I can bypass the UAC,Firewall and antivirus?!and I can excuse my code?!

This most certainly is the answer of why your code is not being executed on the go. Another workaround is leaving it as-is and pressing the I/O button on the Rubber Ducky to execute it (don't know if it is meant for it, more given the fact that you have to have the rubber ducky "naked" to press it) 

If it doesnt work with 100 (1 tenth of second delay) try with 500 (half a second) and 1000 (full second)

There might be other problems within your code that prevent the payload from running, such as misspellings or missplaced DELAY blocks, so check for those erros too

 

16 hours ago, Ict said:

It means that I can’t enable the CMD and then creat a user or enable Administrator user then login the OS?!

Within a factory-configured PC (meaning you didn't do any strange stuff on registry or similars) you cannot by any means call a commamd prompt in the logon screen, as that would be a major security flaw. But that's not the Rubber Ducky's duty, but rather the OS one.

 

There are certain options, like changing the registry entry that links the log on ease of acces button with the ease of acces executable and change it with cmd.exe, so it opens a fully elevated command prompt. But that certainly needs you/someone changing the target's computer registry beforehand. You could also have a windows 10 recovery image, in which I recall you can acess an elevated commamd prompt -I don't remember if with limited capabilities- but that is rather time comsuming, having to boot up from a preconfigurated usb first -or even from rhe rubber ducky itself with the correct configuration- 

TL;DR: No, you can't.

 

16 hours ago, Ict said:

Can I dump the memory in this situation?!if yes how?!

I don't rember much from CMD/powershell syntax but I'm rather sure you can with any of them. But again, you can't call a CMD/powershell shell on log on in normal conditions

 

16 hours ago, Ict said:

I want just know and test the different status of this tool 

I don't think ou can do it without changing somthing on the RD firmware (or even hardware) first. Look arround, but the Bash Bunny (also from Hak5) is more of an appropiate tool for multi-vectorial attack.

 

16 hours ago, Ict said:

How can I bypass them to install an application or execute my code?!

I'm on the same boat as you here. I suggest you to understand duckyscript syntax and Windows CMD and powershell syntax first before trying to do some "L33t H4ck3r" stuff. As for the bypass, i am myself still figuring out how it works. So can't help you on this

 

16 hours ago, Ict said:

7- Can I tell the ducky that run my 1Mb application that are stored in my sd card that install in my custom directory?!

Not sure on this one either, but to imteract with the own's rubber ducky memory you need to flash tHe hybrid HID-USB storage firmware on the rubber ducky, as with the retail firmware -as I explained above- it only works as HID.

I recommend you to try and mske a paylod that downlosds the file from the internet into the target computer first rather than execute it from the RD itself, as you don't need to change the firmware at all.

  • Upvote 1
Link to comment
Share on other sites
Ict Newbie

Ict

Posted
  • Author
Posted

I heard that it is possible to do a good thing with rubber ducky 

for example enable the cmd when the os is lock and them enable administrators and then login and atc

but you said something public, as you know that is a hack tools that can able to bypass a security features 

Link to comment
Share on other sites
Ict Newbie

Ict

Posted
  • Author
Posted

Thanks 

Dear, For Example:

1-UAC: to disable it

2- disable Antivirus 

3- inject Our Code

I am an administrator of a big network; I want to test it and check my Network

I configure my network: High UAC, antivirus, DLP and Some other GPO

when I connect the Rubber Ducky to one of the Pc of my network, nothing happened and the code didn’t execute 

what should I do!?

what are the best string code to do that!?

Link to comment
Share on other sites
korang Newbie

korang

Posted
Posted
On 2/2/2019 at 1:28 PM, Ict said:

Thanks 

Dear, For Example:

1-UAC: to disable it

2- disable Antivirus 

3- inject Our Code

I am an administrator of a big network; I want to test it and check my Network

I configure my network: High UAC, antivirus, DLP and Some other GPO

when I connect the Rubber Ducky to one of the Pc of my network, nothing happened and the code didn’t execute 

what should I do!?

what are the best string code to do that!?

Do to the things above you have to write to obtain code to do this.  As stated above, the Rubber Ducky acts as a keyboard on systems.  It then can execute any script you load onto it . Read the documentation.  HAK5 does sell a companion book with their field guide . https://shop.hak5.org/collections/hak5-field-guide-books/products/usb-rubber-ducky-field-guide.

For the actual code to do what you want, you will need to expand yoru google-fu and find code that does want you want and then turn it into a ducky script.

Link to comment
Share on other sites
  • 3 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...