Ict Posted January 29, 2019 Share Posted January 29, 2019 Hi I recently buy rubber Ducky and I have some questions: 1- at frist when I connected my rubber ducky to my pc I can able to see as an usb drive, but know I cant see anything,why!? What should I do!? 2- I am an administrator to my own private network and I have a lot of security features like : Anti viruses,DLP,Firewall, GPO , UAC and etc, when I connect the rubber ducky to one my network computer , nothing happened!!! But I heard and read all of PCs as a keyboard or etc, Could please what should I do that When I connect that usb to the pc I can run my code!?Is it possible to do it with Rubber Ducky or bash bunny (I have bash bunny too)!? 3- Can I use rubber ducky for a pc that is in lock or logoff mode and execute my own code!!? 4- I test Rubber Ducky in my MacBook Pro, but when I connect it to it I face a message that said I have a better keyboard and it doesn’t let the code to run, what should I do not to face this message it apple products!? 5- How can change the usb recognition from keyboard to mouse or printer!? Thanks Quote Link to comment Share on other sites More sharing options...
charliechar_ Posted January 30, 2019 Share Posted January 30, 2019 I'm new here, so I don't know if my answers will be accurate, but: 1: If you didn't flash anything onto the RD, more if It's a newer version, it SHOULD NOT be detected as a normal USB drive when plugged in, meaning it should not appear in the explorer, but rather detcted as a keyboard. So it's actually more normal that you don't detect a thing in the explorer when connecting the rubber ducky. 2: This also happened to me at the beggining. Did you added a delay just at the beggining of the code? If you didn't, the rubber ducky will probably start to throw keystrokes faster than the PC can recognize something was plugged in, so it won't launch the payload DELAY 100 should do the trick. Again, if you didn't flash anything different than the retails firmware, it should strat to execute the payload as soon as it is plugged. 3: You can, but it'll probably just start to write on the password text field, since you can't do much else on the logon screen without touching registry keys. If the user has no password, adding two ENTER at the beggining of the script should be sufficient to enter the desired user (Windows 10) 4: Don't know much about apple products, can't answer this one 5: Someone else should answer this, but i think you can without, again, modyfying the software inners of the rubber ducky: Why would you want tho? You can do pretty much anything with just the keyboard. (And what is the advantage of the rubber ducky being detcted as a printer? imo, useless) Quote Link to comment Share on other sites More sharing options...
charliechar_ Posted January 30, 2019 Share Posted January 30, 2019 3 minutes ago, charliechar_ said: so it won't launch the payload Clarification: it will launch the payload, but the PC won't detect it Quote Link to comment Share on other sites More sharing options...
Ict Posted January 31, 2019 Author Share Posted January 31, 2019 Thanks about number 2 : I didn’t change and update the frimware,It means If I add a Delay at the beginning I can bypass the UAC,Firewall and antivirus?!and I can excuse my code?! about number 3: It means that I can’t enable the CMD and then creat a user or enable Administrator user then login the OS?! Can I dump the memory in this situation?!if yes how?! about number 5: I want just know and test the different status of this tool New question: imagine the OS (win 7,8,10 both 32 and 64 bit) are Login and the UAC is high and the antivirus are running 6- How can I bypass them to install an application or execute my code?! 7- Can I tell the ducky that run my 1Mb application that are stored in my sd card that install in my custom directory?! Quote Link to comment Share on other sites More sharing options...
charliechar_ Posted January 31, 2019 Share Posted January 31, 2019 16 hours ago, Ict said: If I add a Delay at the beginning I can bypass the UAC,Firewall and antivirus?!and I can excuse my code?! This most certainly is the answer of why your code is not being executed on the go. Another workaround is leaving it as-is and pressing the I/O button on the Rubber Ducky to execute it (don't know if it is meant for it, more given the fact that you have to have the rubber ducky "naked" to press it) If it doesnt work with 100 (1 tenth of second delay) try with 500 (half a second) and 1000 (full second) There might be other problems within your code that prevent the payload from running, such as misspellings or missplaced DELAY blocks, so check for those erros too 16 hours ago, Ict said: It means that I can’t enable the CMD and then creat a user or enable Administrator user then login the OS?! Within a factory-configured PC (meaning you didn't do any strange stuff on registry or similars) you cannot by any means call a commamd prompt in the logon screen, as that would be a major security flaw. But that's not the Rubber Ducky's duty, but rather the OS one. There are certain options, like changing the registry entry that links the log on ease of acces button with the ease of acces executable and change it with cmd.exe, so it opens a fully elevated command prompt. But that certainly needs you/someone changing the target's computer registry beforehand. You could also have a windows 10 recovery image, in which I recall you can acess an elevated commamd prompt -I don't remember if with limited capabilities- but that is rather time comsuming, having to boot up from a preconfigurated usb first -or even from rhe rubber ducky itself with the correct configuration- TL;DR: No, you can't. 16 hours ago, Ict said: Can I dump the memory in this situation?!if yes how?! I don't rember much from CMD/powershell syntax but I'm rather sure you can with any of them. But again, you can't call a CMD/powershell shell on log on in normal conditions 16 hours ago, Ict said: I want just know and test the different status of this tool I don't think ou can do it without changing somthing on the RD firmware (or even hardware) first. Look arround, but the Bash Bunny (also from Hak5) is more of an appropiate tool for multi-vectorial attack. 16 hours ago, Ict said: How can I bypass them to install an application or execute my code?! I'm on the same boat as you here. I suggest you to understand duckyscript syntax and Windows CMD and powershell syntax first before trying to do some "L33t H4ck3r" stuff. As for the bypass, i am myself still figuring out how it works. So can't help you on this 16 hours ago, Ict said: 7- Can I tell the ducky that run my 1Mb application that are stored in my sd card that install in my custom directory?! Not sure on this one either, but to imteract with the own's rubber ducky memory you need to flash tHe hybrid HID-USB storage firmware on the rubber ducky, as with the retail firmware -as I explained above- it only works as HID. I recommend you to try and mske a paylod that downlosds the file from the internet into the target computer first rather than execute it from the RD itself, as you don't need to change the firmware at all. 1 Quote Link to comment Share on other sites More sharing options...
Ict Posted February 1, 2019 Author Share Posted February 1, 2019 Thanks But your answer didn’t satisfy me!!! you didn’t ring the bell! Quote Link to comment Share on other sites More sharing options...
charliechar_ Posted February 1, 2019 Share Posted February 1, 2019 5 hours ago, Ict said: didn’t satisfy me!!! I don't know what else you are expecting me to tell you but go on, i guess. Quote Link to comment Share on other sites More sharing options...
Ict Posted February 1, 2019 Author Share Posted February 1, 2019 I heard that it is possible to do a good thing with rubber ducky for example enable the cmd when the os is lock and them enable administrators and then login and atc but you said something public, as you know that is a hack tools that can able to bypass a security features Quote Link to comment Share on other sites More sharing options...
Ict Posted February 2, 2019 Author Share Posted February 2, 2019 Thanks Dear, For Example: 1-UAC: to disable it 2- disable Antivirus 3- inject Our Code I am an administrator of a big network; I want to test it and check my Network I configure my network: High UAC, antivirus, DLP and Some other GPO when I connect the Rubber Ducky to one of the Pc of my network, nothing happened and the code didn’t execute what should I do!? what are the best string code to do that!? Quote Link to comment Share on other sites More sharing options...
korang Posted February 7, 2019 Share Posted February 7, 2019 On 2/2/2019 at 1:28 PM, Ict said: Thanks Dear, For Example: 1-UAC: to disable it 2- disable Antivirus 3- inject Our Code I am an administrator of a big network; I want to test it and check my Network I configure my network: High UAC, antivirus, DLP and Some other GPO when I connect the Rubber Ducky to one of the Pc of my network, nothing happened and the code didn’t execute what should I do!? what are the best string code to do that!? Do to the things above you have to write to obtain code to do this. As stated above, the Rubber Ducky acts as a keyboard on systems. It then can execute any script you load onto it . Read the documentation. HAK5 does sell a companion book with their field guide . https://shop.hak5.org/collections/hak5-field-guide-books/products/usb-rubber-ducky-field-guide. For the actual code to do what you want, you will need to expand yoru google-fu and find code that does want you want and then turn it into a ducky script. Quote Link to comment Share on other sites More sharing options...
Ict Posted February 7, 2019 Author Share Posted February 7, 2019 Dear I have that book it is a simple guide It is not for andvance use!!! I search but I can’t find any thing!!! have you ever search?! Or can you search and give me a link!? thanks Quote Link to comment Share on other sites More sharing options...
APN201 Posted August 4, 2022 Share Posted August 4, 2022 I made this quick script to translate payloads to different keyboards. *Link removed* Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 5, 2022 Share Posted August 5, 2022 I'm not sure how this would benefit the Rubber Ducky. Explain the functionality and scenarios where it's relevant. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.