Jump to content

Rubber ducky on LINUX (target PC)


Ihaveone

Recommended Posts

Posted

Hi,

I consider to buy a Rubber Ducky.

My question: I want to target a LINUX computer.

All articles/videos I can find refer to attack Win or Mac.

Does it makes sense for me to buy it? I am total new to this, no coding experience at all.

If you can recommend another device for the job, please let me know.

Posted

Buy a BashBunny instead, it's an easier platform to develop payloads to, but both The ducky and Bunny works. Have a look at how others have made their payloads.
Remember it's a automated keyboard, so basically you program it to fire commands, that downloads and executes a payload / backdoor, or script that does something you want it to do. BUT it's not a magic bullet that does everything for you, it's a development platform, you have to research and code the attack yourself.

For linux it could be a oneliner that triggers curl, downloads a payload, and executes it, it's pretty simple to make.
Windows, almost the same, but think AV evasion and powershell, And mac, well..almost the same as Linux, since it got Bash and Curl installed 😉
 

Much Happy Hunting And Coding 😉

Posted

If Linux is the target, I would perhaps think twice about the Bunny. I have had mixed success (as others also have reported here on the forums) in that it messes up shift mode on some systems even though everything is set up correctly regarding language, etc. I've never experienced that on Windows along with the Bunny, but on Linux it's more or less a lottery each time. Running Ducky payloads on the same system (using the same language files as for the Bunny) is no problem though according to my experience. Haven't given it any extra attention though since Windows is the most common target for me. In general, I agree that the Bunny is a good choice and broadens the field of possibilities.

Posted

Wow, thank for your input. So what I want to archieve (someone bet that I could NEVER find a way to hack his Linux computer). So I said, every system is hackable and want to prove it.

We will setup a test environment (old Laptop, Ubuntu installed) - my plan is: I will find a timeframe of seconds, connect the ducky without his knowledge of course, have a couple of drinks, drive home and in the moment he starts the computer next morning, I will receive emails with all keystrokes. Which I will send to him. After showing this as prove - fully reinstall of the system, so his kids can play with it again.

Will I be able to do it with the Ducky? I saw videos that it only takes seconds on the laptop - all remote after that.

So now "bad" ideas, but I would really love to see his face....he is always underestimating the risk and skills...

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...