PDA

View Full Version : Improvements to HID and Ducky attacks


aemaeth2501
2015-10-10, 11:50
Hi,

I worked on both the duckhunter.py and kayseed.py files to be able to:

Validate UAC prompt without be locale-dependant (because for my tests, I have an English Windows 7, keyboard layout French): this is achieved by hitting 'left' and pressing 'enter' when the UAC prompt is displayed.
Use the keyseed.py file in duckhunter.py. This allows:

to be locale dependant when launching a CMD (only the keyword WIN7CMD and WINCMD has been corrected, because I could not validate by testing the WIN8CMD)
to leverage the keyseed file (and it dictionnaries) to retrieve the adeqaute command instead of crafting a new one (better readbility imho)

Reduced a little the timing between each keystroke (to increase stealthiness)
Create a new WIN7UAC command that allows to elevate a command typed directly after the 'windows' key is hit.

The latter allows such Ducky attack (stealthier than opening a cmd):
WINDOWS
DELAY 100
TEXT powershell "[admin-required powershell stuff]"
WIN7UAC

@binkybear : considering the latest developments on your nethunter 2.1 (awesome, but could not find where the 'module' folder is located), I am unsure how to send the file (PR in Github?)
932933
ouroboros
2015-10-19, 04:08
I suppose I might as well stuff this here...


Set up a ducky script to setup a comm side channel via mouse inputs and num locks toggling, by adding a HID mouse device.

Something like this

http://www.idogendel.com/en/archives/429
binkybear
2015-10-22, 00:48
Hi aemaeth2501, I think I saw your issues on github and I wasn't aware you started this topic. But thanks for the feedback. If you need help with a issuing a PR request I can help you on IRC or by email.

ouroboros - There's actually a way to control the mouse by using /dev/hidg1 but I have never really experimented with it. The website you linked looks very interesting.
aemaeth2501
2015-10-30, 16:36
Hi,

I've been busy these times :)
Will contact you asap to commit the things properly.

Thanks for the feedback !
mrzer0123
2015-11-05, 06:56
If you need help with a issuing a PR request I can help you on IRC or by email.
aemaeth2501
2015-11-05, 08:57
Thanks for that !
I made the PR, had trouble to find the correct branch ;)
mrphong
2015-12-17, 16:19
If you need help with a issuing a PR request I can help you on IRC or by email.
obalouafi
2016-03-10, 15:40
i had the same issue , thx for help
Avesdafer
2019-09-15, 10:30
I would like to second these suggestions. All good ideas I think. But I see that the OP is from 2016 and no response so I can only take that to mean nothing is happening to create an app such as that suggested.
CharlesHog
2020-03-21, 07:55
You are absolutely right. In it something is and it is good thought. It is ready to support you.