View Full Version : DuckHunter HID attack through RNDIS to get all the WiFi passwords!

2020-11-04, 03:14
Get all the stored wireless passwords from a Windows machine!!

Download the script: https://www.androidfilehost.com/?fid=10763459528675577160
Copy to /sdcard/
Get nc64.exe (32bit version nc.exe if needed) from https://eternallybored.org/misc/netcat/, copy to /sdcard/
Place it into Kali chroot's /var/www/html/
Start apache in NH App
Plug the phone into the PC, enable USB tethering
Check your IP for rndis0, and replace it in the script (two occurences)
Start the listener on phone nc -lp 8888
Copy the script into NH duckhunter attack, launch and wait for the fun in NH terminal.

Currently tested on Win7 only. Feel free to test on Win8 or 10, and as many phones you can.
Would be really appreciated.
Nexus 6P is kernel 3.x. For 4.x, you have to make sure RNDIS and HID is enabled in USB Arsenal.

https://**********p0c74Q73xag ;)

Follow me on Twitter (https://twitter.com/yesimxev)!

Credits for Tech with shivank (https://www.youtube.com/channel/UC84gEC_cEgDxMEx8PyM00Mg) for the spark of the idea (https://www.***********************wvInnjkZvk4)