Improvements to HID and Ducky attacks

Printable View

2015-10-10
aemaeth2501

2 Attachment(s)

Improvements to HID and Ducky attacks
Hi,

I worked on both the duckhunter.py and kayseed.py files to be able to:
- Validate UAC prompt without be locale-dependant (because for my tests, I have an English Windows 7, keyboard layout French): this is achieved by hitting 'left' and pressing 'enter' when the UAC prompt is displayed.
- Use the keyseed.py file in duckhunter.py. This allows:
  - to be locale dependant when launching a CMD (only the keyword WIN7CMD and WINCMD has been corrected, because I could not validate by testing the WIN8CMD)
  - to leverage the keyseed file (and it dictionnaries) to retrieve the adeqaute command instead of crafting a new one (better readbility imho)
- Reduced a little the timing between each keystroke (to increase stealthiness)
- Create a new WIN7UAC command that allows to elevate a command typed directly after the 'windows' key is hit.
The latter allows such Ducky attack (stealthier than opening a cmd):
WINDOWS
DELAY 100
TEXT powershell "[admin-required powershell stuff]"
WIN7UAC

@binkybear : considering the latest developments on your nethunter 2.1 (awesome, but could not find where the 'module' folder is located), I am unsure how to send the file (PR in Github?)
Attachment 932Attachment 933
2015-10-19
ouroboros

I suppose I might as well stuff this here...

Set up a ducky script to setup a comm side channel via mouse inputs and num locks toggling, by adding a HID mouse device.

Something like this

http://www.idogendel.com/en/archives/429
2015-10-22
binkybear

Hi aemaeth2501, I think I saw your issues on github and I wasn't aware you started this topic. But thanks for the feedback. If you need help with a issuing a PR request I can help you on IRC or by email.

ouroboros - There's actually a way to control the mouse by using /dev/hidg1 but I have never really experimented with it. The website you linked looks very interesting.
2015-10-30
aemaeth2501

Hi,

I've been busy these times :)
Will contact you asap to commit the things properly.

Thanks for the feedback !
2015-11-05
mrzer0123

If you need help with a issuing a PR request I can help you on IRC or by email.
2015-11-05
aemaeth2501

Thanks for that !
I made the PR, had trouble to find the correct branch ;)
2015-12-17
mrphong

If you need help with a issuing a PR request I can help you on IRC or by email.
2016-03-10
obalouafi

i had the same issue , thx for help
2019-09-15
Avesdafer

Improvements to HID and Ducky attacks

I would like to second these suggestions. All good ideas I think. But I see that the OP is from 2016 and no response so I can only take that to mean nothing is happening to create an app such as that suggested.
2020-03-21
CharlesHog

Improvements to HID and Ducky attacks

You are absolutely right. In it something is and it is good thought. It is ready to support you.