Results 1 to 8 of 8

Thread: Improvements to HID and Ducky attacks

  1. #1
    Join Date
    2014-Sep
    Posts
    23

    Improvements to HID and Ducky attacks

    Hi,

    I worked on both the duckhunter.py and kayseed.py files to be able to:
    • Validate UAC prompt without be locale-dependant (because for my tests, I have an English Windows 7, keyboard layout French): this is achieved by hitting 'left' and pressing 'enter' when the UAC prompt is displayed.
    • Use the keyseed.py file in duckhunter.py. This allows:
      • to be locale dependant when launching a CMD (only the keyword WIN7CMD and WINCMD has been corrected, because I could not validate by testing the WIN8CMD)
      • to leverage the keyseed file (and it dictionnaries) to retrieve the adeqaute command instead of crafting a new one (better readbility imho)
    • Reduced a little the timing between each keystroke (to increase stealthiness)
    • Create a new WIN7UAC command that allows to elevate a command typed directly after the 'windows' key is hit.

    The latter allows such Ducky attack (stealthier than opening a cmd):
    WINDOWS
    DELAY 100
    TEXT powershell "[admin-required powershell stuff]"
    WIN7UAC

    @binkybear : considering the latest developments on your nethunter 2.1 (awesome, but could not find where the 'module' folder is located), I am unsure how to send the file (PR in Github?)
    duckhunter.zipkeyseed.zip

  2. #2
    Join Date
    2015-Apr
    Posts
    4
    I suppose I might as well stuff this here...


    Set up a ducky script to setup a comm side channel via mouse inputs and num locks toggling, by adding a HID mouse device.

    Something like this

    http://www.idogendel.com/en/archives/429

  3. #3
    Join Date
    2014-Sep
    Posts
    176
    Hi aemaeth2501, I think I saw your issues on github and I wasn't aware you started this topic. But thanks for the feedback. If you need help with a issuing a PR request I can help you on IRC or by email.

    ouroboros - There's actually a way to control the mouse by using /dev/hidg1 but I have never really experimented with it. The website you linked looks very interesting.

  4. #4
    Join Date
    2014-Sep
    Posts
    23
    Hi,

    I've been busy these times
    Will contact you asap to commit the things properly.

    Thanks for the feedback !

  5. #5
    Join Date
    2015-Sep
    Posts
    10
    If you need help with a issuing a PR request I can help you on IRC or by email.

  6. #6
    Join Date
    2014-Sep
    Posts
    23
    Thanks for that !
    I made the PR, had trouble to find the correct branch

  7. #7
    Join Date
    2015-Nov
    Posts
    4
    If you need help with a issuing a PR request I can help you on IRC or by email.

  8. #8
    Join Date
    2016-Mar
    Location
    Algeria
    Posts
    1
    i had the same issue , thx for help

Similar Threads

  1. HID Ducky Script Attacks -- We need a key-set Update!
    By rumigo in forum NetHunter Development
    Replies: 2
    Last Post: 2015-10-29, 04:49
  2. Which tools Kali includes for usb rubber ducky?
    By pamamolf in forum General Archive
    Replies: 1
    Last Post: 2015-06-01, 18:25
  3. USB rubber ducky
    By ping in forum NetHunter Suggestions
    Replies: 6
    Last Post: 2015-02-23, 00:57
  4. p2p adb attacks?
    By thesle3p in forum NetHunter Suggestions
    Replies: 5
    Last Post: 2014-12-21, 21:00

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •