Results 1 to 8 of 8

Thread: Improvements to HID and Ducky attacks

  1. #1
    Junior Member
    Join Date
    Sep 2014
    Posts
    23

    Improvements to HID and Ducky attacks

    Hi,

    I worked on both the duckhunter.py and kayseed.py files to be able to:
    • Validate UAC prompt without be locale-dependant (because for my tests, I have an English Windows 7, keyboard layout French): this is achieved by hitting 'left' and pressing 'enter' when the UAC prompt is displayed.
    • Use the keyseed.py file in duckhunter.py. This allows:
      • to be locale dependant when launching a CMD (only the keyword WIN7CMD and WINCMD has been corrected, because I could not validate by testing the WIN8CMD)
      • to leverage the keyseed file (and it dictionnaries) to retrieve the adeqaute command instead of crafting a new one (better readbility imho)
    • Reduced a little the timing between each keystroke (to increase stealthiness)
    • Create a new WIN7UAC command that allows to elevate a command typed directly after the 'windows' key is hit.

    The latter allows such Ducky attack (stealthier than opening a cmd):
    WINDOWS
    DELAY 100
    TEXT powershell "[admin-required powershell stuff]"
    WIN7UAC

    @binkybear : considering the latest developments on your nethunter 2.1 (awesome, but could not find where the 'module' folder is located), I am unsure how to send the file (PR in Github?)
    duckhunter.zipkeyseed.zip

  2. #2
    Junior Member
    Join Date
    Apr 2015
    Posts
    4
    I suppose I might as well stuff this here...


    Set up a ducky script to setup a comm side channel via mouse inputs and num locks toggling, by adding a HID mouse device.

    Something like this

    http://www.idogendel.com/en/archives/429

  3. #3
    NetHunter Master
    Join Date
    Sep 2014
    Posts
    176
    Hi aemaeth2501, I think I saw your issues on github and I wasn't aware you started this topic. But thanks for the feedback. If you need help with a issuing a PR request I can help you on IRC or by email.

    ouroboros - There's actually a way to control the mouse by using /dev/hidg1 but I have never really experimented with it. The website you linked looks very interesting.

  4. #4
    Junior Member
    Join Date
    Sep 2014
    Posts
    23
    Hi,

    I've been busy these times
    Will contact you asap to commit the things properly.

    Thanks for the feedback !

  5. #5
    Junior Member
    Join Date
    Sep 2015
    Posts
    10
    If you need help with a issuing a PR request I can help you on IRC or by email.

  6. #6
    Junior Member
    Join Date
    Sep 2014
    Posts
    23
    Thanks for that !
    I made the PR, had trouble to find the correct branch

  7. #7
    Junior Member
    Join Date
    Nov 2015
    Posts
    4
    If you need help with a issuing a PR request I can help you on IRC or by email.

  8. #8
    Junior Member
    Join Date
    Mar 2016
    Location
    Algeria
    Posts
    1
    i had the same issue , thx for help

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •