Results 1 to 10 of 10

Thread: Improvements to HID and Ducky attacks

  1. #1
    Join Date
    2014-Sep
    Posts
    23

    Improvements to HID and Ducky attacks

    Hi,

    I worked on both the duckhunter.py and kayseed.py files to be able to:
    • Validate UAC prompt without be locale-dependant (because for my tests, I have an English Windows 7, keyboard layout French): this is achieved by hitting 'left' and pressing 'enter' when the UAC prompt is displayed.
    • Use the keyseed.py file in duckhunter.py. This allows:
      • to be locale dependant when launching a CMD (only the keyword WIN7CMD and WINCMD has been corrected, because I could not validate by testing the WIN8CMD)
      • to leverage the keyseed file (and it dictionnaries) to retrieve the adeqaute command instead of crafting a new one (better readbility imho)
    • Reduced a little the timing between each keystroke (to increase stealthiness)
    • Create a new WIN7UAC command that allows to elevate a command typed directly after the 'windows' key is hit.

    The latter allows such Ducky attack (stealthier than opening a cmd):
    WINDOWS
    DELAY 100
    TEXT powershell "[admin-required powershell stuff]"
    WIN7UAC

    @binkybear : considering the latest developments on your nethunter 2.1 (awesome, but could not find where the 'module' folder is located), I am unsure how to send the file (PR in Github?)
    duckhunter.zipkeyseed.zip

  2. #2
    Join Date
    2015-Apr
    Posts
    4
    I suppose I might as well stuff this here...


    Set up a ducky script to setup a comm side channel via mouse inputs and num locks toggling, by adding a HID mouse device.

    Something like this

    http://www.idogendel.com/en/archives/429

  3. #3
    Join Date
    2014-Sep
    Posts
    176
    Hi aemaeth2501, I think I saw your issues on github and I wasn't aware you started this topic. But thanks for the feedback. If you need help with a issuing a PR request I can help you on IRC or by email.

    ouroboros - There's actually a way to control the mouse by using /dev/hidg1 but I have never really experimented with it. The website you linked looks very interesting.

  4. #4
    Join Date
    2014-Sep
    Posts
    23
    Hi,

    I've been busy these times
    Will contact you asap to commit the things properly.

    Thanks for the feedback !

  5. #5
    If you need help with a issuing a PR request I can help you on IRC or by email.

  6. #6
    Join Date
    2014-Sep
    Posts
    23
    Thanks for that !
    I made the PR, had trouble to find the correct branch

  7. #7
    If you need help with a issuing a PR request I can help you on IRC or by email.

  8. #8
    Join Date
    2016-Mar
    Location
    Algeria
    Posts
    1
    i had the same issue , thx for help

  9. #9
    Join Date
    2019-Aug
    Location
    Russia
    Posts
    1

    Improvements to HID and Ducky attacks

    I would like to second these suggestions. All good ideas I think. But I see that the OP is from 2016 and no response so I can only take that to mean nothing is happening to create an app such as that suggested.

  10. #10
    Join Date
    2020-Mar
    Location
    Russia
    Posts
    2

    Improvements to HID and Ducky attacks

    You are absolutely right. In it something is and it is good thought. It is ready to support you.

Similar Threads

  1. HID Ducky Script Attacks -- We need a key-set Update!
    By rumigo in forum NetHunter Development
    Replies: 2
    Last Post: 2015-10-29, 04:49
  2. Which tools Kali includes for usb rubber ducky?
    By pamamolf in forum General Archive
    Replies: 1
    Last Post: 2015-06-01, 18:25
  3. USB rubber ducky
    By ping in forum NetHunter Suggestions
    Replies: 6
    Last Post: 2015-02-23, 00:57
  4. p2p adb attacks?
    By thesle3p in forum NetHunter Suggestions
    Replies: 5
    Last Post: 2014-12-21, 21:00

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •