Cool stuff. But I have to withhold the thumbs up because you didn't mention the most important factor in whether or not this would actually work: the logged-on user must be running with administrative privileges. If the user is running with standard privileges, instead of a UAC prompt the Ducky can just answer Yes to it will be faced with a prompt to enter an administrator password.
Yeah, "withhold" was tongue-in-cheek.. Good to get 100% confirmation you won't be suspending operations and shutting down your channel, though. :) Cheers.
Just to add my own two cents, how often does a average user have a "normal" access account on their personal pc? Or sometimes on work computers (local admin). In my experience almost all home users have an admin account as their primary and only account and majority of work computers give users local admin to get rid of the headache of calling their IT support to install simple programs.
Mike Polselli Re. home users, it's true that only ones who are somewhat security conscious (or who get their machines set up for them by people who are) will usually use separate user & admin accounts. We can and should continue to try to change this as part of "security hygene" education efforts, but it's a tough hill to make progress on climbing. Re. work users, any IT person who's administering a Windows network and allows ordinary users to run with local admin privileges should reconsider their occupation. There are several important reasons for that, but one of the big ones is *because* you don't want users installing programs, changing important settings, etc. on their own initiative. Heck, you probably don't want your first line help desk personnel to have that much leeway; in any kind of sizable organization decisions about such things should be made by ( or at least run by) people who have some significant degree of security knowledge, training, and/or experience. To do anything else is simply too dangerous to accept in 2016.
Here's a suggested tagline for the Duck, Darren: "Imagine you could type as fast as the Flash and not make a single typing mistake. Imagine what you could do in just fifteen seconds. That is the power of the USB Rubber Ducky".
Actually if the flash were to type the computer can't comprehend the speed and will mess up while typing. Just like if the flash were to drive a car... Is the car going to have superspeed? Nope. Just because he can use it fast doesn't mean it can move fast.
You guys are big-time now!!!! Watching you two, I feel like i'm the guys on the film "Hackers" when they would crowd around the TV to watch their favorite show "Hack the Planet" to find out what Razor and Blade would do on the week's episode!!!
Hi Shannon. Darren Kitchen does not realize how important it is to have you translate what he is saying. He thinks he is speaking plain English with comments like Obviously. Good thing you are here to break his tech language down! Great Show! Awesome Rubber Ducky!
Since we're talking about scripts for Windows 7 and above, why not also throw in a WinKey+Down (GUI {down}?) to minimize your CMD prompt. Also, the CMD command 'TITLE Hello Kitty.' Naturally these would be for one-off commands where persistent typing focus isn't necessary, but the [final] command may take a while to finish running. Just stack an EXIT command in there to close when it's done.
Just a small notice, powershell does keep your run history and you can get it by 3 ways running Get-History, checking the file ConsoleHost_history.txt and simply pressing the UP arrow. The first option you have nothing to worry about, since it will be cleared once you close the powershell window, the 2nd one the ConsoleHost_history.txt is keeped under %APPDATA%\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt, you can check were your system keep's this by using the following command "(Get-PSReadlineOption).HistorySavePath" the last one i m not sure but i think it's tied to the txt file. I m testing this at my work PC witch as a Windows 10 Enteprise edition, i m not sure if any other versions of Powershell bellow the Version 5 build 10586 has this or not...
A small update i just googled you can use this: Set-PSReadlineOption -HistorySaveStyle SaveNothing This will prevent Powershell from logging any command. Source: blogs.msdn.microsoft.com/stevelasker/2016/03/25/clear-history-powershell-doesnt-clear-the-history-3/
It sucks that you have to even question playing 15 seconds of video from a movie, tv show, etc. The fact is that copyright claims are being used as an underhanded form of censorship by the state and other shadowy entities. They are mostly directed against those who would endeavor to inform their fellow man about serious and valid issues plaguing our society at the present. Some just feel it more than others.
when you're clearing the registry from RUN, wouldn't you only want to clear the command you used? If you clear it all, that would be suspicious to them if they use run. Instead of the '*' couldn't you just out the command you used? Just thinking out loud
Maximilian Wicén Doesn't matter. If that person does, you risk the chance of compromise. I know that will never happen, because honestly I never even use it but it's possible. Besides it's not like removing just the single command requires any more lines of commands.
The entire thing is defeated by a port blocker or even Escan's USB security. And both cost under 10 dollars. Although great example for someone who isn't aware of such malware. Good job.
Question. Would it be possible to have all of the files go to the USB device instead of to the cloud? Like changing the destination of the script to make it write on the flashdrive? Or would that cause a vulnerability?
Pretty cool stuff. I'm pretty sure can actually make the cmd prompt or scripts run invisible with writing vbscript that executes your other scripts in the background.
Used this to hack into this teachers computer because he never locked his computer and it actually worked and one day when he left for lunch he didn’t lock the classroom so I snuck in and logged into his computer and deleted edit the report he was going to send to my parents and it was really bad luckily I changed it to al good stuff lol
i saw an older Episode on the Beach talknig aboujt Salty Hash, I use Vera Crypt too encrypt the System volume for Windows. ;) Hak 5 You guys are great, I recently was looking through some Image files that I suspected could be malicious, difficult too find anything.
Why the hell doesn't Microsoft add a security feature that monitors keyrate, and if it's a new device it's never seen and it right away starts typing and doing keystrokes at super-human speeds, it knows somethings wrong and can try to protect itself. HELLO, Microsoft?! Hello Kali Linux! What's wrong with you people?!
Dmitri Tousaint Yeah, you kno, coz Microsoft is so poor. An anti-virus company like Kaspersky could build this into their driver I'm a few days EASY. If they can, so can Microsoft
FYI: To carry multiple loads, label your micro SD's with Avery Multi-Use labels (#5412). You can get them at Staples or online, and it'll cost you about $6 for 1100 labels. They are 5/16" x 1/2", and give you a small amount of space for writing.
To obfuscate your cmd even more you could go and press ALT-Space DOWN ENTER ARROW-DOWN (1 mio times) and move the window out of the viewable area. It will move it underneath the taskbar and you are still able to type but see literately nothing.
I still have an issue with the Rubber Ducky wanting drivers to be installed when I plug into a test victim. Once I install them, which requires manual intervention, it works each time after that.
Good stuff. This will fail most of the time however, because users don't have admin rights normally and UAC may be turned off. It may still work with some tweaking though.
This same method can be used to drop a reverse shell correct? Why not dump a shell and dump the hashes later from it? Seems like you would have less setup.
Improve it: 1) Wrap the downloader and submitter command inside a prompt that runs silently in background. Run cleaner command right after and dont wait (no need to wait because run has done its function) Run default screen saver if my 1st suggestion cant be done Don't have sender function and just have that embedded within the script which is downloaded - Save time.
It says "access denied" in the terminal after typing the first command. I'm on Windows 10 and have tried WAMPServer and an FTP server. Anyone know what's up?
By the way, windows does have bash, if you know where to find it. You can look it up, or read an outline below. 1. Make yourself a developer in settings. 2. Go to the windows features window in control panel. 3. Enable "bash", "linux", or something of the sort. I forgot the name. 4. Run "bash" in command prompt and allow it to download itself. 5. You're done.
This attack is directed at someone who wants to take advantage of a computer that already has admin privs and is logged in too. Ex: your boss' computer. He just went to go get something from the printer. His computer is unlocked and you have 30 seconds
This kind of attack is prety much directed at smaller busineses or places with low security where an employee has admin priviliges. A good AV will also detect mimikatz and cancel the fun. Even though Mr. Robot is very accurate, this scenario is highly unlikely.
not if someone uses 25 character passwords maybe 60 character passwords, but there is a way around that I.E. an encrypted keyboard connection between the keyboard and the computer.
You would think Cisco would include a heuristics based detection scan with sourcefire that looks for the signature of the duck... but I discovered recently that they have nothing to prevent it... and they invest more in their Talos team than anyone else does in their security team... This hack is going to be out there for a long time uncontested.
I made a script like this awhile ago that does this over ftp and uses copy con to type in my info into a file then I made a batch file and a vbs file to trigger ftp in the back ground invisibly to download procdump execute it and then delete it after it uploads the Isass.dmp file as well as the batch file and vbs file all that's left is my ftp info file but it gets deleted next time I plug in I just change my info every now and again just in case they find the invisible file I haven't timed the script yet but im so gonna add the registry delete script you guys showed in the video before I time it other then that awesome video really useful.
Just timed it if you were wondering how long it took I got it down to 10 seconds but I put on an extra 5 to open cmd again and delete registry and any left over files.
Is ist possible to use the rubber duck and LAN trurtle together and plug them in with a USB hub and then open up a SMB server on the LAN trurtle? Or even better create one device that emulates multiple USB devices as composite device to emulate keybard lan and also storage to directly store data on a sd card so you don't need network for the magic to happen.
"color a" in cmd to be a hacker
color 2*
+Super Baggy matrix af
Why 2? Lime looks better, definetly.
is this free?
+aaalexxx900 AHAHAHAHA
Cool stuff. But I have to withhold the thumbs up because you didn't mention the most important factor in whether or not this would actually work: the logged-on user must be running with administrative privileges. If the user is running with standard privileges, instead of a UAC prompt the Ducky can just answer Yes to it will be faced with a prompt to enter an administrator password.
Dang, we missed out on a digital thumbs up that doesn't really mean much for youtube analytics. I has a sad. Thanks for the comment tho!
Yeah, "withhold" was tongue-in-cheek.. Good to get 100% confirmation you won't be suspending operations and shutting down your channel, though. :) Cheers.
Just to add my own two cents, how often does a average user have a "normal" access account on their personal pc? Or sometimes on work computers (local admin). In my experience almost all home users have an admin account as their primary and only account and majority of work computers give users local admin to get rid of the headache of calling their IT support to install simple programs.
Mike Polselli Re. home users, it's true that only ones who are somewhat security conscious (or who get their machines set up for them by people who are) will usually use separate user & admin accounts. We can and should continue to try to change this as part of "security hygene" education efforts, but it's a tough hill to make progress on climbing.
Re. work users, any IT person who's administering a Windows network and allows ordinary users to run with local admin privileges should reconsider their occupation. There are several important reasons for that, but one of the big ones is *because* you don't want users installing programs, changing important settings, etc. on their own initiative. Heck, you probably don't want your first line help desk personnel to have that much leeway; in any kind of sizable organization decisions about such things should be made by ( or at least run by) people who have some significant degree of security knowledge, training, and/or experience. To do anything else is simply too dangerous to accept in 2016.
Why don't you try and address the concern instead of spitting out memes?
15 seconds of physical access could lose you 15% or more from your bank account. ^-^
Yep, smiled big time when I saw that scene and instantly thought of you guys! Mad Props!
win+r
cmd
color A
welcome the ultimate hacking terminal :)
I have a net Hunter. Lol
doesnt work on debian :(
and you froget the magich "cd ..\..\.. & tree" command
You forgot "ftype" :-)
colour a* you spelt it wrong
Is it just me or has their relationship changed...
lol
Here's a suggested tagline for the Duck, Darren: "Imagine you could type as fast as the Flash and not make a single typing mistake. Imagine what you could do in just fifteen seconds. That is the power of the USB Rubber Ducky".
It can be used as such with the right code, but by design, no. It's a human interface device emulator.
I should stop taking the internet so seriously. Thank you for the pun. :-)
how to patch a hole in the cieling from a wood-burning stove
Actually if the flash were to type the computer can't comprehend the speed and will mess up while typing. Just like if the flash were to drive a car... Is the car going to have superspeed? Nope. Just because he can use it fast doesn't mean it can move fast.
Imagine what you then can do with women ;)
Thanks to DATA MODALS for everything
Mr.Robot.S02E06.PROPER.HDTV.XviD-HUM [ettv], hmm now where do you get those naming convention in files... hmm i wonder.. ;)
torr....in legal store :D
its a hacking show lol.
how downloading files from torrent is related to hacking show
xD
uh oh.
You guys are big-time now!!!!
Watching you two, I feel like i'm the guys on the film "Hackers" when they would crowd around the TV to watch their favorite show "Hack the Planet" to find out what Razor and Blade would do on the week's episode!!!
and that is how i found you guys! God Bless Mr.Robot >:)
Hi Shannon. Darren Kitchen does not realize how important it is to have you translate what he is saying. He thinks he is speaking plain English with comments like Obviously. Good thing you are here to break his tech language down! Great Show! Awesome Rubber Ducky!
Ms. Morse, if I can get more of my female students to do what you do, my goal’s complete!
word
Since we're talking about scripts for Windows 7 and above, why not also throw in a WinKey+Down (GUI {down}?) to minimize your CMD prompt. Also, the CMD command 'TITLE Hello Kitty.' Naturally these would be for one-off commands where persistent typing focus isn't necessary, but the [final] command may take a while to finish running. Just stack an EXIT command in there to close when it's done.
2:22. The cutest yay i ever heard, im melting, its sooo cute :3
I love how much fun they have teaching makes me loves this channel all that much more.
Just a small notice, powershell does keep your run history and you can get it by 3 ways running Get-History, checking the file ConsoleHost_history.txt and simply pressing the UP arrow. The first option you have nothing to worry about, since it will be cleared once you close the powershell window, the 2nd one the ConsoleHost_history.txt is keeped under %APPDATA%\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt, you can check were your system keep's this by using the following command "(Get-PSReadlineOption).HistorySavePath" the last one i m not sure but i think it's tied to the txt file.
I m testing this at my work PC witch as a Windows 10 Enteprise edition, i m not sure if any other versions of Powershell bellow the Version 5 build 10586 has this or not...
A small update i just googled you can use this:
Set-PSReadlineOption -HistorySaveStyle SaveNothing
This will prevent Powershell from logging any command.
Source: blogs.msdn.microsoft.com/stevelasker/2016/03/25/clear-history-powershell-doesnt-clear-the-history-3/
that's per shell and it's gone after u close it
Badass guys! The brakedown of the windows commands was Very educational. Keep up the Great work, thanks again 🍻
It sucks that you have to even question playing 15 seconds of video from a movie, tv show, etc. The fact is that copyright claims are being used as an underhanded form of censorship by the state and other shadowy entities. They are mostly directed against those who would endeavor to inform their fellow man about serious and valid issues plaguing our society at the present. Some just feel it more than others.
This is very good idea proud of you
I love this channel. I was looking at getting a new ducky but you're all sold out.
when you're clearing the registry from RUN, wouldn't you only want to clear the command you used? If you clear it all, that would be suspicious to them if they use run. Instead of the '*' couldn't you just out the command you used? Just thinking out loud
i was thinking the same.
999/1000 PC users don't use RUN.
Maximilian Wicén Doesn't matter. If that person does, you risk the chance of compromise. I know that will never happen, because honestly I never even use it but it's possible. Besides it's not like removing just the single command requires any more lines of commands.
I think they are going on the fact that no history is less alarming than crazy powershell script.
The entire thing is defeated by a port blocker or even Escan's USB security. And both cost under 10 dollars. Although great example for someone who isn't aware of such malware. Good job.
9:51 I'll go ahead and... Well, and grab it from the history! xD
OMG why havent I seen this channel before?! Subscribed instantly!
Question. Would it be possible to have all of the files go to the USB device instead of to the cloud? Like changing the destination of the script to make it write on the flashdrive? Or would that cause a vulnerability?
you might need the Bash Bunny for that, can use both keyboard and mass storage modes so you can save the data to the flashdrive, i guess
I don't think it has that much storage
Thanks guys!
Darren get in the Kitchen, Morse runs this show !
Love you both since 6 year 😁😁😁😁😁 very awesome guys
I did this on my school and I got the password for the grade changer and I change my grades so yay thank you
My Splice of life this better be a troll lmao xd
I hope this is a troll..
+108187784988920826027 not a very good one if it is ;P
Man, Darren's buttons for camera transitions are super dostracting
Lol if I saw a USB laying around I'd pick it up bc who doesn't like free usbs lol
USB condom lolol
@@ricardocruz323 lamo get a plug and attach the usb to it then plug it lamo
That's why I have a separate throwaway tablet just for random crap like that. Nobody can get any data off of it lol
this is the best youtube Channel lol
welcome to nsa watchlist lol
Moving the position of the CMD to the top right would make it less conspicuous
"computer mouses".... isn't the word "mice"?
Nope.
right... doesn't that mean you can't say "mouses"?
1 Mouse
multiple Mooses.
Cytixnet In this case they are not talking about the animal... it's a computer attachment therefore its valid.
no, "mice mouses" doesn't sound right
I've watched this show for years but now that mr robot is more popular so are you xD
Sorry Darren... #TeamSnubs
Pretty cool stuff. I'm pretty sure can actually make the cmd prompt or scripts run invisible with writing vbscript that executes your other scripts in the background.
Girl Is Friend
Kali Linux is best friend
Ducky is bae
hmm, does this hack work with windows 10 new update?
Windows 10 actually have bash now!!!! -_-
I feel like there are a lot of cases when this rubber ducky wouldn't work. But it's an awesome device anyway.
but windows has bash now!
Great episode!
Used this to hack into this teachers computer because he never locked his computer and it actually worked and one day when he left for lunch he didn’t lock the classroom so I snuck in and logged into his computer and deleted edit the report he was going to send to my parents and it was really bad luckily I changed it to al good stuff lol
Nice, how does it work? You put it in and you get the files and when you get home you can edit??
r/thathappened
i saw an older Episode on the Beach talknig aboujt Salty Hash, I use Vera Crypt too encrypt the System volume for Windows. ;) Hak 5 You guys are great, I recently was looking through some Image files that I suspected could be malicious, difficult too find anything.
Why the hell doesn't Microsoft add a security feature that monitors keyrate, and if it's a new device it's never seen and it right away starts typing and doing keystrokes at super-human speeds, it knows somethings wrong and can try to protect itself. HELLO, Microsoft?! Hello Kali Linux! What's wrong with you people?!
Because makro saft
Dmitri Tousaint Yeah, you kno, coz Microsoft is so poor. An anti-virus company like Kaspersky could build this into their driver I'm a few days EASY. If they can, so can Microsoft
I laughed when I saw the Rubber Ducky! Good job hak5 I think now would be good to buy shares in rubber ducky! :)
FYI: To carry multiple loads, label your micro SD's with Avery Multi-Use labels (#5412). You can get them at Staples or online, and it'll cost you about $6 for 1100 labels. They are 5/16" x 1/2", and give you a small amount of space for writing.
Or just name the bin files for what they do, then copy one to inject.bin when you want to use it. That's how I do it. Have a dozen or so on my ducky.
*****
Mine was more of a, uhhh, "tactical" suggestion, for use in places where you don't have a keyboard.
_Or, even your computer..._
SO those red and white buttons on the table are for the video/camera switch ...
Cool video guys! As usual! Thanks
I love you guys.
amazing, vid, hadn't seen the ep of Mr Robot yet but more the reason to, as always, great show!
I've been waiting for this video for quite some time. lol
Great Show!
Oh I just thought of an awesome way to use this for QA. I'm a QA Engineer.
how cool is this Mr Robot.
To obfuscate your cmd even more you could go and press ALT-Space DOWN ENTER ARROW-DOWN (1 mio times) and move the window out of the viewable area. It will move it underneath the taskbar and you are still able to type but see literately nothing.
I still have an issue with the Rubber Ducky wanting drivers to be installed when I plug into a test victim. Once I install them, which requires manual intervention, it works each time after that.
wonderful episode...keep it up...
darren really control the show with those button for camera changes
"If only Windows had bash"... Well, not quite alternate universe, more like 2 years later :)
Oh man!!! I love Linux, and 4 that... just fyi, Win10 HAS bash since the last anniversary update... we all are in an alt-U. Cheers!
Hey guys, awesome show, just wanted to know what laptop is Shannon using? Looks pretty cool.
Thanks!
Prob a Dell XPS
ahh Mr. Robot I love that series hope in the future comes with a more "real" Stuff.
Good stuff. This will fail most of the time however, because users don't have admin rights normally and UAC may be turned off.
It may still work with some tweaking though.
I always forget about those dimples... then they come back and floor me... Every time!
This same method can be used to drop a reverse shell correct? Why not dump a shell and dump the hashes later from it? Seems like you would have less setup.
Is the surface pro 4 a good portable hacking device or would you guys recommend something else???
Love mr. robot and love this tutorial! I want a usb rubber ducky
How does this differ from the meltdown/spectre vulnerability? Or does it?
Improve it:
1) Wrap the downloader and submitter command inside a prompt that runs silently in background.
Run cleaner command right after and dont wait (no need to wait because run has done its function)
Run default screen saver if my 1st suggestion cant be done
Don't have sender function and just have that embedded within the script which is downloaded - Save time.
It says "access denied" in the terminal after typing the first command. I'm on Windows 10 and have tried WAMPServer and an FTP server. Anyone know what's up?
The Rubber Ducky encoder is like a compiler? It compiles the script into a format that the Rubber Ducky can understand and execute?
Would you please make a usb rubber ducky keylogger tutorial?
you guys are amazing...
"HAK5" for all those that missed it or just don't want to look for it on the timeline.
Very nice vedio it is useful to the people
Thank you so much sir ❤️❤️
By the way, windows does have bash, if you know where to find it. You can look it up, or read an outline below.
1. Make yourself a developer in settings.
2. Go to the windows features window in control panel.
3. Enable "bash", "linux", or something of the sort. I forgot the name.
4. Run "bash" in command prompt and allow it to download itself.
5. You're done.
How did ALT + Y give Administrator access ? Does this work if a Domain Admin is required ?
This episode makes me want to destroy my USB drive God Damn you guys!!
Cant wait for seson 4 mr robot
Wooow nice
How would this work, I mean most people don't have access to admin credentials thus preventing cmd runAS.
This attack is directed at someone who wants to take advantage of a computer that already has admin privs and is logged in too. Ex: your boss' computer. He just went to go get something from the printer. His computer is unlocked and you have 30 seconds
you dont give your boss admin account as his primary login
This kind of attack is prety much directed at smaller busineses or places with low security where an employee has admin priviliges. A good AV will also detect mimikatz and cancel the fun. Even though Mr. Robot is very accurate, this scenario is highly unlikely.
not if someone uses 25 character passwords maybe 60 character passwords, but there is a way around that I.E. an encrypted keyboard connection between the keyboard and the computer.
Should there be a limit on the speed of interaction for Human Interface Devices to make attacks like this harder?
You would think Cisco would include a heuristics based detection scan with sourcefire that looks for the signature of the duck... but I discovered recently that they have nothing to prevent it... and they invest more in their Talos team than anyone else does in their security team... This hack is going to be out there for a long time uncontested.
Obviously this works with powershell but can it work with a Mac/Linux terminal?
Could you do a video with a more detailed instruction on how to assemble the hardware?
yes i know verry late but they still haven't and no one on youtube did a good one
What happeds if you plug it into a network router?
could you move the cmd window down so it's hidden behind the taskbar?
I loved Mr Robot
Hi team Hak5, Are the units of this product?
Thanks
What about on a domain, or a user who isn't a local admin?
I made a script like this awhile ago that does this over ftp and uses copy con to type in my info into a file then I made a batch file and a vbs file to trigger ftp in the back ground invisibly to download procdump execute it and then delete it after it uploads the Isass.dmp file as well as the batch file and vbs file all that's left is my ftp info file but it gets deleted next time I plug in I just change my info every now and again just in case they find the invisible file I haven't timed the script yet but im so gonna add the registry delete script you guys showed in the video before I time it other then that awesome video really useful.
Just timed it if you were wondering how long it took I got it down to 10 seconds but I put on an extra 5 to open cmd again and delete registry and any left over files.
Wow very nice
great job
I'm completely stumped by the web hosting bit, I have no idea what i'm supposed to do... Can anyone help? Thanks.
11:17 Color a is love, color a is life.
Is ist possible to use the rubber duck and LAN trurtle together and plug them in with a USB hub and then open up a SMB server on the LAN trurtle? Or even better create one device that emulates multiple USB devices as composite device to emulate keybard lan and also storage to directly store data on a sd card so you don't need network for the magic to happen.
isticktoit.net/?p=1383 raspberry zero seems like it could do that.
thumb up for strongbad reference!