Hidden keylogger // Bypass Linux & macOS logon screens! Rubber Ducky scripts for Hak5 OMG cable
HTML-код
- Опубликовано: 29 сен 2024
- It's just crazy scary what these cables can do. They look like normal USB cables, but are not! In this video we login to Apple MacOS and Linux computers :)
======
Scripts:
======
Apple macOS Rickroll: davidbombal.wi...
Linux Rickroll: davidbombal.wi...
=======================
Buy Hak5 coolness here:
=======================
Buy Hak5: davidbombal.wi...
================================
Hacking Android and iOS devices:
================================
OMG with Android and Apple iPad: • So you think your phon...
=============
Setup Videos:
=============
OMG Cable setup: • O.MG: From zero to hero Hak5
Rubber Ducky setup: • How I did it (hak5 rub...
================
Connect with me:
================
Discord: / discord / davidbombal Instagram: / davidbombal LinkedIn: / davidbombal Facebook: / davidbombal.co TikTok: / davidbombalyoutube: / davidbombal
keylogger
keylogging
key logger
hak5 keylogger
macos keylogger
hak5
omg cables
omg cable
apple
apple macos
linux
ubuntu
ubuntu hack
linux hack
rubber ducky
hak5 rubber ducky
hak5 omg cable
omg cable android
omg cable ios
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#omgcable #hak5 #rubberducky
It's just crazy scary what these cables can do. They look like normal USB cables, but are not! In this video we login to Apple MacOS and Linux computers :)
======
Scripts:
======
Apple macOS Rickroll: davidbombal.wiki/applerickroll
Linux Rickroll: davidbombal.wiki/linuxrickroll
=======================
Buy Hak5 coolness here:
=======================
Buy Hak5: davidbombal.wiki/gethak5
================================
Hacking Android and iOS devices:
================================
OMG with Android and Apple iPad: ruclips.net/video/7YpJQT55_Y8/видео.html
=============
Setup Videos:
=============
OMG Cable setup: ruclips.net/video/V5mBJHotZv0H/видео.htmlak5
Rubber Ducky setup: ruclips.net/video/A2JNBpUotZM/видео.html
================
Connect with me:
================
Discord: discord.com/invite/usKSyzbTwitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombalRUclips: ruclips.net/user/davidbombal
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
i sorted that out
Almost as “crazy scary” that the content creator thinks people will heed his advise.
Please what laptop are using?????
Where there are hosts... there will always be tapeworms and other assorted parasites. Some humans are just really evolved parasites.
You couldn’t use that on a government computer, they’ll find out right away . You can’t plug in anything. Maybe a cac reader but even at that I’m not sure if that’s even allowed.
It's a neat cable, but let's get one thing straight: You are not 'attacking' MacOS, nor are you attacking Linux, you are attacking the hardware. Obviously, an operating system can never be more secure than the hardware it runs on.
MFA is almost an industry standard within enterprise. Password never guarantees safety, apart from this USB something as simple as dictionary attack can break the login. So Apple could at least provide optional MFA for login to protect us from such threats. Great video anyway, thanks!
@@windmael47 MFA is an industry standard to log on into laptops in enterprise applications? Which industry is it?
@@z00h Utopia 😸
@@edgay it clearly must be haha. @Jonni stop smoking dat krak boyyyy.
The fact that the communication between keyboard and computer is not encrypted is hardly surprising.
How would you perform this attack if it was encrypted?
3:30 This is not a problem with any OS, and using it against a Linux or Mac computer says nothing whatsoever about the OS capabilities. The cable is a hardware device that requires physical access to install. If a bad actor has physical access to your computer to install that cable, there are any number of ways to get past all operating systems. Physical access generally means game over.
Exactly. Good potential review, flawed by misleading logic/clickbait?
yes you are 100% right, if you have physical access anything is possible ... it's not OS-dependent, I can stand there and watch someone enter a password 😁
@@hardik.satasiya yeah but you can't reverse shell thru your eyeballs now can you?
@@freedustin neither anyone will plug suspicious wire and tell ok dude I plugged in now just fire reverse shell and browse my pc ... and how it's related to OS? 🤔 and may be I don't even need reverse shell, I can just type password and open regular shell if I need
@@hardik.satasiya Well that's a lie. I see people jacking charge cables all the time and using them.
It's not OS related, I didn't even mention OS at all, this even works on phones.
Regular shell? So what? Can you exfiltrate data protected by an IDS with that? Nope.
It's scary how clueless I am about things like this. Thanks Mr Bombal for educating people about the danger of technology. This can help keep me and my family safe from dangers like this. 🙏😁
You're welcome!
David to Everyone who wants to learn Networking:
Never gonna give you up!!
Never gonna let you down!!!
Now I have to pay really serious attention bcz on of my friend buy some stuffs from hak5 and this cable too while watching your video
Help me GOD!! 😅
Does it capture password if it's an auto fill from password manager?
Word of advice: do not "shove" an "innocent" pen drive or an "innocent" cable that you just found into any of your devices.
Be also aware that an "innocent" charging point may be not as innocent as it seems...
Don't let that innocent-looking pen drive or cable take your device's innocence.
Same with all cables you find in computer store
Why you use a usb condom if you need a charge from an untrusted port.
Oh you made me remember an incident! My friend in some governmental sector told me that they brought several new computers..they run some tests and they discovered that some PC cables have antennas in them to send data to the building cross the street. I think this is the same concept
Similar kind of idea. Just scary that this looks just like a normal cable.
Lol I know what your talking about! Lol too old right? Like James bond. Lol
Well, a hacker would have to have physical access to the device, or get you to use their cable: Being a Linux user, I never heard anyone saying that Linux can prevent all attacks from anyone with physical access to the device, but I have seen plenty of times people reporting on vulnerabilities in Linux as a "Big Problem" and leaving out the part that it can only happen with physical access! Linux can also be penetrated otherwise, but for the most part only if the user does not use good security practices. With Windows even that's not enough: It's not like you can keep Microsoft out!
linux is only as good as ur ssh password/key. if u can man in the middle ur toast.
Everyone is first until they refresh the comments 😂😂
Only attack my own devices for learning purposes ♥️ going to try get one for my Birthday 🎉
It's a great product!
@@davidbombal lol, at first normally attack own devices, to learn and be faster when like to attack someone else. :D
That login for linux, password was taken and put inside the script before.
Even that cable can open everything,
for combination (numbers,letters&caracters) need more time!
If someone go to the prison because of this way, you are that person who teach "victims" to make another victims!
Who like to go in prison..? It is very simple!
1 go near to station of police..
2 take a stone..
3 shoot one glass door or window in that buildin.
4 Done! Just wait little, someone will come and tell you the place :D
Keyloger, exist from very very long time, i know from 2002.
There was a program (free download) + pay for full.
It works hidden and send to the email info; small screen position of mouse click, keyboard, links you visitet and much more...
In my idea, a professional keyloger needed for...
Relationship or parents who give devices to kids under 18!
That makes better life to understand more your kids and partner.
You already have started to teach or show unique thinks, but try to teach for better ideas and pushing them to a dangerous game.
Some childrens understand fast and is like a game for them to do this things...
Thanks and sorry for JUDGING YOU.
@@MultiAlbon "That makes better life to understand more your kids and partner." - ahahahah, oh my gosh, this is hilarious :D
@@z08840 lol, that is funy for you? Good to know youre kid!
@@MultiAlbon lol, you know I'm a kid? Good to know you are an imВeсilе!
:D
The cable is what it is .. a keyboard with a low powered wifi *see below why you shouldnt be worried*
1-That keyboard can only get access once it captured your password. Most keyboards are either hardwired or wireless...so this is already limiting its use.
I doubt this USB works like a good old software keylogger therefore its useless if not connected inbetween the keyboard.
2-Which OS is running is irrelevant.. except for the attacker who has to program the scripts specifically to execute commands for that OS. Therefore the title is misleading it is not related to macOS, Linux etc now suddenly having a new vulnerability. But the specific keyboard driver could possibly be disabled if uncommon.
3- Any sensible person in 2021 is using a passwd mgr such as Bitwarden, 1Pass, KeePass etc etc. By letting the software input the passwords for you, this bypasses this device. Sure, it grabs your passmgr password but with 2F authentication it prevents a login from a new location/device.
For those doing sensitive stuff inside a VM.. the VM itself would not be compromised but key inputs to the VM will be logged, but you'll use your passmgr inside the VM.. so thats covered.
4-The wifi provided is low power, therefore its range is expected to be rubbish. The first concrete wall, electrical equipment etc it encounters will severely cut its range, the attacker will have to remain very close by or come back at a later stage.
5-Use cases, good option in open plan office space, meeting rooms etc.. quick replacement when a client is out the door and the room isnt locked.
It would be awesome if it had 4G connectivity with dyndns, making it instantly remote accessible for the attacker.
But nobody is gonna randomly leave these cables lying around, and especially now with covid, people have become alienated using stuff thats not theirs.
Just my 2c... that I'm not worried about this device at all. It has use cases but its gimmicky at best.
Oh, and David. Good video, thanks for this one and the other explaining how it works :)
Rewatching this video 1 year later I think if you buy a mechanical keyboard it could have a keylogger hardware software inside. Maybe its too much crazy ....but are weird times 😮
This is the most frustrating thing to happen, getting hack and Rick rolled at the same time. Thanks David for this kind of video, so people realize the danger of a random USB cable that they pick up somewhere.
Don't get it, you expect me to use my PC while someone's USB cable is connected? And you talk about security?
You are the best David
Thank you!
This really has nothing to do with security of the OS. Remove physical access and we see then.
Edit, the logger/typer being embedded into the cable is interesting though.
How interesting 🤔
I wrote a simple Java keylogger a while back that gets deployed within an image and runs on opening. It then runs as a background process and logs chunks of approximately 1000 keystrokes which then get sent to a MySQL database
A very good reason for a CEO to have his own bug sniffer crew that checks new hardware and old ones often.
Nothing New for CEOs and other Corporate Entities to have "Stand By" Counter Crews on contract, on notice.
Sir on of the frist ones and want to be like Kevin mitnik in future,my role model is Kevin mitnik and you r my inspiration ❤️
of course you want to lol
Hey Ramnik try to be yourself not Kevin mitnick . Kevin mitnick never thought he would be someone lol
@@gjsatru3383 thank you,its true I understood. ❤️
Shud be a way to detect which cable is an OMG cable or a regular one. Just in case you put 2 cables together.
Sir can u tell me that how to enter into a server and inject a bug and hack the servers cloud and get data base please tell me 😭😭😭
Yes please!! A video on how to get a reverse shell would be awesome!
Also, this is extremely scary. Never leave your laptop/phone unattended in a public place.
Amazing content as always!!
Thank you! Will create that video 😀
NetworkChuck made a video on that! Go check it out man! it's awesome!
A little suspicious if you would connect a cable to someone's computer without the owner of the device not suspecting anything.
Well, there are some that look just like a normal Apple or Samsung cable. I know that on my desk, I have a cable there plugging in my keyboard, another to charge my phone, a few to hook up peripherals, and my docking station. I certainly wouldn’t expect someone to replace the cable I use to charge my phone with a malicious one while I am away at lunch. I can’t think how many times I’ve left my backpack unattended at my desk while I step away for a meeting.
My computer may be in my presence at all times, but all my peripherals? I’m away from those 16+ hours per day!
@@KalaniMakutu Doesn't the person who will be doing the keylogging has to be near you, another red flag.
@@Body_Model No. The keylogger can log about 220 page of text internally, as well as trigger remotely via timers, geofencing, or manually. Near is also a misnomer, because unaided using nothing more than an iPhone, you can reliably access the cable over 100m away. If you’re willing to add a parabolic dish at the phone (or laptop) side pointed towards the cable, it will work up to a mile away line of sight, or less if there is some obstruction… Still really far though. Or, you can connect it to the internet via a wifi network or cellular hotspot, and then access it from anywhere.
The first few features allows you to landmine, or just log data to come retrieve a few weeks later.
@@KalaniMakutu I'm a little bit confused, he is using the cable connected to the laptop and the other end is connected to his phone, right?
Holy scary that can be used for very bad things if it falls in the wrong Hands.
Ah Jokes on the O.MG i never connect my phone via cable to my PC work or the leisure one :D this looks like a fun gadget though.
I have a keyboard connected to my Laptop’s docking station though. It’d never cross my mind if someone swapped out or even added a cable behind my monitor.
It is scary to see how easy it has become to inconspicuously intercept a keyboard - PC link. However, I think this video is misleading with the conclusion that a particular OS is insecure. What's the surprise that one can login in any computer, if one gets hold of the login credentials and has physical access to it? That doesn't imply that the system is insecure. That is the same to say, I watched someone else logging in and now I can also do it, therefore the system is insecure. I suppose that this specific eavesdropping attack could be mitigated with an encrypted keyboard link, but that would require specialized hardware, rather than a safer OS.
I wish Facebook will down forever 😂😚😚
David, do a tour video on your home office setup.
Thanks your for your endless effort.
Thanks for your Content. It really helps us
Can you open this cable in a other Video?
I ask me can i destroy this with a Magnet or something else and the cable is normal still working?
Reverse shells are just as possible on Mac OS, you just have to escape the colons in the script
Great content as always David! Would love to see the reverse shell demo with the OMG cable!
Mr.David you are very scary and dangerous man.
You changed my life sir
This is why u use 2 fator authentication.
This woudn't work with Abylon Logon on windows because it uses hardware key (Chip card, RFID token, USB stick or CD DVD)..also uses 2FA.
Hey David loved the video! Can you please make a video on how to counter & protect outself from this type of stuff?
0:01 I am pretty sure we all just got trolled by David! It is not about the cable, but the MONITOR!!!! Looks at that MONSTER!
How you doing Mr.bombal, am from Uganda(Africa) am interested in the separate video on how to create a strong reverse shell to a computer even when its shutdown I can still have access. Thanks
-Great content Professor David Bombal...!!!
-So, these keylogger and reverse shell tools are getting easier to use every day.
-About 10 years ago I programmed in devices such as cellular microcontrollers and nini laptops exactly this type of system (keyloggers and reverse shell) for my government operators, nowadays they sell these same tools on the internet that 15 year old boys can buy with his father's credit card on the Internet to take credentials of his colleagues of High school.
-Times are really changing...!!!
-Thanks for the knowledge Professor David...!!!
a friend of mine use to build fake usb key like that few years ago but having it so small that it fits into clables is frightening !
I would love to see the circuitboard of this ! (Edit: I found pictures of the inside !)
Thanks a lot :)
You're welcome!
Sometimes my browser on my Windows 10 HP Notebook/Laptop PC behaves as being remote controlled, just as you showed: automatic behaviour - not initiated by PCs local keyboard or mouse. This happened only connected via WiFi WLAN (Telekom speedport) shared with my neighbour, sometimes wired connected to USB keyboard and USB mouse (Trust brand).
Show me the reverse shell David :D.
One problem though I don't have the financial state to buy this. But I would love to see it
First to watch your video
Make a Usb or Program can Hack and Access or Bypass Any iPhone iCloud Activation Lock it's better👌 I'm willing to Pay👌 and Buy if you have it sir😊
I'm from Philippines
if you have enough physical access to my laptop to plug a cable into it you have more than enough access to use about 40 different ways to gain access to it even though it is running Linux. One thing you may want to explain is you are not going to capture keystrokes from the laptop with that cable - you didn't say that you could but you didn't say you couldn't either, as there is no way for the cable to man in the middle the keyboard of a laptop.
What is truly frightening are the wireless keyboard capture devices - simply sit next to someone with a wireless keyboard and log everything they type. I believe they only work on Bluetooth wireless keyboards at this time due to the different frequencies and such between different manufacturers but it's only a matter of time before all wireless keyboards are leaking secrets
its not hard to sniff random packets that float around the air... I have opened car doors in a very similar way.
I would like to see Apple investigate this, because they are pretty good when it comes to fake charger connection, but I believe you would be fully compromised by the time Apple can prevent the attack
A keylogger in a CABLE, we're NOT safe anymore. You wouldn't trust a USB storage but who in his right mind would suspect a CABLE???
David bomba🥰🥰🥰
Complete tech troglodyte here...
If I turn off my internet access whenever I'm not using the computer/cell, will this help keep me safe?
Thanks for all you're sharing. Though I don't understand much, I'm learning.
"People think this cannot be done with Linux" is a bit overdramatizing things :) It is harder to install old-school software loggers on a well-secured Linux machine, but all the cable does is typing in the password.. That's hardly hacking the operating system and more of a clever use of a keyboard emulator.
On Apple hardware, there was a "real" USB hack last year where researches bypassed Apple's T2 chip with a modified USB cable, so long as you're having physical access to the machine, you could get even further than this without being detected much.
It is a nifty cable, though and I'm wondering why the extended wifi range is only available on the USB C cables...
Nothing new, just ESP WHID + USB passthrough keylogger in nice cable package. Easy detection as new HID keyboard.
Hey, I would like to see if you could do the same key logging and applying payloads on an Mac book, if a usb c to usb c OMG cable is used to charge it.
Because I think this might be a really good way to get trapped, especially if your laptop is out of battery like it often happens to students in a library or on campus in general.
And if the OMG cable is also capable of key logging your iPhone if you use Face ID to open it up, because you aren’t really typing.
Really enjoying your content and definitely never borrowing a cable again!!
David, if I use this on an iphone, can I capture that 4 digit password used to access the device? I only ask because it will obviously be the very 1st buttons pressed so Im not sure if that counts as "typing". I realize that everything typed AFTER the pass code has been entered will be captured, but will the code itself? (Any one who actually knows feel free to educate me) 😅
You made the mistake because you allowed this cable to be connected to your computer. That's what I learned from this video thanks so much David.
Excuse me Mr.Bombal but I couldn't help but notice a typo in the title...I think its 'login' instead of 'logon'...anyways the video was awesome...as always ; )
This was fascinating, thanks, David. I'm in love with that curved long screen. Where can I buy one? 😊💻
they are not practical, look up 4k curved screen regret
Uhmm ... yeah. Your very next video should be on "How to determine if one of my cables is a mole ?". I mean since it's been easy to get one of these "for testing purposes" it should also be easy to provide a much more useful tool for ethical hacking, one able to perform a comprehensive diagnostic on any cable, available to anyone. And then extend this to just about any type of peripheral device, 'cause why not ? So far I fail to see the ethical hacking and security aspect of your video. All I see is the effort you put into "Buy Hak5 Coolness" and showcasing (read "advertising") whatever you're trying to sell. And you really expect people to support you ? For this ?!
If you've physical access to a machine, all bets are off. And that cable can't capture the password if it is typed on the keyboard of the laptop, surely? So, it's a HID device and a WiFi point. Very clever, but....
just 4 seconds in to the vid.... "does this look normal to you?" um, yeah this guy, has a curved TV as a monitor... meanwhile, i move around with a 15inch laptop. i think 22' is the one one my desk..... ahaha. otherwise, by content, this is excellent!
Being an IT admin, I'm going to buy 20 of these and replace all the employees USB cables at their desks just to Rick roll everybody at once.
I made a badud payload for flipper zero that runs a hidden keylogger in mac os and can output the logs to discord webhooks, email, sms etc... 99.9% of mac users dont use any AV and on top of that this simple logger does not genrrally get picked up as malware... kinda scary really
So, we have to have to have the user connected by the OMG cable and we can capture the keystrokes wirelessly via the app on our phone. What if the user has a wireless keyboard? Wouldn't it be a little ominous if suddenly a cable was running from it?
ominous and useless - wireless devices only use cables for charging :)
tried using the usb-c to lightning omg cable on my iPhone 12, tried the key logger and payload-nothing happened. I have an older iPad that still uses lightning and tried the key logger and payload and again nothing happened either. I connected the usb-c to my windows computer, I was able to send a payload, but key logger did not work. not sure what I'm doing wrong
If somebody bought this just for the keylogger function, than he is nuts.
Even a simple cable can create disaster for you 😨😨
mindblowing demo
how does it communicate with phone over WiFi/Bt/CellData?
2:29 I stopped here because I saw the URL that I'm all to familiar with.
I'm not going to get rick-rolled!
But I'm in the mood for watching it myself.
That's scary stuff !
Imagine setting up these multiple cables at free charging points...
Hundreds or thousands of devices can get accessed by malicious parties.
OMG, HID in a cable - unthinkable!!!11one
:)
...and price is unreasonably good also
Linux can 100% be attacked it just has a smaller attack surface than Windows and Mac.
These cables are scary though I definitely want one.
So let's see free gov phones from Q link which FBI control send out phones already loaded with those cables if someone was important enough. Maybe send a couple extra phones . I wonder thank you
Good thing that I only have Lightning -> USB-C cables at my home or USB-C -> USB-C cable
Hmm how about in windows sir? I heard in some internet cafe in indonesia installing keylogger software to steal game account from their internet cafe subscriber. (Sorry for my bad english). How i can overcome problem like that?
And so some people cry that Apple does not allow other cables, others displays - as you can see there is something wrong, and as you can see, there is no solution. In fact, the cable emulates the keyboard back and forth + some WiFi - LTE would be better
up to a mile away?
really
you're bypassing the OS. It would get logged if you were typing in a MicroDik or a PlayStation.
Mhh... you are constructing the narrative that you could log the keys for this linux notebook and then replay them with the cable. Well, you can´t. this is a notebook. Or can you log keys on a notebook with this?
Think of it what happens if the office cleaning company, walks into the office of an important person, swaps their phone charging cable? Everyone has one on their desk right? Companies need to start implement random checks I suppose?
I really appreciate 👆👆👆 for helping me with my banks logs and clone cc.. more deal with you dude
Yes David. I am curious how can we get rev shell from OMG cable.
To plug that cable into the Linux laptop the hacker is already standing in front of the keyboard, I don't think it makes Linux insecure that someone csn type a password on the keyboard
Since this is layer 1 attack I cant find reason why it should NOT work on any OS and even device. This cable is dope tho , since it does not require major interruption of the victim .
Thats why i set up my computers to require a securitykey(yubikey, etc.) as second factor for login ...
To be quite Frank, I don't believe that the range of that embedded access point is up to a mile. More likely it will have trouble penetrate a brick/concrete wall at a few meters away
Please, how can I download Packet Tracer on MacBook Pro ?? at this time, please reply quickly
So many ways in , screen mirroring, sharing, key logging, wifi & Bluetooth once you have these enabled, then their is pairing to smart tvs using streaming. Best way is to shutdown your appliance and unplug the power. One other point on ac mains switch the positive & negative poles then they switch on the appliance remotely.
how does this work though.. surely the cable must start up some kind of script/program on the pc so should it show up in taskmanager or htop or something?
how can you see wether a cable is a undercover keylogger?
This is the only technology based channel that I watch. How the hell do you stay on top of all this hacking stuff? Lol, I love it! Kali is really the best OS for hacking, cracking, sniffing!
At 4:50 you said you knew the laptop password but would still be able to capture the password with the cable. How’s that work with a laptop when you can’t run the cable from the specific detachable keyboard to the computer as a middleman?
That’s just crazy, can’t even trust anything now. Is there a way to know if a cable cable is legitimate?
greez!
would you may tell me wich model your curved screen is?
best regards and thank you for this video!
Hi sir my name is Bahawal khan I want to learn hacking from your channel please sir guide me. which of your playlist is for biggnar hackers
👍👍👍❣️👍🙏🙏
David .. if you want more followers u need to explain every single thing . In details . In legal way .. because we all want tht!
The os security has nothing to do with this. Your periferal's security is the problem.
This is not software related: it is hardware related.
Hi I have a private problem I need u to help through it a simple question about computers but I cannot comment here publicly bro.