Cara dan Panduan Quickstart yang Hilang untuk Menjalankan Hack Payload Keystroke Pertama Anda
The USB Rubber Ducky is an excellent device for general penetration and damage testing. Despite appearing to be a harmless USB thumb drive, when plugged into a computer, it instead registers itself as a USB keyboard on the system and ejects a keystroke payload at lightning speed. It doesn't take much imagination to see how you can use this little device to trick your client employees (or your friends) into unknowingly installing all sorts of stuff on their computers. Everything from backdoors and keyloggers to programs that maximize their volume and play random loud music throughout the day. The device is cool and can be ordered for around $45. But when the package arrived, it came with a large number of tiny parts and no clear instructions on how to make it all work together to prepare your first load.
It may look like a regular USB on the outside, but at its core the device consists of a pre-programmed micro SD slot placement to transmit a charge when the device masquerades as a keyboard human interface (HID) device. Linux, Mac, Windows, and mobile Android devices are all potential platforms for Rubber Ducky to penetrate, as most standards are now HID compatible for simple plug-and-play. There's also a small button on the board to replay another attack, saving you the time of having to recreate the same attack on a micro SD. The rubber duck kit includes a case to cover the device like any other USB storage that is commonly seen achieving intercourse almost effortlessly. Now that you've got your own Ducky Script up and running, here are some tips I've learned to make the most of your USB Rubber Ducky. Make sure you know what platform your payload will run on As previously mentioned, a duck script that works for, say, macOS will almost certainly not work for an Ubuntu or Windows machine. And duck scripts that work against the latest versions of Windows 10 may not work at all on older, unpatched Windows 7 machines. As always, OSINT is the foundation of any successful security operation. Keep your options open with multiple microSD cards for different platforms If you're trying to do on-site testing with a client and you're not sure which operating system their previous workstation was using, it might be helpful to have multiple microSD card labels with payloads for different platforms. You may only have a few seconds of physical access to their machine, so it's important to be able to work quickly to deploy your payload. Don't be afraid to use DELAY and DEFAULT DELAY While it's tempting to delete all DELAY statements to get your ducky script load to execute as quickly as possible, keep in mind that the target computer may need some time to process your previous command before it's ready to accept the next keyboard input.
Don't be afraid to use DELAY and DEFAULT DELAY
While it's tempting to delete all DELAY statements to get your ducky script load to execute as quickly as possible, keep in mind that the target computer may need some time to process your previous command before it's ready to accept the next keyboard input.
It's better to make something pause on the screen and add a few extra seconds to your program's execution than to fire keystrokes so fast they're gone before the program opens or is ready to accept input.
It's important to add a DELAY to the beginning of your duck script so that the first few keystrokes don't go away before the victim's computer fully recognizes the new "keyboard" it's plugged in.
Test, test, test.
The only way to "know" how your payload will perform on your target machine is to run a simulated exploit on a similar platform. If you're not running the same operating system and service pack version as your target machine, try to get the local environment setup using something like VMWare.
Practice plugging in a USB rubber duck to see how it works, and use physical buttons to re-run the charge if it initially fails. You may see unseen errors from just reading the duck script, such as commands that occur too quickly or keyboard shortcuts
different that doesn't trigger the action you expect.
Good luck.