JS Ducky Encoder: https://downloads.hak5.org/ducky
Payload:
DELAY 3000
GUI r
DELAY 500
STRING cmd /C “color a&FOR /L %N IN () DO tree”
ENTER
Contest: https://hak5.org/contest
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Our Site → https://www.hak5.org
Shop → https://www.hakshop.com
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
Threat Wire RSS → https://shannonmorse.podbean.com/feed/
Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Host: Shannon Morse → https://www.twitter.com/snubs
Host: Darren Kitchen → https://www.twitter.com/hak5darren
Host: Mubix → http://www.twitter.com/mubix
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Original source
32 responses to “ZOMG HaX one-liners and Javascript Ducky Encoding – Hak5 2513”
I have a reworked version of AES which uses 4×16 byte blocks called states and uses TDES128 cryptosystem to modify the 4xstates in the keyaddition() routine instead of just XORing the states with four keys per round which makes for a stronger cryptosystem do you want me to send your the package or not.
these comments are awesome. i wish i could afford some of your gear but im too young to get a job here and dont earn enough doing what im doing. do you know if there are any cheap alternatives to the pineapple. would be great if there was thanks
I love the rubberducky, still learning all the possibilities
Thanks for the chance at the giveaway. I'd actually use a simple line like yours add a pause in the tree (stop it) and then continue on as if someone found a file they wanted
Add start before tree so that it keeps opening new windows with the tree command on each one.
Man, do a video on matrix irc bridging. It would be cool. Also do some FreeBSD based video. FreeBSD is mainstream enough these days for geeks. Do a video on dtrace, ZFS etc.
Awesome video
how to prank a technologically inadvanced friend.
DELAY 1000
GUI r
STRING cmd
DELAY 500
STRING ipconfig /all
REM spooked
Then scream "You're getting hacked!!!!"
**He went nuts**
I flip the screen upside down while before running the command…
the tree is pretty great
Great tip for starters
Nice! And also, I would like to win 🙂
Yeah I definetly need a rubber ducky for security awareness training too!
You should include ALT + ENTER right after the command starts to execute! It'll make the noobs go crazy!!
My Run Dialogue would look like a system infiltration from The girl in the Spider web complete with a fake ip Adress 👩🏼💻
I love this thing
I have never used a usb rubber ducky before (and would love to try any hak5 gear) but i think its possible to lock folders with 1 line? ¯_(ツ)_/¯ but this becomes scary i suppose…
What would be awesome would be to copy a zip compatible file on to a computer (such as an XPS file – lots of manuals are like this or can be created from Word/PDF docs), change the file extension to zip, copy documents into the zip, rename it back to XPS and then extract it/email it or whatever. If it's ever intercepted, the XPS file will just open like you'd expect showing the original document. This is great for extracting small files (<1mb depending on size of the original XPS file) as it won't noticeably change the overall file size. You'd raise some eyebrows if you ended up with a one-page XPS file over a GB in size though…
Real easy to do in a GUI… not sure how easy in a CLI? I left most of my CMD knowledge back in 1998!
I've seen a rubber duck that once injected, it open youtube and started to play Rick Astley – Never Gonna Give You Up
My favorite one liner I discovered a while back is a fork bomb to make the pc increasingly become slower and run out of memory (eventually crashing):
"cmd /k echo -^|->-.bat&-"
And the flashy factor is there since it just keeps opening new windows faster than you can close them filling the screen!
Currently a software developer. You guys have inspired me to go back to school and get certified in Cybersecurity. Currently working on Network+ and Security+. I just wanted to thank you all for relighting the spark in me. Was starting to burn out on Enterprise software development and it feels great to have inspiration again. Keep up the good work.
Could anyone else here the emergency services in the background at 3:40?
I love the rubber ducky. My bash bunny is jealous! Lol
To make this payload even scarier, after the loop is launched, simply send "Alt-Enter" to switch from graphical mode to true "text mode".
Maybe it might be fun to do this same cmd. That opens a gif window (in the users browser of the deleting files animation) this probably isn't in the one line category but it would really freak noobs more than just a looping dialog maybe
Same
Random numbers, green characters
The dir/s of doom!
Endless loop command "echo malware installed, thank you! !" & pause & cls
(rules of the game we dont mod anything) not tested..
The USB HID standard has buttons for standby and power-off. Is there any encoder that allows those buttons to be pressed?
Can you program the ol' 'take pic of their desktop and replace as wallpaper?" that one keeps them trying to click for awhile in confusion. Bwahaha!
Nothing quite like a bit of Hollywood hacking 🙂