ZOMG HaX one-liners and Javascript Ducky Encoding – Hak5 2513



JS Ducky Encoder: https://downloads.hak5.org/ducky

Payload:
DELAY 3000
GUI r
DELAY 500
STRING cmd /C “color a&FOR /L %N IN () DO tree”
ENTER

Contest: https://hak5.org/contest

—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Our Site → https://www.hak5.org
Shop → https://www.hakshop.com
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
Threat Wire RSS → https://shannonmorse.podbean.com/feed/
Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999

Host: Shannon Morse → https://www.twitter.com/snubs
Host: Darren Kitchen → https://www.twitter.com/hak5darren
Host: Mubix → http://www.twitter.com/mubix
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆

Original source

32 thoughts on “ZOMG HaX one-liners and Javascript Ducky Encoding – Hak5 2513

  • April 26, 2019 at 17:15
    Permalink

    I have a reworked version of AES which uses 4×16 byte blocks called states and uses TDES128 cryptosystem to modify the 4xstates in the keyaddition() routine instead of just XORing the states with four keys per round which makes for a stronger cryptosystem do you want me to send your the package or not.

  • April 26, 2019 at 17:15
    Permalink

    these comments are awesome. i wish i could afford some of your gear but im too young to get a job here and dont earn enough doing what im doing. do you know if there are any cheap alternatives to the pineapple. would be great if there was thanks

  • April 26, 2019 at 17:15
    Permalink

    Thanks for the chance at the giveaway. I'd actually use a simple line like yours add a pause in the tree (stop it) and then continue on as if someone found a file they wanted

  • April 26, 2019 at 17:15
    Permalink

    Man, do a video on matrix irc bridging. It would be cool. Also do some FreeBSD based video. FreeBSD is mainstream enough these days for geeks. Do a video on dtrace, ZFS etc.

  • April 26, 2019 at 17:15
    Permalink

    how to prank a technologically inadvanced friend.
    DELAY 1000
    GUI r
    STRING cmd
    DELAY 500
    STRING ipconfig /all
    REM spooked

    Then scream "You're getting hacked!!!!"
    **He went nuts**

  • April 26, 2019 at 17:15
    Permalink

    My Run Dialogue would look like a system infiltration from The girl in the Spider web complete with a fake ip Adress 👩🏼‍💻

  • April 26, 2019 at 17:15
    Permalink

    I have never used a usb rubber ducky before (and would love to try any hak5 gear) but i think its possible to lock folders with 1 line? ¯_(ツ)_/¯ but this becomes scary i suppose…

  • April 26, 2019 at 17:15
    Permalink

    What would be awesome would be to copy a zip compatible file on to a computer (such as an XPS file – lots of manuals are like this or can be created from Word/PDF docs), change the file extension to zip, copy documents into the zip, rename it back to XPS and then extract it/email it or whatever. If it's ever intercepted, the XPS file will just open like you'd expect showing the original document. This is great for extracting small files (<1mb depending on size of the original XPS file) as it won't noticeably change the overall file size. You'd raise some eyebrows if you ended up with a one-page XPS file over a GB in size though…

    Real easy to do in a GUI… not sure how easy in a CLI? I left most of my CMD knowledge back in 1998!

  • April 26, 2019 at 17:15
    Permalink

    I've seen a rubber duck that once injected, it open youtube and started to play Rick Astley – Never Gonna Give You Up

  • April 26, 2019 at 17:15
    Permalink

    My favorite one liner I discovered a while back is a fork bomb to make the pc increasingly become slower and run out of memory (eventually crashing):

    "cmd /k echo -^|->-.bat&-"

    And the flashy factor is there since it just keeps opening new windows faster than you can close them filling the screen!

  • April 26, 2019 at 17:15
    Permalink

    Currently a software developer. You guys have inspired me to go back to school and get certified in Cybersecurity. Currently working on Network+ and Security+. I just wanted to thank you all for relighting the spark in me. Was starting to burn out on Enterprise software development and it feels great to have inspiration again. Keep up the good work.

  • April 26, 2019 at 17:15
    Permalink

    To make this payload even scarier, after the loop is launched, simply send "Alt-Enter" to switch from graphical mode to true "text mode".

  • April 26, 2019 at 17:15
    Permalink

    Maybe it might be fun to do this same cmd. That opens a gif window (in the users browser of the deleting files animation) this probably isn't in the one line category but it would really freak noobs more than just a looping dialog maybe

  • April 26, 2019 at 17:15
    Permalink

    Endless loop command "echo malware installed, thank you! !" & pause & cls
    (rules of the game we dont mod anything) not tested..

  • April 26, 2019 at 17:15
    Permalink

    The USB HID standard has buttons for standby and power-off. Is there any encoder that allows those buttons to be pressed?

  • April 26, 2019 at 17:15
    Permalink

    Can you program the ol' 'take pic of their desktop and replace as wallpaper?" that one keeps them trying to click for awhile in confusion. Bwahaha!

Leave a Reply