$2 Rubber Ducky - Steal WiFi Passwords in Seconds

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

Works on windows only requires the computer to be logged in.

👍︎︎ 50 👤︎︎ u/Imshwifty 📅︎︎ Feb 01 2021 🗫︎ replies

Good luck finding an unlocked PC to plug into

👍︎︎ 18 👤︎︎ u/Calgrei 📅︎︎ Feb 01 2021 🗫︎ replies

If a WPA handshake is already hashed, why wouldn't Windows just store the hash rather than cleartext?

👍︎︎ 5 👤︎︎ u/DreamingOak 📅︎︎ Feb 01 2021 🗫︎ replies

Huh, neat!

👍︎︎ 2 👤︎︎ u/Kilroy3846 📅︎︎ Feb 01 2021 🗫︎ replies

[removed]

👍︎︎ 1 👤︎︎ u/[deleted] 📅︎︎ Feb 01 2021 🗫︎ replies

[removed]

👍︎︎ 1 👤︎︎ u/[deleted] 📅︎︎ Feb 01 2021 🗫︎ replies
Captions
what's up everybody tcm here back with another video and today i'm going to show you how you could take about two dollars in materials for this little 80 tiny 85 and create a wi-fi password stealer that will steal a password in about 20 to 30 seconds and it's all fairly straightforward it takes about five minutes to get set up and the materials very cheap you can compare this to a rubber ducky does exactly the same thing in about fifty dollars and we can make our own for two to three bucks and i printed this cute little case which i'll talk about too so before we get started please do hit that like button hit the subscribe button comment down below if you love me hate me whatever i like to hear from you guys regardless so let's go ahead and jump right in so backstory really quick about a week or two ago i had never even heard of an 80 tiny 85 i just got into 3d printing i got an ender 3 v2 and i've just been going ham printing everything that i possibly can that interests me well i am a huge allison wonderland fan if you've never seen my tattoos i mean they're all alice in wonderland i saw this lamp back there which i'll put a nice little video on the screen but i saw this lamp on a 3d printing site and i'm like i've got to make that so the printing part actually wasn't that bad i got the printing done but it uses a microcontroller called an attiny85 to run some code through those led strips and create the pretty colors that you're seeing there very straightforward it uses arduino ide it's very very easy but it took a little bit for me to figure out and from there i got to thinking i said well this is a little look at this i mean this is another one i've got here this is a little usb basically i was like why can't we just create these these are two bucks a piece why can't we just create this and make this into a rubber ducky so i did not invent this this is nothing that i'm saying i'm inventive i'm just late to the game and i looked it up there's a million different articles out there on how to create your own uh rubber duckies using something like this so i'm going to show you the code i'm going to show you and walk you through the setup and we'll kind of just take it step by step none of this is mine or original or anything like that i did modify the code a tiny bit and we'll talk through that too but you're gonna see this work here at the end of the video and you'll see how fast it steals a wi-fi password it's absolutely insane so let's go ahead and jump on the computer and we'll talk through this process so i'm gonna put the link down below is what you need to purchase from amazon if you want to purchase one of these you can get about five of them for 11 bucks once you have these or if you have one on hand by chance you can go ahead and get downloading the arduino ide that's what we're going to use to actually code onto this little microcontroller so you can come here go to downloads i'm going to put all of this in the description below by the way you come down here just click hey arduino id i want to download it for my operating system you download it you install it you run it it's fairly straightforward okay just next next next give away your kids whatever the terms agreements are and then you'll be brought to something that looks a little bit like this once it loads you'll get your first demo script okay the first thing you're going to want to do when you're in here is we got to do a little bit more installation so you're going to come in here and you're just going to say file and you're going to go to preferences all right and this little line of url it's kind of probably hard to see but this little line i'm gonna put in there in the description below as well you just need to paste this in okay it's digistump.com forward slash package underscore digi stump underscore index.json okay this is an additional board manager what that's going to allow us to do is go up here to tools go to board and then we can go to board manager here we can install a board manager now we need to install the digispark board manager because that's what we're going to be messing around with here a digispark at tiny85 all right so we just type in digispark and you should see the digi stump here actually if you just type in digi stump that'll work too but digistump uh you'll see the digistump avr boards so we're looking for this you can go ahead and just hit install if you hover over it i already have it installed but it's straightforward again just hit install let that install pause the video if you need to and just go through that process all right once that's installed now we can move on to the next little bit the next bit that we have to do is we have to run one more installation and that i'm going to give you another link for too that is just the digistump arduino drivers okay if you google digistump arduino drivers you'll find this but of course i'm going to link this in the description below you come here if you're on windows you can just click right here digi stump drivers you'll unzip it they've also got the tar.gz and the zip okay this will bring up a folder all you have to do is just i'm gonna bring this over make it super straightforward okay all you have to do here is just run the install drivers click through it again easy peasy all right so go through all that again if you need to pause just let it go i'll be here when waiting for you when you come back so once this is all out of the way we're going to go ahead and start looking at the coding of the project now i'm going to show you the code that i actually used i used this mtk 911 80 tiny 85 little repository here and i'll link this again in the description below they've got a bunch of payloads these are rubber ducky payloads if you go on google and you just search for rubber ducky at tiny 85 payloads you'll find a ton okay i just saw one that i thought would be interesting which is a wi-fi password stealer typically you don't have to be an administrator to steal the wi-fi you could just plug this in run this as a regular non-administrator command prompt and you're good to go so that's why i chose this you could plug this in if you're walking around on site you just want to steal somebody's wi-fi password in about 20 seconds whatever it is if somebody's not looking on their computer and you can pop this in it's actually very very straightforward um so if we go look at the code there's the minimize of shame as the one i'm using we'll look at this inside of the actual ide but basically all it's doing is sending a bunch of commands to the keyboard so what we're going to do is we're going to come in you can download this all right this ino file all you got to do is download it or you can copy to a file name it the same thing or however you want to name it open it up and you'll be looking something like this okay this is exactly what it looks like in the arduino ide now we're using a digi keyboard.h include we have to come up to tools and we just have to select our board so since we installed the board manager now we can use the digistump avr i just say digistump right here on the top and then i chose port 1 or com1 for my port okay that's all you got to do it's fairly straightforward the rest of this is copy and paste so in here what's happening if we look through this all this is doing is sending a bunch of code okay or a bunch of keystrokes is all we're doing and that's really what a rubber ducky does a rubber ducky just sends out keystrokes so it's opening up it's running the windows key with the r here and it's going to open up a run command it's going to open up a command prompt as tiny as it can and then it's going to try to move it down so this will send keystroke down this little for loop here it's just going to keyboard down and try to hide the command prompt um you don't have to do this one this one's just a little hidden one i just chose it for fun if somebody was watching their computer screen this is going to be glaringly obvious that something's going on this is one of those that you plug it in and then you you hope nobody's around or watching and then you take it out and you're done okay but with that being said all it does is it changes to attempt directory it runs this netsh command and exports your profile and it says key equals clear if you don't know this all of your wi-fi passwords are saved in clear text on windows okay so if you don't know now you know what this does now is it runs powershell and it looks for the original code has a dash here and it looked for wi-fi dash but that's not the pattern that it actually creates it creates a wi-fi space at least on mine so i removed the dash and just had the wild card here and then it's looking for what's called key material if you look in the export when they actually export the material you'll see that it is an xml file that xml file has something called key material the key material contains the password okay so that's all it's looking for it's just trying to pull down a string this is similar to grepping in linux it's just looking for a specific word and specific line and pulling that down instead of extracting all of the uh the xml file because we don't need it all okay and then we're going to invoke a web request we're going to send this via a post method and we're going to ship it off into a webhook site which we'll talk about here in a second and then it'll delete the file try to clear it up again this had a dash here i found the dash did not work so i just took that out and then it exited okay also i've edited this a little bit to change the delays so if you're curious and you're looking at this i tweaked this just a bit to make sure that the delay in between the commands was just long enough to work i noticed a little bit of it running over itself in the command prompt so i just made this a little bit slower in theory you could tweak this make this faster and this would even execute quicker but i like this because i've had 100 success rate when i've tweaked the delay just a little bit all right and then it says it'll turn on the led once the program finishes i do have the little uh little cover that i 3d printed which i'll link that in the description below i'll link the little 3d print that i did if you're curious on on putting one on this otherwise you can buy a case for these fairly cheap as well so with that being said once this is all said and done you got all the drivers installed and you want to run this we're going to go ahead and just check the little verify box up here and before we actually do that i do want to talk about this webhook site webhook.site now if you go to webhook.site it should look something like this all right so this is webhook.site you'll get a unique url here's your unique url i recommend you do this for your own don't use mine because what if i'm watching you i mean you can come visit if you want but there's i mean there's nothing here uh so you just copy this to your clipboard you can also have an email address and all we're doing is waiting for a request to come in okay so we're sitting here we'll just say hook we're waiting for a listener we have a listener just waiting for that post request to come to us once it does it'll pop up right here and we'll see that full action here in just a second we're gonna go ahead and go back to the code and we've already verified now all we need to do is just hit upload okay we don't need anything plugged in yet so now you can see hey we're plugging the device we're waiting on it i'm gonna go ahead and just plug that in in a new at tiny 85 which i'm going to plug in now okay and you see that it just says micronucleus done thank you all right so the next thing that's going to happen is we're going to go ahead and test this out so here's what i want to do i'm going to go ahead and plug it in but first i think i want to set something up okay i want to actually use a stopwatch and i'm going to plug this in now and now i'm going to hit start i want to see how long it takes for something to show up here you can see it running a little bit on the screen there it's invoking and exited and there we are so about 20 seconds is what that just took okay and you can see my wi-fi is please don't hack me with a couple exclamations and my password is terrible it's one two three four five six seven eight and that's it i mean that it was that simple plug-in go i was probably a little delayed here 20 seconds right that's not bad 20 seconds to steal somebody's wifi password with a two dollar piece of material i mean i am 14 minutes into my video right now with editing that has to go down so what i just showed you literally does take maybe five ten minutes to set up and you can have this have this hooking in in literally ten minutes like it's it's insane the power of this microcontroller and it's insane what you can do and don't have to spend fifty dollars on a rubber ducky not saying the hack five is not great but a lot of us are on a budget right so if you're on a budget that's a great alternative so everything's gonna be in the description below hopefully you enjoyed the video i really enjoyed making this i enjoy doing this project and i hope to do more hardware and more coding projects as we go as well so i'll see you in the next video until next time my name is the cyber mentor and i do thank you for joining me peace out
Info
Channel: The Cyber Mentor
Views: 390,069
Rating: 4.8392401 out of 5
Keywords:
Id: uH-4btjE56E
Channel Id: undefined
Length: 13min 30sec (810 seconds)
Published: Sun Jan 31 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.