How I did it

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
brutal what are you doing hacking with what are you hacking today doodle rubber duck you using usb rubber ducky to hack into networks are you yes are you a good or bad poodle [Music] in this video i'm going to show you how to set up the hack 5 usb rubber ducky in a previous video which i've linked here and below i showed you how to use the usb rubber ducky to set up a reverse shell and take control of a computer but in this video i'm going to show you all the steps to get the rubber ducky working basically to allow it to run powershell scripts if necessary how to set up a web server using python on a kali linux virtual machine i'll show you how to run netcat basically show you all the steps from beginning to end to make this work but rather than showing you all the advanced stuff from the beginning i'm going to start with the very basics i'll show you step by step how to get a usb rubber ducky to do things on windows now please note this doesn't just apply to windows you could also use scripts on linux or on mac os you create scripts for a specific operating system and a specific attack so if you were trying to attack a mac operating system you would create scripts for a mac operating system we interrupt our program to bring you this important message never plug in some unknown usb thumb drive into your computer because it could be an attack like this unfortunately a lot of people plug these in you should never plug in some unknown thumb drive the usb rubber ducky has been around for years hack five has created more products there are additional products such as the omg cable which i demonstrated in this video that take this a step further but the language used on the usb rubber ducky is the same on a lot of other products so it's well worth learning how to set up these scripts how to make things work using the rubber ducky language now hack five sells this book which you can purchase separately if you want to learn how to use the usb rubber ducky i wouldn't do that even though in this book they give you the commands and examples to use the usb rubber ducky the reason i say that is you can get the documentation online so on the hack five website and i'll put a link to this documentation below this video you can learn about the usb rubber ducky language so as an example these three lines of code will work as if you had pressed the windows start key and r and then you can run a command such as cmd and then press enter basically the usb rubber ducky pretends to be a keyboard so any keystrokes that you would send using a physical keyboard can be replicated using the usb rubber ducky it just allows you to send the keystrokes very very quickly to the computer rather than trying to manually type them now the most important components that you'll get are firstly obviously the usb rubber ducky so usb rubber ducky over here we've got the micro sd card we're going to write the payloads to the micro sd card and to do that i've got this thumb drive so basically the steps are firstly you have to write a script then you have to compile that script you have to save the script onto the micro sd card using the thumb drive as an example then you've got to insert it into the usb rubber ducky and inject that into a computer so i'll show you all those steps right now first step is to create the script and then compile it now for this demonstration i'm going to do everything on this windows laptop because most people use windows you could use linux you could use a mac if you prefer okay so first thing i need to do is decide what type of script i'm going to create i've put a whole bunch of scripts on my github page so if you go to github forward slash david bumble look at hack five i've put a whole bunch of scripts here that could be used for the omg cable or for the rubber ducky so this first script a very basic script starts notepad rem is comments you can look on the hack 5 website for the rubber ducky script command reference they'll give you a whole bunch of commands that you could use on various devices that they create such as bash bunny keycroc omg cable and rubber ducky so i'm just going to explain the basics you can see all the commands on the hack five website darren from hack5 has also created a whole bunch of payloads that you can download so there's a whole bunch of payloads out there you probably need to play around with them and edit them to make them useful for what you want to do but in my example i'm going to start with a very basic notepad script we're going to start with adding a delay we want to make sure that the usb thumb drive is recognized keyboard is initialized and we can send commands to the windows device this command basically means press the windows key and r so windows key and r that allows us to run a command we've got a short delay and then the string that we're going to run is notepad.exe so that's basically me typing notepad.exe in this example i'm controlling this windows laptop using vnc just makes it easier so that i can use the keyboard in front of me rather than trying to type like this but basically what we've done here is we've told the script to type notepad.exe and then to press enter so i'll press enter and notice notepad runs we've got a delay of one second and then we type in a string that says you have been hacked so rather than me manually typing that we're going to script the application to do that so again i'm going to do all of these steps on the windows laptop so i've gone to github forward slash david bumble i'll go to hack five and i'll select this notepad script and i'll copy that and then i'm going to go to a website called ducktoolkit.com there are multiple ways of encoding or compiling your script and this is probably the easiest way to do it so i'm going to go to encoder and i'm going to paste the script here so there's my script i need to select the keyboard that i'm using the keystrokes vary depending on the keyboard that you're using so in this example i'm using a united states keyboard if you're using a different type of language then select the correct language or keyboard that you're using because the keystrokes will vary depending on the keyboard so sometimes some scripts won't work clicking code we're told that we should only use this for network auditing and security analysis purposes basically don't do bad things with this software i'm going to click ok and then i'm going to click download inject.bin and download duckycode.txt duckycode.txt is just our original script and then the inject.bin file is the actual compiled or encoded attack that we're going to run so what i need to do now is take the sd card and put it into this thumb drive and put that into the computer i'm not going to scan the drive all i'm going to do is copy the inject.bin file and paste that onto the usb drive now i have got a folder here with various payloads you don't need that all you need is the inject.bin file so that's all you need in the root of the usb thumb drive make sure that you safely remove the usb thumb drive if you don't do that you may have problems okay so i'll take this out and what i'll do now is put this into the usb rubber ducky and i'll cover it just to make it easier to handle so cover it like that so now i've got the usb rubber ducky with a payload and all i need to do now is put it into a laptop and it will run the inject.bin file so i'll put it in here and what you should notice is notepad starts up and some text is written that's how you use the usb rubber ducky this is pretending to be a keyboard once again and is simply sending keystrokes to the laptop okay so that was very basic let's do something more complicated so on my hack five github page i've got a script here to turn off windows defender so all this does is it's got some delays presses the windows key and r waits a little bit and then it runs a power shell to disable real-time checking of viruses so in windows if i search for virus and threat protection settings manage settings this is off at the moment what i'll do is turn that on so that's now on real time protection is on this is basically going to turn it off now in a lot of cases you need administrative privileges to disable that and we basically going to send keystrokes to do that so we're going to press the left key press enter delay a bit and press y to basically disable it okay so i'll take the script go back to the duck toolkit website and click paste and select united states as my keyboard and click encode and now i can download the files just before i do that what i'll do is move the original payload file to a subdirectory i'll download inject.bin and download my code you don't obviously have to download the code but i'll just do that so we've got to that so there's my ducky code and here's the payload so on the usb rubber ducky i'll open this up take the sd card out put it into here put it into my windows laptop again i'm doing everything on windows here because most people use windows laptops but you could use linux or mac os if you prefer so i'll copy that and i'll delete this one and i'll paste this one in you unfortunately can only run one payload so as soon as you put the usb rubber ducky in it's going to run the payload that you specified here you can't use multiple payloads but when you use the omg cable like i demonstrated in this video once again you can run multiple payloads so you can remotely connect using a wireless access point to the cable and then get it to run multiple scripts yeah you've got one chance so i'll eject the thumb drive take that out put that into the usb rubber ducky and let's close all these windows but have the anti-virus displaying so at the moment you can see that real-time protection is on let's see what happens when i plug that in so start something something happens notice that's off so i've just got the usb rubber ducky to send keystrokes to the laptop to disable real-time protection the reason i want to do that is when i run my reverse shell script it won't work if windows defender is on so the first thing i'm going to do here is turn off windows defender as i've demonstrated and then i'm going to download a script from this website the boss lol payload.ps1 so as i demonstrated in my previous video that connects to this web server running on a kali vm and then pulls down a script that sets up a reverse shell using netcat now a lot of people wanted to know how i did that so i have added the simple http put server code to github here this command sudo python simple http put server and a port number let's say port 80 allows me to run the script if i've saved it with this file name so going back onto kali so that you can see that i'll stop that script and clear the screen alice shows me this file if i cut it so cat simple http put server there is the script i've put an edited version of this on github because by default i don't want to use port 8080 i want to use port 80 so the command that i'm using to run the script is this sudo python simple http put server port 80. so there's the code and what i'm doing in the background is running this payload.ps1 file so the script that runs on the usb rubber ducky is basically going to make a tcp connection to the boss.lol that domain name resolves to this kelly linux server here it's going to connect on port quadruple 4 and the reason it's doing that is because i started netcat on that port number so on github once again i've put the code to start netcat so all the code is here that's the code that i'm using to start netcat so basically this payload.ps1 script is pulled down by the usb rubber ducky and run and this script initiates a session to netcat using this domain name and this port number so on this windows laptop if i open up a cmd prompt and i do an ns lookup to the boss.lol you'll notice it resolves to this ip address and that's the ip address of this kali linux server the reason why that resolves is because i've got a local dns server simply mapping that domain name to the server you could be hosting this on the internet rather than using a local server like i've done here so basically this script is going to be pulled down by the usb rubber ducky so here's that script this is the script that we're going to run on the usb rubber ducky it once again is disabling windows defender and then it's going to pull down that script and run it so i'll just work through the logic again and then i'll show you all the steps when you plug in the usb rubber ducky it's going to disable windows defender it's going to open up a power shell and download the script and run it this script is the script which i'm hosting on a web server so this is the script payload.ps1 that's running on a web server i'm using a simple python script to run a web server on my kali virtual machine and that's connecting to a netcat server that i enabled using this command so i've got a web server and i've got netcat running on my kali virtual machine when we plug in the usb rubber ducky it's going to connect to the web server pull down a script that then starts the reverse shell to net cat okay so let's get that usb rubber ducky script i'll copy that go to the duck toolkit website go to encoder i'll paste the script in here keyboard that i'm going to use is united states i'm going to encode the script back in windows i'll delete the previous scripts i'll download inject.bin and download the ducky code that's once again just a copy of the script that we created the important piece now is to take inject.bin and i have to copy that onto my sd card so i'll open up the usb rubber ducky i'll take out the sd card i'll put the sd card into this usb thumb drive plug it in windows complains again so once again copy that usb thumb drive i'll delete the previous script paste this one in and then make sure that you eject the usb device or usb thumb drive okay so that's been done now back in windows i'll enable real-time protection just to prove the point i'll plug this into the usb rubber ducky there you go ready for deployment now on kali i need to make sure that i'm running my python server which i am and i need to make sure that netcat is running which i am if i type drr at the moment nothing happens because there is no reverse shell connection to netcat but back on windows i'll plug this in first thing that should happen is that real-time protection should be disabled which it is and now what should happen is the reverse shell connection should be made now it doesn't look like anything has happened here i mean we can see that's disabled but what's happening in the background if i open up task manager is that a powershell session is running and on kali a connection was made to the kali virtual machine so a device with this ip address which is my windows pc did a get to get that script and now in netcat notice i can see some output so if i type cd root type drr i'm in a windows directory so let's take this script start chrome and i'll get chrome to start up with a window that's maximized so i'll paste that script in and notice chrome has started up and the computer has browsed to my youtube channel let's take another script so i mean you can get it to do almost anything like i demonstrated in my previous video let's start notepad so a simple command like this start notepad notepad is started what you can do is kill notepad so take this command task a kill find it notepad and kill it and there you go notepad has been killed now i won't bother repeating the entire previous video here you can get a lot of the commands from my github page so as an example there's hack five i show you various rubber ducky scripts that could be used with either the omg cable or could be used with the usb rubber ducky this one as an example allows you to copy all your wi-fi passwords to a web server there are lots of options available with the rubber ducky have a look at darren's github page for a whole bunch of payloads both for windows and mac os and for linux as an example okay so hopefully you enjoyed this video i've now shown you how to get started with the usb rubber ducky you can buy the usb rubber ducky from hackfire for about 50 if you enjoyed this video please consider subscribing to my youtube channel please like this video and please click on the bell to get notifications when i upload a new video i'm david bomble want to wish you all the very [Music] best it's
Info
Channel: David Bombal
Views: 77,923
Rating: 4.947433 out of 5
Keywords: kali linux, kali linux tutorial, kali linux install, kali linux hacking tutorials playlist, kali linux basics, kali linux tutorial for beginners, kali linux 2019, kali linux 2020, kali linux hacking tutorials, ethical hacking, ethical hacking tutorial, ethical hacking free course, ethical hacking course, how to become a hacker, ccna, ccna 200-301, linux tutorial, ceh, oscp, hacker, cisco training, ine, ccna study, kali, wifi, kali linux 2020.3, cissp, cisco, cyberops
Id: A2JNBpUotZM
Channel Id: undefined
Length: 22min 9sec (1329 seconds)
Published: Sun Nov 01 2020
Related Videos
Ex-NSA hacker tells us how to get into hacking!
David Bombal
467K
I own your WiFi
David Bombal
79K
I will own you in 3 seconds. Never do this!
David Bombal
947K
Best hacking laptop and OS?
David Bombal
144K
Credit card cloning is too easy!
David Bombal
441K
Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
freeCodeCamp.org
933K
Tour of A Hacker's Backpack (My EDC)
Cole Kraten
684K
How THIS instagram story kills your phone.
Mrwhosetheboss
3.1M
If I had to start over...which IT path would I take?
NetworkChuck
314K
Your WiFi is mine!
David Bombal
272K
Metasploit
David Bombal
17K
Hacking the Wifey with the O.MG Cable
Jack Costner
19K
Do you need a Cybersecurity home lab?
David Bombal
30K
What Wi-Fi Hacking tools do hackers use?
Hak5
287K
What Is Right To Repair?
Marques Brownlee
2M
Born to hack?
David Bombal
20K
RICH Hacker explains why Valve never BAN him... (CS:GO)
Sparkles
501K
Python WiFi DoS (Denial of Service) attack
David Bombal
109K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.