Tip:
Highlight text to annotate it
X
wall
this segment up at five is brought to you by
go to assist well look back five my name is Darren kitchen
I'm Shannon Moore situation doesn't act last we have lot
in store for you this week we really do and I'm really excited
we have like Christmas colors going on up here with Corey Tiger
array hadn't thought about it like that we've got a red
way yeah I mean black the OG in green
'em when we start a new issue over W project wanna the
biggest barriers to entry was cost in that since we had we developed what we
originally designed
on the TT platform yeah and had our first kind a bit of fun
learning custom hardware manufacturing we're doing really small runs
and anyway basically the long/short a bit is economies of scale
yet when we launched the ducky a little over a year ago as I eighty dollars in
we just had our latest run with we went from black to read the way in
latest one turn green best about the hallway thank you
and and now we're able to you know get it down to forty dollars
that's awesome and so hopefully we can just go ahead and continue doing that
as we do later runs and then make me so that you can literally yeah and I'm
excited to see what you're talking about today with the USB rubber duck hunter
lovell Android phone hacking with america rubber ducky and get some fun
stuff in the forms
so I yes that's that's it for the yeah
beso y would just go ahead and check it out and I will see on the inside
of them so it's been a little while since we talked about the USB rubber
ducky and I figured
we do a little %ah little what's up with that segment
so if you guys don't remember the USB rubber ducky the concept with that is it
all about exploiting human interface devices
exporting inherent trust that the machine has with the human because a
course where the master and all that fun stuff
and the idea being if you could only get access to machine for just a few seconds
what could you do with it if you could sit down at the computer and type as
fast as Superman and so that's
the whole idea behind that and we started this project
couple years ago with a development platform called the
USB teensy which is a complete canard we know clone
and I told iron geek at schmoke on 2010 and then he later
when Haddin demo that a month later a outer zone
and then since then you know the attacks has been referred to as a ducky attack
or a teensy attack
again the teachers being like II inexpensive like twenty dollar art we
know clone
the thing about that is programmed to see it's compiled
you have to flash the device and then ru
using that as a development platform we were able to come up with what I think
is kinda the best option for this kinda and testing
and so we introduced in September 2011 and it's been a year
so let kinda go over what goals of the project were where we are now what the
future isn't all that fun stuff
so the goal was simple all about making the USB rubber ducky as simple
as humanly possible in one half to break the code in wanna have to compile
anything don't wanna have to do any see script or anything like that so
I'd say the ducky script that we came out with was a complete success
all Lake I mean if you've ever program basic this makes it look difficult
in fact we've put the entire ducky script on the back of the card
mean it's it's that Mon simple so
I think that was a huge win the other thing was we
really wanted it to be on you know
easy to swap out payloads and there's a lot of different options as far as like
you know there's some stuff for the teens we can do like DIP switches
arm and I feel like really with the inexpensive nature
are Lake micro SD cards barely even see that on camera Pawlicki said that over
here coming in had
that flake yeah their ego so as long as in Cary couple those around
should be all good and so I think that was a huge success for the project
we wanted to be cross-platform and we really felt like there
but we have fixed that I'll get to in a second and we wanted to be
in engineer case so that it
looks pretty innocuous here's actually the teensy and you can see this is a a a
regular teensy here
with the with the adapter that you need to make it a regular mail a
and then this is
a a is the Ducks missus the doc in white
and this a doc inside case and it's that same genera case
they've seen time and time again don't have to put the decals on it just makes
it a little bit more really
but you know you can be pretty covert with this not I feel like we did
huge success it looks and feels just like a regular flash drive and so
you no one's really the wiser I if you're using in a can social engineer in
context
to do a little explaining so right off the bat
on this was a this is the first time we really ever got into like custom
developed hardware
and I so we had some pretty big ambitions as far as making a
user-friendly and pretty innocuous
and cover but as such we learned a lot when it comes to manufacturing and so
the first problem of the bat
I read up was that it was expensive I eighty dollars a unit at launch
a year ago on like I said we are saddened problems or as US keyboard
only that was another for site work like I had no idea
like I know it's certain in North American thing to say but
no idea that there are actually different key codes for different
keyboards in different languages and and at the time was actually when is only
now thankfully a lot of this has been solved and
also because if the community and that's what I love about an open source project
like this
so the firm has been updated and I have to give right after that huge props to
midnight snake
in half by forms for his contributions because now we have
I in addition to Windows there's Linux and OS transport we've had it for a
while and I think that
thats Sui and about to show you some other fun posing in a
so and also is for languages US UK Germany
Danish I French I
and a Norwegian and there's another 1i I don't particularly
remember I was a Portuguese anyway
at Swedish to see Swedish Portuguese yet those so
we have a couple languages were still working on that and what I'm most
excited about
in addition to some the web stuff that we're doing is that it is
finely I feel like inexpensive it it close to where I want it to be
back and getting all laid out here this is the the original dev platform the
teensy with a
an adapter on it and then you can see the the lineage
the original doc I was like eighty dollars and then
you know as we ramp up manufacturing and we keep changing the colors we can tell
the red doc
and then the white duck before finally
the latest version the greenback and we finally got it down to half price for
the original unit down forty dollars
my goal with this project is to make it simple enough to anyone can implement a
payload
which I get to the almonds because I feel like we're getting there with that
an inexpensive enough to any penetration tester a hacker anywhere
can get it on in these and apply and Jess's as
on as easily as you would just a bunch a USB drives because nobody's doing on to
play anymore that's
that old hat that's been thwarted but with beautiful about a hit attack
is nobody protecting against keyboard as a vector because
you kind in need them to use a computer and again it violates an inherent trust
that is
so deep within the system that goes back to
like the very first computers the very first personal computers
with keyboards as the input and monitors at the operating teletype
I don't know it never tried to plug this thing into a a
like a COBOL machine your whatever but on I
many maybe with an 80 adapter I'm not really sure but only USB and that is
pretty
ubiquitous so I'm really excited about that so as far as addressing
some %uh those are things to release for some more development into this
I got really into developing kind of like a wizard
I like I said the ducky scripting language already
pretty am something in this is this the whole thing that's that the doc in a
nutshell
and and I think that's great for any way they want to get certain scripting but
if you just one
to deploy some the austin Taylor that have already been done are
while the forms are a great resource for the week is a great resource
I'm really excited about this so this is USB rubber ducky dot com
and one of my favorite payload is from New backs is just this
PowerShell W getting execute and all this does
is when you create this payload it goes ahead
and I and
download whatever execute a bowl of the web you want
and then just execute it's very simple in fact it's
report four lines of code up by its so nice to be able to come over here
and I can just type in BWW example
dot com slash Bob dot yea XE and go down here and say body except the local file
name:
could generate payload
and on the server side it goes heading creates this and actually see the ducky
script for it
as well as now i cant changes have i won
I but it's done and I can click download payload and now I get a
inject up in file so if you can drag-and-drop file
that you downloaded over the web to when are these little
micro SD cards than film Bob's your uncle
arm so I've gone ahead and added some of my favorite payloads to this in addition
to
the PowerShell W getting execute we also have the wifi back door for Windows
is a really cool one that creates a software access point with
the name love AP that you want and then
a very secure password and then even lowers the firewall so that
to you know you can help those people out the
there's also a reverse shell there's a very basic beautiful
reverse shall we just give it the port number all say 8080
and host are now all say eight-day 8.8 I a at a known outs on them Google
anyway generate payload and you can see there's the entire payload I can even
come down here and see where we start injecting binary
but what's beautiful is right at the very end that's pretty much
the just a bit this is where changes that actually changes the
most important for that I specified so there are a bunch of other
awesome payloads that on putting into this because
London can really easily be tweaked to
just some very basic variables so I think that's really cool and I want to
stir adding some more those
so I've been getting into the forms and if you have some
I know that a lot of people I conferences have come up to me and say
to Darren love the doc
using in all these engagements and noise like to keep your pillow and you know
cuz it only makes the the community better and everything better for
everyone so
I I encourage you to check out USB rubber ducky for that but what and
super super super stoked about now
is Android hacking okay get this I got totally inspired
when cause was I here and we're talking about
I the the cause cable cash which had a cause cable
nearby anyway um I have
its on the the idea with that was that you could take at
from that Paul your wonderful
I and the idea with this was that you can take you know your phone on the red
and
and then the black phone the the bike and goes into the victim town
and then you can do some really cool Android hacking over a DB
now as cause explained ADB needs to be enabled
on your victim down in order to go ahead and execute that attack which got me
thinking
what's the quickest way to Gaby be enabled let's take a look at that
and I have a payload here and just to kind of show that an example of an
Android phone setup this is
a I Galaxy Nexus running the very latest version
a about the Android operating system while she hears gotta
sushi woohoo and so that
for .2 .1 and I have a keyboard here
so 1 I'll just do and a set this up as
plug my keyboard right into the Android phone and this is is what I love is
I have to do this because it's the if the most basic
like haha are not sell or whatever not a remote shell amino I've got physical
access the vices are renowned but
if I just hold on the winners can hey there
calculator and then escape is the back key
so you can clog a USB keyboard into an Android found as long as you have
a Ltd adapter all day long and start throwing he goes out and find really
cool stuff have already found like
winners am opens up maps Windows G opens up
who gmail which is cool cuz then you could like sending email from the device
with all sorts in the various stuff like attachments like it had two latest
photos in the gallery or something
in turn out to be fun so let's talk about setting
up I ADB with
I with what is a call with developer options in
Android now I added purse actually demo this
at Derby Conn a couple months back when
I when cause was showing off his research
and since have actually had to update this because I guess
somewhere along the line a Google savvy to this or the and routinely figured
that
not everybody need access to developer options
so when you go 'cause anyway on but they're not completely gone
are you done on this count we can add show how to do it again without
having a form at the foul on but if you've got
a newly updated phone on four point ira
a 4.2 and above go to Settings
and then scroll to bottom and you'll see the developer options is an actually
there
but if you go into about phone scroll down to the bottom and you'll see the
kernel version
hap three times and kernel version and hit back
and now developer options are there again so take okay cool
something I can do programmatic lay the let's just go ahead and do that here is
this from the white one other the latest in green ones that still the same
firmware but let's go ahead and plug a dock in
and see what happens now
the first thing does go to the home screen purse is already there go to
about phone enables that even if it is enabled doesn't matter
we enable USB debugging her developer options now enable USB debugging and go
back home
and so all that takes about 10 seconds which
is pretty freaking cool I have another one here that I would
figure would show would be really need to show off because if you couple that
with Blake wifi pineapple you can do some pretty neat stuff
on and of course again the sky's the limit when it comes to this stuff
because again
physical I a physical access all bets are off
and the faster you can do with physical access the better okay so
this one's another one another payload have set up and this one really fun to
do with wifi pineapple plug the same here
it's again gonna go to the home screen to the had a nap ap open it'll just
cancel that out coming twice by options got into the end
and type in I've been owned and added as an access point
and now my phone is going to be looking for an access point called I've been
owned
with WiFi pineapples gonna fail must be friends
um I'm really excited about the kind of development that's been happening with
the the USB rubber ducky as a play I wanted shop a couple other things for
example
there's been some improvements to the Sam payload so I encourage every legal
reforms
and check this out on the idea with this payload is if you're familiar with
we talked about this month in are years ago but to
you know being able to crack a Windows password by
getting the Sam filed the the system
you know file and and going and running that really John the Ripper any here
either
more advance cracking programs that's totally awesome
and I incurred every check that out again mad props to
midnight snake has been working on the firmware and you can find his Google
Code page linked from USB rubber ducky dot com
where again like I said the languages have been added he's got a a reversible
have the on docking coaters he can take inject
not been filed in turn back into ASCII even has things for
U-mass towards and multiple payload was just added
are still mad props again because this is really police got a a
a mode where by plugging in the dock in hitting the button in combination with
caps lock it scroll lock
you can include multiple inject not been seen don't care and multiple
thats e-cards personally I like the SD card approach because
their super cheap but but either way
I'm really excited about all the fun stuff that happening
with the USB rubber ducky and just in general
with hacking on the on the head kinda the head attack vector there's a lot of
course if he can do
with the social engineering toolkit with this and we're
working a portent those payloads because the same kinda stuff we're doing here
into USB rubber ducky dot com see can go ahead and generate those
like the matter perder lucky you can jacks just take 'em interpreter and and
use in conjunction with my favorite script a three liner the PowerShell
Danny getting XQ
thinking that X on so with all of that said
I'm really excited about what's cracking head over to USB rubber ducky
dot com I head up be back hack Fido or
I will see you guys in the forms and with all that
are a cig quick break we get back shannon's going to be
checking out some %ah some fun ways optimized going to
and I guess who just work on any other leg sister and we can wrap this up so I
will see you guys on the other side
you work in IT I know I did and let me tell you it is constantly jumping
through hoops
setting fires putting out fires majors buyers don't start in the first place
and all over that while you trying to juggle these different tools in trying
to get things done quickly and not having a duplicate data entry
so let me tell you go to assist from Citrix the leader remote support me get
this new tool
integrate everything into one easy to use platform seeking work faster
more efficiently but to assist includes three essential tools
that let you customize are needed to go to assist service desk which allows you
to log incident
and tracked the resolution got to go to assist monitoring
proactively identifies those fires and let you know
so you can but not before they become huge deal and then they also have the
right support
which allows you to you live or unattended supported
any platform like a PC the Mac even mobile devices from
anywhere to resolve those issues quickly I know I was using
at least just the remote support stuff bob way back when I was doing it. in DC
and let me tell you it saved my bacon so get this
sign up for special 30-day free trial visit go to SS dot com click on the
tribe three button
and use the promo code H a k-5 let's go to assist our comp promo code hack 5