bad USBs are SCARY!! (build one with a Raspberry Pi Pico for $8)

Подписаться 4 млн

Просмотров 2,7 млн

50% 1

Protect your passwords (what I use): ntck.co/dashlane
🧪🧪Links and Guide: ntck.co/3j02oXk
What you might think is just a regular usb flash drive is actually a BAD USB (badusb), a device designed by hackers to hack your computer. In this video, I’m going to show you how to use one and build one with a Raspberry Pi Pico.
---------------------------------------------------
🥇🥇ENTER TO WIN a USB Rubber Ducky from HAK5: ntck.co/3mjar3v
(must be a member of NetworkChuck. Join here: ntck.co/free )
---------------------------------------------------
Get a Raspberry Pi Pico: geni.us/hSRkzrO ($8) (affiliate)
Get a USB Rubber Ducky: ntck.co/hak5 (affiliate)
🔥🔥Join the NetworkChuck membership: ntck.co/Premium
**Sponsored by Dashlane
SUPPORT NETWORKCHUCK
---------------------------------------------------
➡️NetworkChuck membership: ntck.co/Premium
☕☕ COFFEE and MERCH: ntck.co/coffee
Check out my new channel: ntck.co/ncclips
🆘🆘NEED HELP?? Join the Discord Server: / discord
STUDY WITH ME on Twitch: bit.ly/nc_twitch
READY TO LEARN??
---------------------------------------------------
-Learn Python: bit.ly/3rzZjzz
-Get your CCNA: bit.ly/nc-ccna
FOLLOW ME EVERYWHERE
---------------------------------------------------
Instagram: / networkchuck
Twitter: / networkchuck
Facebook: / networkchuck
Join the Discord server: bit.ly/nc-discord
0:00 ⏩ Intro
0:28 ⏩ BadUSB attacks
2:35 ⏩ how BADusb’s work
4:48 ⏩ Build your own Bad USB (Raspberry Pi Pico)
10:08 ⏩ Create your Bad USB attack!! (Ducky Script)
15:34 ⏩ How to defend against BadUSB attacks!!
AFFILIATES & REFERRALS
---------------------------------------------------
(GEAR I USE...STUFF I RECOMMEND)
My network gear: geni.us/L6wyIUj
Amazon Affiliate Store: www.amazon.com/shop/networkchuck
Buy a Raspberry Pi: geni.us/aBeqAL
#badusb #usbrubberducky #raspberrypi

Наука

Опубликовано:

26 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 2,7 тыс.

@NetworkChuck 2 года назад

@HaCkEr-- 2 года назад

Hi 😇😇

@justdicer 2 года назад

Can i make this with a esp8266 and a usb adapter ?

@batuhanbalaban2663 2 года назад

Hey networkchuck !! One question... What's inside hackers backpack ? Review video 😊

@rukat6455 2 года назад

hi i am a big fan I would like to enter in the contest if that's a okay?

@shaktimanjena679 2 года назад

Hi network chuck !! I have a doubt. Can we erase payload from USB rubber ducky. Pls make a video on this topic.

@danhoward2804 2 года назад

I quit my job as a store manager for a fortune 500 company, went back to school for cyber security and now work in I.T. because of you. Great stuff, Chuck! Thanks!

@Reboget 2 года назад

Fake, doesn't exist and its a homemade account by a kid thinking of getting attention.

@leontechtalks 2 года назад

you dont know the dudes life? What are you? A god?

@charlieb9412 2 года назад

@@leontechtalks for real looks like he actually joined 7 years ago

@leontechtalks 2 года назад

jesus christ

@leontechtalks 2 года назад

ive watched youtube for ages its just a made an account a few years back

@echologname 2 года назад

My grandma often forgets how to do some things on her computer. I tell her and she writes down the steps but that's not always reliable because she can lose the paper she wrote on. I'd do something like this but write a script that would perform whatever task she doesn't know how to do for herself and it's as simple as inserting the device. Thanks for the video Chuck! ❤

@stitch10925 2 года назад

Using something bad for good, what a twist. I love it

@seanfaherty 2 года назад

Deadly,

@sidehustlin2233 2 года назад

wouldn't it be easier to create a device that opens "quick assist" or "showmypc"

@jayfibonacci5501 2 года назад

@@sidehustlin2233 mate have u seen an 87 year old with a tablet in there hand, they dontknow what the hell to do

@danratsnapnames 2 года назад

could add a few buttons, make it multi-task able.. give grandma a button to open teamviewer, grab a screen shot and then it sends you the screen shot via email. quick and easy, you get easy access to do more work and another button to have it open the coffee cup holder. lol. you know. the cdrom tray...

@pumello 2 года назад

When i was studying ICT, one of our first lessons was computer lab etiquette. Always, before you leave your computer, hit Win+L on the keyboard to logout. Always. As a result, now whenever i get up and leave my own PC even at home, 5 years later, i still instinctively spread my pinkie and thumb out and slam those keys, even if i leave my PC for only a few seconds. Thanks teach. Good lesson ya taught me.

@JM7900 2 года назад

Im glad I found this channel. You're easily becoming one of my favorite content creators. Gz man

@schangoDoobie 2 года назад

I’m a teacher, I’m going to label it the bad drive “grade book” and drop in the the classroom.

@robcluck7469 2 года назад

Awesome but illegal idea ;)

@robcluck7469 2 года назад

@@AndrewTateOfficial- If it is done intentionally, then yes, its illegal and unethical. It would be no different than the government wiretapping your phone.

@kyushirokun 2 года назад

@@robcluck7469 how so? As a user you have control over one, not the other. Regardless though, we need to start teaching cyber security properly, and that includes common sense nuggets like "don't plug in random flash drives in your machine". It being illegal won't protect anyone from actual malicious hackers.

@navyholesnipe9469 2 года назад

@@kyushirokun You are talking about two different subjects here. The point is, the act is illegal and unethical. Trust me, the least of your concerns is plugging a foreign device into your computer. For instance; your phone will automatically connect to an access point without you knowing. The mere fact you are walking (or driving) within the range of a rogue access point is enough. One that happens your owned! No USB required. *** Time to leave the script kiddie area and enter the real world !!! ***

@chalkp 2 года назад

1:03 great idea

@GodModeMaker 2 года назад

To stop Raspberry Pi from running script, you can add a physical switch on the board and edit the code to check if the switch is on or off. And based on that, run the script or not. I used this method on an Arduino Nano. I hope it helps 😁

@nukalight9472 2 года назад

Can you use in on the pico and how can you do that?

@danratsnapnames 2 года назад

yea, you can pretty much check if the gpio is high or low easily. or even a jumper for that matter bridge gpio to ground, and boot. wala

@CassielusMaximus 2 года назад

nice

@popfizz55 2 года назад

@@danratsnapnames i know this is 4 months late and you probably don’t care, but I think you mean “voila.” lol

@danratsnapnames 2 года назад

@@popfizz55 thanks spelling police.

@TheModSmith 2 года назад

Hi Chuck! Cool video. You actually can disable the Pico coming up as a storage device by bridging pins 18 and 20 on the board. Keep in mind that you will have to get rid of this bridge in order to change the payload again.

@marudhupaandiankrishnakuma3831 2 года назад

but isint showing up as a storage device better in some cases? it will make it less suspecious rite?

@waffel6378 2 года назад

@@marudhupaandiankrishnakuma3831 true

@GentlemenOfTheWorld 2 года назад

Cool video NetworkChuck! Would it be possible to use a Raspberry Pi as a "Quarantine Station" - ie a standalone device that can check any USB for malware or viruses before they are plugged into a PC/Laptop?

@Darkk6969 2 года назад

For the Raspberry Pi PICO you could use one of the inputs to create a "safe" mode before plugging into your computer. This way you wouldn't have to keep using the reset and re-do everything.

@brentdeketele6764 2 года назад

What do you mean

@Francois_L_7933 2 года назад

@@brentdeketele6764 Just add a switch to one of the GPIO ports and modify the script to check that pin before running the duckyscript payload.

@brentdeketele6764 2 года назад

@@Francois_L_7933 thx bro

@hackerdave 2 года назад

I just updated the project to include this option.

@Francois_L_7933 2 года назад

@@hackerdave Fantastic! I wonder how the code deals with different keyboard layouts? I've tried the Arduino based ducky and it uses a very convoluted way of dealing with things like that... OK, stupid question... I just checked and it's built-in on the adafruit circuit python library! That solves a lot of issues and could prove to be a better alternative than the original ducky for many.

@muso3255 2 года назад

Thank you for sharing and warn us of them. sometimes it makes me scared cause I'm really not good in computer. I even don't understand all you were showing us especially on some letters lots of enters and py or pie.. But at least I can get from your video is "do not use unauthorized USB storage". I keep it in mind thank you again.

@grannylizj6467 2 года назад

Chuck, Another great video! BTW, what enclosure did you use for the Pico, and where can I find it for sale? Thanks.

@davidmalka1693 2 года назад

Alright chuck you convinced me, I'm doing this to my friend! Just one thing, how do you stop the rick roll once it started

@profilename244 2 года назад

Reply to Comment by Microbuncher

@pranjulmishra2286 2 года назад

That's exactly what I was wondering......how do I stop this thing ?

@davidmalka1693 2 года назад

@@JCR4990 my man you are better than chuck

@BenLowers 2 года назад

@@JCR4990 Can I presume that an attentive session in Task Manager would also do the same, or is that just not possible? Thanks for the value that you add here.🙏

@fuucaran 2 года назад

@@JCR4990 you have experience in your field so I salute you.

@labscience8271 2 года назад

Imagine if someone left that USB somewhere, but instead of hacking people who plug it in, they open RU-vid and show your video to educate them. Now that's a "Good USB"

@NomdePlume337 Год назад

I’ve thought about doing something like this but with phishing emails. “If you’re seeing this video it’s because you clicked on a link you shouldn’t have”

@labscience8271 Год назад

@@NomdePlume337 Good idea. Just be careful that your account doesn't get banned.

@dawsonfude7118 3 месяца назад

Ok, but it also has to leave a hotdog wallpaper to remind people of its power.

@StanTheBrand 2 года назад

That brought back memories! Back in the day we would modify network login scripts to play “A CERTAIN VIDEO” and the more you press keys the faster the video would play! IT fun.

@reecethegreatvlogs7301 Год назад

I picked up a flash drive as a kid and plugged it into a laptop we had, luckily it was just a normal flash drive, but I'm glad I watched this video. I actually still have the flash drive too.

@poison99x 2 года назад

Do more Raspberry PI videos! This was so entertaining.

@babyyodar3426 2 года назад

gosh you're probably the funniest and most lively programming, hacking channels ever! I loved the rick roll dude, keep it up! :)

@charlesaston6546 2 года назад

So many things are possible these days, I never knew a usb device could do this. Thanks for the information

@RonSheely 2 года назад

Thanks Charles. You're an inspiration. I've been wanting to better understand bootstrapping. I'm gonna to buy a few Rpi Pico boards. I already own a half doz Pi boards. I'll build a bad laptop too. I love retirement!

@michaelwaterman3553 2 года назад

Hi, let me start with saying, yet another great video! Keep up this great work you do, making people understand security aspect better. Now, I usually don’t have any remarks on your videos but I do want to mention one thing here. Advising changing the conformation prompt to a password prompt isn’t the recommended practice. Actually our internal studies (ex msft security person here) have shown that there’s actually a risk increase of leaking your actual credentials when using the password option. Windows secure desktop should prevent send keys functionality, hence turning that off is bad as well. Needless to say there are other known bypasses for uac, But that’s another story. Hope it helps a bit. Until next time….. coffee break!

@clowns8421 Год назад

All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.

@troyt9473 2 года назад

The Rick Roll is classic. Thanks for including that, too. Made my day.

@alimosaad6107 2 года назад

Thank you very much for this great explaination 💙👍🏻

@justinhair7268 2 года назад

Dude, I bought a Pico a couple months ago and then never did anything with it... Now I know what to do with! Your awesome!

@NikchayaLamsal 3 месяца назад

hi i need some help with my pico

@ahmad9366 2 года назад

This guy's content is awesome. You can tell a lot of work goes into these videos.

@clowns8421 Год назад

All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.

@davidyusaku 2 года назад

Lucky me my laptop is slow asf Means that 1000wpm would make my device stutter even better :D

@Why72833 2 года назад

it typing at 10wpm on my laptop

@The10ie Год назад

I never new about this, thank you so much!

@kapzvara5732 Год назад

Thanks for this chunk i have ordered a Raspberry Pico going to enjoy trying some of the scripts out.

@stefano-hd6es 2 года назад

Thanks Chuck! Your videos are amazing and very useful for both professionals and casual users!

@quantaviousdingleton 2 года назад

The editor who had to listen to the rickroll: 0_0

@solidbeast4262 2 года назад

Lol

@VicodinElmo Год назад

Thumbnail: “Never do this!” Title: “But here’s how to build it for $8 with a Pi Pico”

@jaykay7120 Год назад

your enthusiasm is contagious

@windowbender6525 2 года назад

FANTASTIC video as usual, keep up the amazing work man, we all appreciate what you do for us!!💪

@AmanPatel-rv2it 2 года назад

Network Chuck and David bombal you two are adorable Huge respect to your content !! Love from India

@Jordan-cz4gg 2 года назад

Wrong use of words

@johnreaper4452 2 года назад

Hello your computer have virus 🦟

@AmanPatel-rv2it 2 года назад

@@johnreaper4452 oh thank for telling me

@AmanPatel-rv2it 2 года назад

@@Jordan-cz4gg thanks for putting your precious time and finding miskates of other people

@mypowerlevelisover9000 2 года назад

@@AmanPatel-rv2it bhai majak ko majak ki tarah le Enjoy kar yaar chil maar😎

@gabrieldesimone4644 2 года назад

Man I already have a bad coffee obsession while im coding, seeing your videos just make me want to take another cup. Damn dev life that I am happy to choose (?

@lior2636 2 года назад

You are such a great teacher. Thank you!

@_sxmurxi_6015 2 года назад

It was a mistake for you to give me the power of the rickroll 🤣

@CyberViking_TV 2 года назад

Limiting access to powershell, the cmd prompt, and run command (as these are the most common ways a rubber ducky executes malicious code), should protect against it a bit.

@averageguyvstheworld8601 2 года назад

Unless the box is connected to the internet, then using a ducky to download something malicious as a staged payload is still a quick easy option

@davidkeys4284 2 года назад

Or just use Linux

@Alastor.D 2 года назад

@@davidkeys4284 Linux is less secure than Windows 11/10 and OSX

@davidkeys4284 2 года назад

@@Alastor.D no...

@Maldroid 2 года назад

@@davidkeys4284 :/

@grayghost832 2 года назад

Well I think I just found my first rpi pico project! Still very new to a lot of this stuff but sometimes I get inspiration to learn some more. It's kind of a learning curve but feels rewarding to learn. So a few weeks ago, I got an rgb led to cycle through all the colors on Arduino. It felt awesome to have it work after typing it all out. It's nothing crazy but still felt good. That's the level I'm on. I still kind of don't know how to write my own programs but can follow directions to make them.

@luci1495 Год назад

same my guy let me know how it goes!

@p3zx39 Год назад

Dude, this is great! (just got my Pico RGB keypad assembled 🙂) You've set a target, realised you're not gonna be Network Chuck god level in a month, but you have what's important - an inquiring mind, and an appetite to level up! ...credit where its due, lol ...the BIG question though, reading this comment a year after it was posted is - where are you now with your skills, learnt more, tried more projects ?!?

@grayghost832 11 месяцев назад

No I sadly fell off the learning train but I'm getting back into it finally.

@khemboi4086 2 года назад

when you plugged in the usb, the advertisement cut you off and my mind was like "Damn they got him"

@punkintech1214 2 года назад

Awesome. Can also be done with attiny85 smallest ducky and only £2-3

@tsionwilliamson1385 2 года назад

you can add a conventional USB type A by desoldering the microusb shield from the board and soldering a USB type A to the connectors for the microusb shield they are the same connectors for each shield just different sized shields.

@adamlong1453 Год назад

Any videos on how to do it I’m a bit confusedv

@TheChad17 Год назад

I’m currently building things for my flipper. That device is going to become a nightmare exponentially more as time goes on.

@CrimmzZT Год назад

yo litterally never saw your channel before, sick vid, I also call my old laptop my craptop

@socat9311 2 года назад

nice. wouldn't be more efficient to have the script run shell commands to disable defender etc instead of spending time doing it through the GUI? Edit: As always great input in the responses! Tech community must be the best ever :)

@ipodtouch470 2 года назад

If possible yep. It would actually be even better because the user wouldn't visually notice.

@kevinshumaker3753 2 года назад

Not only more efficient, but wouldn't throw red flags up. This is bad, but it makes you think about how much worse it could be. Think: Send credentials files, password files, network secured files, etc, with no indication that it's being done. Deleting directories, turning on bitlocker encryption and discarding the key. So many things that could be done...

@socat9311 2 года назад

@Deko Dekic yeah you are right, seems more of a general awareness video. Fun and imteresting anyway :)

@ipodtouch470 2 года назад

@@socat9311 if anything this is a warning video. Don't leave unlocked devices unprotected in the open.

@root317 2 года назад

Defender would kill PS before it succeeds. So the gui is needed.

@bassstorm89 2 года назад

A corp company I used to work at, hotglued all USB ports and even glued a keyboard and mouse in. Making your own, or buying rubberduckies and dropping them in the companies parkinglot are probably the most easy way to a shell, where u shouldnt have a shell. Also the computer will trust pretty much anything you plug into it. Whenever you find a USB key somewhere, just throw it away.

@clowns8421 Год назад

All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.

@jasonmoore1233 Год назад

Hey Chuck, sorry I'm late to this video. I notice that you advertise for Dashlane and I was wondering what your thoughts were on double-blind passwords? It feels like a security flaw if Dashlane were to be hacked.

@solived1239 2 года назад

9:51 great your card number nice 😂

@patsjoholm 2 года назад

Great video!! To me, running as non-admin account is one of the best defenses you can do protect your PC and it's so easy. Create another account, with administrative privileges, and change your normal account to a regular user. Done. You will have to get used to putting in your admin account password, whenever you install/upgrade anything, but a small price to pay for the protection you get from it. No background installs of Malware without you getting a prompt :)

@thesteaksaignant 2 года назад

I do the same thing. It can be annoying sometimes but it is worth it

@thecastlepotomac 2 года назад

You can also change the payload by using debug mode (Jumpering pin 1 to ground) It will not execute.

@DigitalHandle 2 года назад

This is great! Now i can automate the most simplest tasks

@TheRobMozza 2 года назад

Reminds me of a modern day version of the trusty batch file. I used to love the havoc that you could create using a free magazine disc and your own custom code!

@ComoxSardog 2 года назад

I appreciate the information that you have provided to help me protect my family computers. Can you tell us if the USB Rubber Ducky can be used to carry a payload that could do "Good Things" to a computer such as automatically run an antivirus package or install a utility program and run it to automatically do some house keeping functions?

@ayushrawat3340 2 года назад

yes it is possible its just people haven't created a program to do so

@ryannorthup3148 2 года назад

Actually, yes. For example, if you're the I.T. person, then you could use that to quickly install and set up Windows on a computer.

@oxycodin2253 2 года назад

Yeah if u can program

@clowns8421 Год назад

All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany. You don't even need internet service to get hacked, as long as your device has an antenna.

@markconger8049 2 года назад

I can see the next Windows update now: authentication for any new HID plugged in. Actually, not a bad idea.

@markconger8049 2 года назад

@Elias Productions - I was an IT worker at a federal agency in the past and we didn’t have a good way to regulate the USB ports of staff machines. We couldn’t just wholesale block the ports or remove them because some work related items required USB. It always made me chuckle when I’d read about how the computers at the Pentagon and similar high security places would plug up the built in USB ports with epoxy or the equivalent of chewing gum.

@Doegiz Год назад

It'd be interesting if you could set windows to require your pin/password as a work around when connecting new HID devices alongside a list of known ones.

@NotLukas001 Месяц назад

Girl, this helped me so much TYSM!!!!!

@draco5991rep 2 года назад

I bought like 5 Picos when they were released, I will trn one into a badusb for sure. Can also be useful for repetetive setups on diffrent PCs. Script the setup once, let the badusb do the rest.

@draco5991rep 2 года назад

@@barameguy1483 I answered you with links to two websites inside the answer. Sometimes RU-vid doesn't allow it to put links in comments, so if you don't see my response with the links please tell me and we'll find a workaround 🙂

@brianconlogue1302 Год назад

you can also have 4 different payloads on the pico that comes standard on that code.py . i soldered a dpi switch and have 5 switches, first for stealth mode so it doesnt act like a USB anymore, 2,3,4 are for payload2.dd payload3 and payload4.dd and last switch is for setup mode which wont deploy anything.

@danlazuli2005 Год назад

Yup that’s a good setup

@slymelyfe4205 Год назад

This is awesome! I just purchased a Raspberry Pi 4B I'm using her to program Retro Game emulators.

@Nerdulater 2 года назад

Chuck: This is a bad usb! Also Chuck: Here's how to bulid one!

@ahoj113 2 года назад

Just ordered a Pico, can’t wait to try this out!

@Fattts 2 года назад

I should get permission from my company's IT department to use these to pentest our company. Just instead of running a reverse shell, just make it type a .txt file that says "please give the USB you plugged in to IT, and don't plug strange USBs into your work computer"

@Ffreeze90 2 года назад

As a ex IT department worker, i can ensure you - if your IT department would let you do this, they are rather be very sure you can´t do it, or they are just stupid ... (If you do it, and brake something, you will get fired as well ) Regards from Germany

@Fattts 2 года назад

@@Ffreeze90 I'm very confident that the IT department for my company has little enough faith in the rest of the company that they'd let it happen. We had a massive data breach earlier this year, which led to almost all of our client data being held ransom, because someone opened an obvious phishing link

@fumanchu4785 2 года назад

@@Fattts Client data, huh? Which company?

@Fattts 2 года назад

@@fumanchu4785 I legally cannot tell you this. Also I’m not doxxing myself lmfao

@efan120wms7 11 месяцев назад

man this is crazy thanks for this😂

@FrancisLoma 2 года назад

This channel is so much fun!!!

@mandreko 2 года назад

Considering Razer just had an escalation of privileges to NT\SYSTEM if you plug in their mouse and navigate their installer, this is useful for any sort of physical security testing.

@Videogame9559 Год назад

How do you stop it on your computer or a friend if it runs before you unpluge it?

@Videogame9559 Год назад

Using a rapi pi pico?

@DarkblooM_IO 2 года назад

I'm actually curious to know if a bad USB would be able to do a Tool Assisted Speedrun on a game with simple controls

@tigheb5412 2 года назад

As he said bad usb is mimicking a user input device, this case a keyboard. If you could somehow trick the computer into interpreting the one USB as a mouse AND a keyboard, or somehow get two USBs plugged in, you would have full mouse and keyboard control. If your game only required a keyboard/ only required a mouse to play thus would work, and you can just code in all the key presses and delays in optimal timing and sequence for a perfect speedrun and it would execute each click you told it to do

@tigheb5412 2 года назад

This*

@MohitKhare 10 месяцев назад

Thanks again chuck, great content.❤

@nhalliday89 Год назад

I finally watched this episode I just over the past Xmas got a 🐬-0 and it come with a badusb app built in and with other FW they have now enabled us to run duckyscript through Bluetooth which is a game changer

@jkf114 2 года назад

"To edit the payload, enter setup mode by connecting the pin 1 (GP0) to pin 3 (GND), this will stop the pico-ducky from injecting the payload in your own machine." No need to reset anything.

@LanningRon 2 года назад

I also thought about modifying the script to initially test state of one unused pin on the Pico. If it's pulled low, then divert execution to an endless sleep cycle, or perform a more-friendly action. ;-)

@kalova6731 2 года назад

Connect with what? ^^

@jkf114 2 года назад

@@kalova6731 connection cable for breadboards

@kalova6731 2 года назад

@@jkf114 ah thx

@Wusaruful 2 года назад

thank you for that

@apexerconsulting5773 Год назад

Cant fint the payloads .. =/

@wandererstraining 2 года назад

That's pretty cool. Now, if you were to use a Raspberry Pi with wifi capability, you could create a RAT that communicates back with the Raspberry Pi, and have the Raspberry Pi create an ad hoc network to which an attacker could connect and exfiltrate data/control the target from.

@neradoc3722 2 года назад

Oh THAT's why I've seen a influx of people (ok, 4 or 5) asking how to use pico-ducky with international keyboards on the Adafruit discord ! Nice video !

@Massa_38 2 года назад

Why github page is "This repository is empty."?

@FOSSware_360 2 года назад

Can you provide me with your social media username? YT is deleting the msg/link

@jayfibonacci5501 2 года назад

@@FOSSware_360 wow!!

@scarytruths01 Год назад

This is cool. I always wanted to learn to make these lol

@malcolm32 Год назад

This guy has a straight up supervillain laugh and I'm here for it

@ilprogrammator 2 года назад

There type of attacks could be easily stopped: Each time the system recognize a new keyboard, it asks the user to input a random word wrote on the screen, even if the device is plugged in before the boot. This in theory would work

@pat2not 2 года назад

Never had that for Windows 7- 10 out of all my years maybe u talking about mac or some shit

@game_time1633 2 года назад

@@pat2not he’s giving a hypothetical way to stop these bad USBs, this hasn’t been implemented.

@petrlaskevic1948 2 года назад

The software on the usb takes a screenshot and gets the text with OCR. So maybe a captcha would work.

@timsoft3 2 года назад

it wouldn's work because you would have to implement it in the bios, in fact you could craft the stick to enter the bios and change settings to boot off the stick, unless it is password protected.

@JCR4990 2 года назад

I have a ducky in my laptop bag at all times lol. Kinda scary how powerful that thing is in the wrong hands. It was an eye opening moment the first day I got it and within about an hour of playing around had it set up to auto disable windows defender/firewall and extract all my chrome saved passwords and email them to myself. It's probably being slightly paranoid but I no longer step away from my laptop at work without locking it anymore. Too much damage can be done far too quickly without leaving a trace.

@Larry2kYT Год назад

him: this is gona take a while so coffee break me: _mines is done already_

@asheeqah3991 2 года назад

My new favorite RU-vid Chanel! 👩🏻‍💻

@ThatGoth 2 года назад

I just looked at the circuitry for the Pico and I believe you could quite easily solder a male full size USB connector to one end and shave the left right and whole rear sections off so it would fin in a standard thumb drive case without any required functions being lost.

@bluegizmo1983 2 года назад

If you wanna check out some other scary devices, check out the Maltronics Internal Keylogger (you implant it INSIDE a USB keyboard and it's undetectable), or the O.MG USB cables!

@clowns8421 Год назад

All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.

@FOSSware_360 2 года назад

Hats off to the editor for editing the video whilst getting rickrolled.

@paulcatalin6891 2 года назад

🤣🤣👍 You have a gift of making the presentation

@magicsmoke630 2 года назад

Probably the coolest network engineer on earth 👍 this is awesome! Gonna try this out! Thanks Chuck!!

@svenkuffer4512 2 года назад

I do think of another way to prevent the pico 'running the script' on the developers machine. You could first let the script check for a specific file or do whatever check to verify it is not your host machine, if it is just jump to the end of the script and do nothing. It still runs a script, but it will do no harm.

@jbjb6000 4 месяца назад

Awesome video Chuck. I created one that does a malicious memory scan!

@hashcat253 Год назад

The rickroll USB attack had me laughing... Not just me but the whole comment section

@Wisp4life 3 месяца назад

How to disable it

@TimothyChapman 2 года назад

Wouldn't the device have to assume the operating system? So if it's expecting Windows, but gets Linux, then it's effectiveness will be reduced, wouldn't it?

@allensmithphotography 2 года назад

You can also system check and use a dynamic script

@stevelucky7579 2 года назад

You can disarm people with a virus stick. Me: I don’t know....doesn’t really seem worth my time. You can rickroll someone and they can’t stop it. Me: I’LL TAKE YOUR ENTIRE STOCK!

@Maytthew304 2 года назад

I love how most of this is script kitty stuff but it’s very dangerous and very easy to do once you get the right stuff

@Hissymaster 6 месяцев назад

You: This is scary! So heres how to make it! Me: Mario, what the **** are you doing???

@raphaeljedralczyk2962 2 года назад

Hi, thanks for the great video, like always. But you can build a bad USB even cheaper and easier with an arduino digi spark! An arduino digi spark costs around 1$ 😉

@fluffyspark798 2 года назад

The build quality is terrible and you can only buy them on Amazon in packs of 5 for $10 so more like $2 per

@paulvorderegger1522 2 года назад

I bought a pack of 5 and also a bunch of USB plugs (that actually look like real plugs) soldered the Digispark Attiny85 onto it, 3d printed a case and now it looks like a USB drive

@Sabir_Makhdoomi 2 года назад

We Need Learning Python Ep. 2 Please

@jamesevans2507 2 года назад

Jesus Christ there's about a million Python tutorials online. It's the most saturated market there is. Every newbie is learning god damn Python. Just watch any one of the million instead of begging people to beat the dead horse further.

@Sabir_Makhdoomi 2 года назад

@@jamesevans2507 Not everyone will teach you pentesting with Python

@jamesevans2507 2 года назад

@@Sabir_Makhdoomi He was explaining what a string was for 20 minutes in the first episode. I'm sure he'll get to pentesting by episode 503.

@Lemoade0987 Год назад

One question. When I insert the usb, how do I disable the virus once it activates without affecting the USB script?

@choens13 Год назад

Just wondering. Could you change the delay in execution on the script from 500 to 5000 giving you time to yank it out if need be?

@yusufdomun303 2 года назад

We got Rick Roll in a Cybersecurity Video LOL

@bobnoob1467 2 года назад

Without even watching the video I know most (or a lot) of times malicious usbs have RATs installed to gain control of them. That's what I love about USBs !

@adamcollett4034 2 года назад

Nice channel sir. I’m glad I found it when I did. I’m about to take my Net+ exam and it is kicking my ass 😫. 40 yr old man trying to start an IT career 🤦🏻‍♂️🤷🏻‍♂️