Thank you for taking the time to teach us. I would like to address the people who think no one would leave their laptop unattended in a coffee shop etc. I am 60 plus and female. I can't tell you how many people have asked me to watch their laptop while they go to the bathroom, order another drink etc. I look "harmless". 💀
I use ubuntu, have bios password, encrypted disk with password and user password. I wonder if he can hack my unattended password protected computer. Honest question.
@@commenter7893 yea you can get the decryption key stored on the RAM as long as the computer is powered on. Even if you shut it of one can physically freeze the RAM a couple of minutes after, copy the stored info and extract encryption key. But there are a few other less complex methods that come to my mind too like using a key logger or an evil maid attack. The only way to really make sure no one hacks into your computer is having an eye on it all the time tbh.
Pretty sneaky... Also, don't end up on any security cameras plugging shit into random computers 🤣. That defeats the whole purpose of not leaving traces on the machine.
I can imagine going to a friend's home for a barbeque, let's say the head project manager of XYZ company, and installing this on a company laptop if the USB isn't disabled.
@Manuel Rangel Which is why from a short distance I would just sit there with a normal plain laptop and sip my coffee. Another thing is how do you get to a shell when all you have is the keyboard and can't really see what you're doing. You could end up piping things into someone's email client or into a spreadsheet.
If the same vulnerability would work with the ducky plugged into a USB hub which is plugged into the target machine then the ducky could also *be* that hub with a flash drive as one device and the keyboard as another. That way the victim could be persuaded to use the ducky as a functional flash drive. In which case to window for attack is much longer and there is no need for such surreptitious activity as plugging something into an unattended computer.
Anybody ever tell you that you look like that British guy from Map Men? You guys look like twins, 100% doppelgangers. I'm half convinced I'm in The Truman Show and the directors underestimated my memory and cast the same actors twice.
This is interesting. I am just not sure how I feel about it. There are better attack vectors that don't require many hands on deck and less risk of being caught. This would be one of those (sitting on the edge of your seat) attacks in a Mission Impossible suspense scenes. "Oh man, they are going to see the foot long tail sticking out of their laptop if they look. Oh no, they are looking..."
I used to leave the predecessor USB Rubber Ducky around the office and the payload was to load up Rick Roll. There something satisfying to find out the evolved version wifi duck is now carrying the torch.
Pretty freakin awesome! Question! Can a regular nano adruino work as well as same with ESP8266 ESP be used as the same thing ? If so is scripts still the same?
My next wall perp hacked into my LAN. They first cracked the WiFi hotspot, from there they breach the home network. Once I set up white list in the router, they are blocked out.
in some chinese cheep module like CJMCU, i juste have english keyboard. Is it possible to find some script witch translate the payload wrote on english keyboard to be an payloads wrote on french keyboard?
Fascinating. Your meaning in 'temporary access' is that the computer is left in logged in state, correct? The wifi duck doesn't immediately defeat password protection, does it? At least now this gives a better picture of what all those movies are trying to represent when the agent plugs a USB dongle into a target's machine. Thanks!
I love null byte (Your Videos) so yea just subbed here, but but do you know how to get the lazy script to run on the new kali or another script like it?
that is sick!! but tho you need to portforward from attacker so you can use revere shells, or must be in same network as victim then rubber ducky is just a better tool
or use the rubber ducky to inject key strokes opening a backdoor or just installing malware and running it though cmd but lol whos gonna just get up and leave their computor on and not take their stuff
You don't need any of this equipment all you need to do is know how to program a RAW program and then its like every entry is open and you turned a 300 dollar laptop into a laptop that would of costed you $50,000
Would these payloads still get installed even if you had an antivirus software like Bitdefender Total Security? If it doesn't see the attack, what are we paying for?
This would still work, it's just like plugging in a keyboard. As long as the hacker doesn't install malware that's been fingerprinted by Bitdefender. Antivirus is there to protect you from install malware buy clicking a bad link and things like that.
@@SecurityFWD Thanks for your reply. Thats it! Going to take it offline unless I'm using it! 😁 Very good, clear video by the way, you make it easy even for laymen and the production is nice too. Cheers. Subbed 🙌
Will the script install stuff without knowing the root password? For most linux distros and user scenarios, a root password prompt would come up and I think that'd be the biggest issue?
Every hacker talk of WiFi but no one talk about hacking pc in 4G network in public. I tried to look for open ports by getting my ip address of android phone and then USB tethering it to my PC but it was taking hell lot of time to scan. Then I exited because I am noob in hacking.
Amazing, developing tools that let you he a thief, not caring about what the damage can do to an individual. Think I'll rig a USB port to explode , like a dye pack 😀