Hidden keylogger // Bypass Linux & macOS logon screens! Rubber Ducky scripts for Hak5 OMG cable 

It's just crazy scary what these cables can do. They look like normal USB cables, but are not! In this video we login to Apple MacOS and Linux computers :) ====== Scripts: ====== Apple macOS Rickroll: davidbombal.wiki/applerickroll Linux Rickroll: davidbombal.wiki/linuxrickroll ======================= Buy Hak5 coolness here: ======================= Buy Hak5: davidbombal.wiki/gethak5 ================================ Hacking Android and iOS devices: ================================ OMG with Android and Apple iPad: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-7YpJQT55_Y8.html ============= Setup Videos: ============= OMG Cable setup: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-V5mBJHotZv0H.htmlak5 Rubber Ducky setup: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-A2JNBpUotZM.html ================ Connect with me: ================ Discord: discord.com/invite/usKSyzbTwitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombalRU-vid: ru-vid.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

It's scary how clueless I am about things like this. Thanks Mr Bombal for educating people about the danger of technology. This can help keep me and my family safe from dangers like this. 🙏😁

3:30 This is not a problem with any OS, and using it against a Linux or Mac computer says nothing whatsoever about the OS capabilities. The cable is a hardware device that requires physical access to install. If a bad actor has physical access to your computer to install that cable, there are any number of ways to get past all operating systems. Physical access generally means game over.

It's a neat cable, but let's get one thing straight: You are not 'attacking' MacOS, nor are you attacking Linux, you are attacking the hardware. Obviously, an operating system can never be more secure than the hardware it runs on.

Oh you made me remember an incident! My friend in some governmental sector told me that they brought several new computers..they run some tests and they discovered that some PC cables have antennas in them to send data to the building cross the street. I think this is the same concept

Word of advice: do not "shove" an "innocent" pen drive or an "innocent" cable that you just found into any of your devices. Be also aware that an "innocent" charging point may be not as innocent as it seems...

This is the most frustrating thing to happen, getting hack and Rick rolled at the same time. Thanks David for this kind of video, so people realize the danger of a random USB cable that they pick up somewhere.

A very good reason for a CEO to have his own bug sniffer crew that checks new hardware and old ones often.

Yes please!! A video on how to get a reverse shell would be awesome! Also, this is extremely scary. Never leave your laptop/phone unattended in a public place. Amazing content as always!!

Great content as always David! Would love to see the reverse shell demo with the OMG cable!

David to Everyone who wants to learn Networking: Never gonna give you up!! Never gonna let you down!!!

Now I have to pay really serious attention bcz on of my friend buy some stuffs from hak5 and this cable too while watching your video Help me GOD!! 😅

David, do a tour video on your home office setup. Thanks your for your endless effort.

Interesting. I'm a novice when it comes to IT and up until this point in my life I would have trusted a cable like that. This ends now. Thanks David!

-Great content Professor David Bombal...!!! -So, these keylogger and reverse shell tools are getting easier to use every day. -About 10 years ago I programmed in devices such as cellular microcontrollers and nini laptops exactly this type of system (keyloggers and reverse shell) for my government operators, nowadays they sell these same tools on the internet that 15 year old boys can buy with his father's credit card on the Internet to take credentials of his colleagues of High school. -Times are really changing...!!! -Thanks for the knowledge Professor David...!!!

You made the mistake because you allowed this cable to be connected to your computer. That's what I learned from this video thanks so much David.

How interesting 🤔 I wrote a simple Java keylogger a while back that gets deployed within an image and runs on opening. It then runs as a background process and logs chunks of approximately 1000 keystrokes which then get sent to a MySQL database

Well, a hacker would have to have physical access to the device, or get you to use their cable: Being a Linux user, I never heard anyone saying that Linux can prevent all attacks from anyone with physical access to the device, but I have seen plenty of times people reporting on vulnerabilities in Linux as a "Big Problem" and leaving out the part that it can only happen with physical access! Linux can also be penetrated otherwise, but for the most part only if the user does not use good security practices. With Windows even that's not enough: It's not like you can keep Microsoft out!

This is the only technology based channel that I watch. How the hell do you stay on top of all this hacking stuff? Lol, I love it! Kali is really the best OS for hacking, cracking, sniffing!

OMG! I am really scared! Awesome video David as always. Please carry on! Thank you so much for the demonstration.

0:01 I am pretty sure we all just got trolled by David! It is not about the cable, but the MONITOR!!!! Looks at that MONSTER!

a very unique and new way to rick roll people. This is crazy that you can have keyloggers in a cable

Shud be a way to detect which cable is an OMG cable or a regular one. Just in case you put 2 cables together.

This is because you plugged the OMG cable, Hacking or Keylogging for many is only a danger when it is done remotely, by having access phisically and putting a device which records and replay would be last thing for me . . . because nobody has so much access to my device. Sure great work and information. Cheers!

Hey, I would like to see if you could do the same key logging and applying payloads on an Mac book, if a usb c to usb c OMG cable is used to charge it. Because I think this might be a really good way to get trapped, especially if your laptop is out of battery like it often happens to students in a library or on campus in general. And if the OMG cable is also capable of key logging your iPhone if you use Face ID to open it up, because you aren’t really typing. Really enjoying your content and definitely never borrowing a cable again!!

the miniaturization to be able to put it in a cable is incredible

That's scary stuff ! Imagine setting up these multiple cables at free charging points... Hundreds or thousands of devices can get accessed by malicious parties.

Interesting, I heard of this vulnerability. First time seen a demo of it in action. A good reason to know your cables, and always run with minimal access.

Only attack my own devices for learning purposes ♥️ going to try get one for my Birthday 🎉

These are just some examples, I am totally agreed with you. Even anything connected or download can hack your system. That's so easy only way to avoid it do not connect with untrusted or let it be happen . I am using reverse shell but for monitoring purposes but that is also a very easy task. Avoid anything which is not your or just ignore it. Everything is secured when you have it otherwise forget security

Will love to see the reverse shell video sir. Thanks for the videos, we really are learning from them.

So many ways in , screen mirroring, sharing, key logging, wifi & Bluetooth once you have these enabled, then their is pairing to smart tvs using streaming. Best way is to shutdown your appliance and unplug the power. One other point on ac mains switch the positive & negative poles then they switch on the appliance remotely.

Hey David loved the video! Can you please make a video on how to counter & protect outself from this type of stuff?

a friend of mine use to build fake usb key like that few years ago but having it so small that it fits into clables is frightening ! I would love to see the circuitboard of this ! (Edit: I found pictures of the inside !) Thanks a lot :)

Reverse shells are just as possible on Mac OS, you just have to escape the colons in the script

Does it capture password if it's an auto fill from password manager?

Can you imagine passing these things out at tech conferences as part of a swag bag? I would think they would be able to install a tunnel feature that could run a payload after the first login, to compromise password integrity, open ports and services create a VPN to tunnel out to a, drop server to collect all the goodies.

Thank you David Bombal for this amazing video. It’s rare to find such quality content online. Could you please make a video on reverse shell on IPhone using Mac

For some reason, the explaining the same technique, finishing with the tagline "as you can see, I've been able to Rickroll you" reminded me of Patrick Stewart on Extras, explaining various plots to Ricky Gervais' character, ending with the tagline: "then all of their clothes fall off" followed by "but it's too late... ...I've seen everything"

if you have enough physical access to my laptop to plug a cable into it you have more than enough access to use about 40 different ways to gain access to it even though it is running Linux. One thing you may want to explain is you are not going to capture keystrokes from the laptop with that cable - you didn't say that you could but you didn't say you couldn't either, as there is no way for the cable to man in the middle the keyboard of a laptop. What is truly frightening are the wireless keyboard capture devices - simply sit next to someone with a wireless keyboard and log everything they type. I believe they only work on Bluetooth wireless keyboards at this time due to the different frequencies and such between different manufacturers but it's only a matter of time before all wireless keyboards are leaking secrets

This really has nothing to do with security of the OS. Remove physical access and we see then. Edit, the logger/typer being embedded into the cable is interesting though.

Amazing, now I know why u need to be careful while downloading any file or copying from usb

Yes! More omg content! A video on reverse shell would be very welcomed!

Best advice from David Bombal "Learn how to hack but do not go to jail".

Rewatching this video 1 year later I think if you buy a mechanical keyboard it could have a keylogger hardware software inside. Maybe its too much crazy ....but are weird times 😮

Excuse me Mr.Bombal but I couldn't help but notice a typo in the title...I think its 'login' instead of 'logon'...anyways the video was awesome...as always ; )

This was fascinating, thanks, David. I'm in love with that curved long screen. Where can I buy one? 😊💻

If you have access to the machine, many Ubuntu etc. can be accessed as root through the repair console. I won't describe it here, but easy enough to find out. Ubuntu is as secure as you want to make it, which may mean disabling this under grub.

CRAZY!!!! Love all your contents DAVID.... please make a video on how to get a persistent reverse shell...

You are the best David

I would like to see Apple investigate this, because they are pretty good when it comes to fake charger connection, but I believe you would be fully compromised by the time Apple can prevent the attack

Amazing video, amazing hardware. Thank you for opening our eyes to this tech. It would be nice to see your recommendations at the end of this video as to what can be done to defeat this sort of attack beyond the obvious thing to only use a charging cable purchased from a reputable source.

Being an IT admin, I'm going to buy 20 of these and replace all the employees USB cables at their desks just to Rick roll everybody at once.

I used keyloggers 20 yrs ago. The wired one is just a bit more fancy.

A little suspicious if you would connect a cable to someone's computer without the owner of the device not suspecting anything.

People usually think that Mac and Linux are virus-free but they can also be hacked as excellently demonstrated in the video! Keep up the great job.

Very useful information if I didn’t already know bout tha cord

Even a simple cable can create disaster for you 😨😨 mindblowing demo

You changed my life sir

Sir on of the frist ones and want to be like Kevin mitnik in future,my role model is Kevin mitnik and you r my inspiration ❤️

Yes David bombol again with the beast videos

Thanks for your Content. It really helps us

Please do a video on reverse shell attack. That's so awesome!!

Amazing vid! I would love a msfconsole and msfvenom tutorial coming from you.

Show me the reverse shell David :D. One problem though I don't have the financial state to buy this. But I would love to see it

Everyone is first until they refresh the comments 😂😂

2:29 I stopped here because I saw the URL that I'm all to familiar with. I'm not going to get rick-rolled! But I'm in the mood for watching it myself.

Ah Jokes on the O.MG i never connect my phone via cable to my PC work or the leisure one :D this looks like a fun gadget though.

Mr.David you are very scary and dangerous man.

The cable is what it is .. a keyboard with a low powered wifi *see below why you shouldnt be worried* 1-That keyboard can only get access once it captured your password. Most keyboards are either hardwired or wireless...so this is already limiting its use. I doubt this USB works like a good old software keylogger therefore its useless if not connected inbetween the keyboard. 2-Which OS is running is irrelevant.. except for the attacker who has to program the scripts specifically to execute commands for that OS. Therefore the title is misleading it is not related to macOS, Linux etc now suddenly having a new vulnerability. But the specific keyboard driver could possibly be disabled if uncommon. 3- Any sensible person in 2021 is using a passwd mgr such as Bitwarden, 1Pass, KeePass etc etc. By letting the software input the passwords for you, this bypasses this device. Sure, it grabs your passmgr password but with 2F authentication it prevents a login from a new location/device. For those doing sensitive stuff inside a VM.. the VM itself would not be compromised but key inputs to the VM will be logged, but you'll use your passmgr inside the VM.. so thats covered. 4-The wifi provided is low power, therefore its range is expected to be rubbish. The first concrete wall, electrical equipment etc it encounters will severely cut its range, the attacker will have to remain very close by or come back at a later stage. 5-Use cases, good option in open plan office space, meeting rooms etc.. quick replacement when a client is out the door and the room isnt locked. It would be awesome if it had 4G connectivity with dyndns, making it instantly remote accessible for the attacker. But nobody is gonna randomly leave these cables lying around, and especially now with covid, people have become alienated using stuff thats not theirs. Just my 2c... that I'm not worried about this device at all. It has use cases but its gimmicky at best. Oh, and David. Good video, thanks for this one and the other explaining how it works :)

It is scary to see how easy it has become to inconspicuously intercept a keyboard - PC link. However, I think this video is misleading with the conclusion that a particular OS is insecure. What's the surprise that one can login in any computer, if one gets hold of the login credentials and has physical access to it? That doesn't imply that the system is insecure. That is the same to say, I watched someone else logging in and now I can also do it, therefore the system is insecure. I suppose that this specific eavesdropping attack could be mitigated with an encrypted keyboard link, but that would require specialized hardware, rather than a safer OS.

Excellent video!!! I'll see the reverse shell video too..

Thank You Sir David for the video.

Sometimes my browser on my Windows 10 HP Notebook/Laptop PC behaves as being remote controlled, just as you showed: automatic behaviour - not initiated by PCs local keyboard or mouse. This happened only connected via WiFi WLAN (Telekom speedport) shared with my neighbour, sometimes wired connected to USB keyboard and USB mouse (Trust brand).

Did you end up making the reverse shell video to access devices that I own, that I’ve left at home, so I can access them from a mile away?

Holy begeebus! How can this be allowed? Huge props for telling us about it

To be quite Frank, I don't believe that the range of that embedded access point is up to a mile. More likely it will have trouble penetrate a brick/concrete wall at a few meters away

Complete tech troglodyte here... If I turn off my internet access whenever I'm not using the computer/cell, will this help keep me safe? Thanks for all you're sharing. Though I don't understand much, I'm learning.

Thanks for finally doing a Mac video! How can we fully remove the keylogger and prevent it?

Hey, David Thank you so much for your videos. I got a question for the omg cable, if the target unplugged the omg cable will it be exploitable, or will it be disconnected?

The fact that the communication between keyboard and computer is not encrypted is hardly surprising. How would you perform this attack if it was encrypted?

How you doing Mr.bombal, am from Uganda(Africa) am interested in the separate video on how to create a strong reverse shell to a computer even when its shutdown I can still have access. Thanks

This cable is crazy thank you sir for the eye opening info

2:34 :DDDDavid has some meme culture.

you get more widescreen monitor upgrades than I've ever seen! What happened to the LG 34WK95U-W and the Apple display XDR?

So, we have to have to have the user connected by the OMG cable and we can capture the keystrokes wirelessly via the app on our phone. What if the user has a wireless keyboard? Wouldn't it be a little ominous if suddenly a cable was running from it?

A great video as usual. I always learn something from your great videos. Thank you.

this video in itself deserves a subscription

Think of it what happens if the office cleaning company, walks into the office of an important person, swaps their phone charging cable? Everyone has one on their desk right? Companies need to start implement random checks I suppose?

David try it with a software overlay keyboard and see if that captures it. How about biometric login? How about a reverse payload to your device?

Yes David. I am curious how can we get rev shell from OMG cable.

imagine someone playing a rhythm game and all they just see is just random keys

Hello sir, Thanks to you first. Your work is really great. Now come to the main topic. From your giveaways i had got Ethical hacking for beginners course and completed that some days ago. Now I'm continue with network+. But I thought that I need to know more about security. That's why I want a security+ course so that I can increase my knowledge about that.

Hello David, THanks for the great video! you should try this but when there is JumpCloud client installed on the Mac/Linux/Windows. will it work again? Is the user which you scan a local one or its a cloud account like JumpCloud account? thanks

nice video. learnt something helpful today... my question is, how do we know a cable that has keylogger. can you make a video on how we can know each cable.

This woudn't work with Abylon Logon on windows because it uses hardware key (Chip card, RFID token, USB stick or CD DVD)..also uses 2FA.

In Linux, you can choose what VendorID and what DeviceID can be plugged in. On my workstation at work, I have allowed existing devices to be plugged in and everything else is denied. Once in a while when I get a new device or a thumb drive I edit this file.I also get a message in the logs that a device failed to be recognized.

Wauw...shows the importants of MFA solutions...

At 4:50 you said you knew the laptop password but would still be able to capture the password with the cable. How’s that work with a laptop when you can’t run the cable from the specific detachable keyboard to the computer as a middleman?

To plug that cable into the Linux laptop the hacker is already standing in front of the keyboard, I don't think it makes Linux insecure that someone csn type a password on the keyboard