Hidden keylogger // Bypass Linux & macOS logon screens! Rubber Ducky scripts for Hak5 OMG cable

It's just crazy scary what these cables can do. They look like normal USB cables, but are not! In this video we login to Apple MacOS and Linux computers :)
======
Scripts:
======
Apple macOS Rickroll: davidbombal.wiki/applerickroll
Linux Rickroll: davidbombal.wiki/linuxrickroll
=======================
Buy Hak5 coolness here:
=======================
Buy Hak5: davidbombal.wiki/gethak5
================================
Hacking Android and iOS devices:
================================
OMG with Android and Apple iPad: th-cam.com/video/7YpJQT55_Y8/w-d-xo.html
=============
Setup Videos:
=============
OMG Cable setup: th-cam.com/video/V5mBJHotZv0H/w-d-xo.htmlak5
Rubber Ducky setup: th-cam.com/video/A2JNBpUotZM/w-d-xo.html
================
Connect with me:
================
Discord: discord.com/invite/usKSyzbTwitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombalTH-cam: th-cam.com/users/davidbombal
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

It's scary how clueless I am about things like this. Thanks Mr Bombal for educating people about the danger of technology. This can help keep me and my family safe from dangers like this. 🙏😁

3:30 This is not a problem with any OS, and using it against a Linux or Mac computer says nothing whatsoever about the OS capabilities. The cable is a hardware device that requires physical access to install. If a bad actor has physical access to your computer to install that cable, there are any number of ways to get past all operating systems. Physical access generally means game over.

Oh you made me remember an incident! My friend in some governmental sector told me that they brought several new computers..they run some tests and they discovered that some PC cables have antennas in them to send data to the building cross the street. I think this is the same concept

Yes please!! A video on how to get a reverse shell would be awesome!
Also, this is extremely scary. Never leave your laptop/phone unattended in a public place.
Amazing content as always!!

This is the most frustrating thing to happen, getting hack and Rick rolled at the same time. Thanks David for this kind of video, so people realize the danger of a random USB cable that they pick up somewhere.

It's a neat cable, but let's get one thing straight: You are not 'attacking' MacOS, nor are you attacking Linux, you are attacking the hardware. Obviously, an operating system can never be more secure than the hardware it runs on.

This is the only technology based channel that I watch. How the hell do you stay on top of all this hacking stuff? Lol, I love it! Kali is really the best OS for hacking, cracking, sniffing!

-Great content Professor David Bombal...!!!
-So, these keylogger and reverse shell tools are getting easier to use every day.
-About 10 years ago I programmed in devices such as cellular microcontrollers and nini laptops exactly this type of system (keyloggers and reverse shell) for my government operators, nowadays they sell these same tools on the internet that 15 year old boys can buy with his father's credit card on the Internet to take credentials of his colleagues of High school.
-Times are really changing...!!!
-Thanks for the knowledge Professor David...!!!

A very good reason for a CEO to have his own bug sniffer crew that checks new hardware and old ones often.

Word of advice: do not "shove" an "innocent" pen drive or an "innocent" cable that you just found into any of your devices.
Be also aware that an "innocent" charging point may be not as innocent as it seems...

David to Everyone who wants to learn Networking:
Never gonna give you up!!
Never gonna let you down!!!

OMG!
I am really scared!
Awesome video David as always.
Please carry on!
Thank you so much for the demonstration.

David, do a tour video on your home office setup.
Thanks your for your endless effort.

0:01 I am pretty sure we all just got trolled by David! It is not about the cable, but the MONITOR!!!! Looks at that MONSTER!

This is because you plugged the OMG cable, Hacking or Keylogging for many is only a danger when it is done remotely, by having access phisically and putting a device which records and replay would be last thing for me . . . because nobody has so much access to my device. Sure great work and information. Cheers!

Well, a hacker would have to have physical access to the device, or get you to use their cable: Being a Linux user, I never heard anyone saying that Linux can prevent all attacks from anyone with physical access to the device, but I have seen plenty of times people reporting on vulnerabilities in Linux as a "Big Problem" and leaving out the part that it can only happen with physical access! Linux can also be penetrated otherwise, but for the most part only if the user does not use good security practices. With Windows even that's not enough: It's not like you can keep Microsoft out!

For some reason, the explaining the same technique, finishing with the tagline "as you can see, I've been able to Rickroll you" reminded me of Patrick Stewart on Extras, explaining various plots to Ricky Gervais' character, ending with the tagline:
"then all of their clothes fall off" followed by "but it's too late... ...I've seen everything"

a friend of mine use to build fake usb key like that few years ago but having it so small that it fits into clables is frightening !
I would love to see the circuitboard of this ! (Edit: I found pictures of the inside !)
Thanks a lot :)

That's scary stuff !
Imagine setting up these multiple cables at free charging points...
Hundreds or thousands of devices can get accessed by malicious parties.

Now I have to pay really serious attention bcz on of my friend buy some stuffs from hak5 and this cable too while watching your video
Help me GOD!! 😅

Shud be a way to detect which cable is an OMG cable or a regular one. Just in case you put 2 cables together.

the miniaturization to be able to put it in a cable is incredible

Interesting, I heard of this vulnerability. First time seen a demo of it in action. A good reason to know your cables, and always run with minimal access.

a very unique and new way to rick roll people. This is crazy that you can have keyloggers in a cable

These are just some examples, I am totally agreed with you. Even anything connected or download can hack your system. That's so easy only way to avoid it do not connect with untrusted or let it be happen . I am using reverse shell but for monitoring purposes but that is also a very easy task. Avoid anything which is not your or just ignore it. Everything is secured when you have it otherwise forget security

Can you imagine passing these things out at tech conferences as part of a swag bag? I would think they would be able to install a tunnel feature that could run a payload after the first login, to compromise password integrity, open ports and services create a VPN to tunnel out to a, drop server to collect all the goodies.

Hey David loved the video! Can you please make a video on how to counter & protect outself from this type of stuff?

Will love to see the reverse shell video sir. Thanks for the videos, we really are learning from them.

Only attack my own devices for learning purposes ♥️ going to try get one for my Birthday 🎉

Does it capture password if it's an auto fill from password manager?

Reverse shells are just as possible on Mac OS, you just have to escape the colons in the script

You are the best David

This was fascinating, thanks, David. I'm in love with that curved long screen. Where can I buy one? 😊💻

Rewatching this video 1 year later I think if you buy a mechanical keyboard it could have a keylogger hardware software inside. Maybe its too much crazy ....but are weird times 😮

Yes! More omg content! A video on reverse shell would be very welcomed!

Being an IT admin, I'm going to buy 20 of these and replace all the employees USB cables at their desks just to Rick roll everybody at once.

Amazing, now I know why u need to be careful while downloading any file or copying from usb

CRAZY!!!! Love all your contents DAVID.... please make a video on how to get a persistent reverse shell...

This really has nothing to do with security of the OS. Remove physical access and we see then.
Edit, the logger/typer being embedded into the cable is interesting though.

People usually think that Mac and Linux are virus-free but they can also be hacked as excellently demonstrated in the video! Keep up the great job.

Best advice from David Bombal "Learn how to hack but do not go to jail".

If you have access to the machine, many Ubuntu etc. can be accessed as root through the repair console. I won't describe it here, but easy enough to find out. Ubuntu is as secure as you want to make it, which may mean disabling this under grub.

You changed my life sir

imagine someone playing a rhythm game and all they just see is just random keys

Please do a video on reverse shell attack. That's so awesome!!

Even a simple cable can create disaster for you 😨😨
mindblowing demo

Yes David bombol again with the beast videos

Amazing vid! I would love a msfconsole and msfvenom tutorial coming from you.

Sometimes my browser on my Windows 10 HP Notebook/Laptop PC behaves as being remote controlled, just as you showed: automatic behaviour - not initiated by PCs local keyboard or mouse. This happened only connected via WiFi WLAN (Telekom speedport) shared with my neighbour, sometimes wired connected to USB keyboard and USB mouse (Trust brand).

Ah Jokes on the O.MG i never connect my phone via cable to my PC work or the leisure one :D this looks like a fun gadget though.

Show me the reverse shell David :D.
One problem though I don't have the financial state to buy this. But I would love to see it

How you doing Mr.bombal, am from Uganda(Africa) am interested in the separate video on how to create a strong reverse shell to a computer even when its shutdown I can still have access. Thanks

Holy begeebus! How can this be allowed? Huge props for telling us about it

tried using the usb-c to lightning omg cable on my iPhone 12, tried the key logger and payload-nothing happened. I have an older iPad that still uses lightning and tried the key logger and payload and again nothing happened either. I connected the usb-c to my windows computer, I was able to send a payload, but key logger did not work. not sure what I'm doing wrong

Excellent video!!! I'll see the reverse shell video too..

Very useful information if I didn’t already know bout tha cord

Thanks for finally doing a Mac video! How can we fully remove the keylogger and prevent it?

So, we have to have to have the user connected by the OMG cable and we can capture the keystrokes wirelessly via the app on our phone. What if the user has a wireless keyboard? Wouldn't it be a little ominous if suddenly a cable was running from it?

Hello sir,
Thanks to you first. Your work is really great.
Now come to the main topic. From your giveaways i had got Ethical hacking for beginners course and completed that some days ago. Now I'm continue with network+. But I thought that I need to know more about security. That's why I want a security+ course so that I can increase my knowledge about that.

Realy scary how people belive in the "safe" technology! Great video as always.

And so some people cry that Apple does not allow other cables, others displays - as you can see there is something wrong, and as you can see, there is no solution. In fact, the cable emulates the keyboard back and forth + some WiFi - LTE would be better

This cable is crazy thank you sir for the eye opening info

Hey, David Thank you so much for your videos. I got a question for the omg cable, if the target unplugged the omg cable will it be exploitable, or will it be disconnected?

Complete tech troglodyte here...
If I turn off my internet access whenever I'm not using the computer/cell, will this help keep me safe?
Thanks for all you're sharing. Though I don't understand much, I'm learning.

This is why some secure orgs I've worked at superglue the cables in. Cost is higher if there's a fault, but sometimes it's worth it

you get more widescreen monitor upgrades than I've ever seen! What happened to the LG 34WK95U-W and the Apple display XDR?

David try it with a software overlay keyboard and see if that captures it. How about biometric login? How about a reverse payload to your device?

Since this is layer 1 attack I cant find reason why it should NOT work on any OS and even device. This cable is dope tho , since it does not require major interruption of the victim .

The fact that the communication between keyboard and computer is not encrypted is hardly surprising.
How would you perform this attack if it was encrypted?

This woudn't work with Abylon Logon on windows because it uses hardware key (Chip card, RFID token, USB stick or CD DVD)..also uses 2FA.

2:34 :DDDDavid has some meme culture.

In Linux, you can choose what VendorID and what DeviceID can be plugged in. On my workstation at work, I have allowed existing devices to be plugged in and everything else is denied. Once in a while when I get a new device or a thumb drive I edit this file.I also get a message in the logs that a device failed to be recognized.

I swear, I wish I knew where to begin learning this stuff I get overwhelmed with all the information on the internet.

Everyone is first until they refresh the comments 😂😂

this video in itself deserves a subscription

how does this work though.. surely the cable must start up some kind of script/program on the pc so should it show up in taskmanager or htop or something?
how can you see wether a cable is a undercover keylogger?

Wauw...shows the importants of MFA solutions...

It would be awesome to see a reverse shell on Mac and Windows!

Hello David, THanks for the great video!
you should try this but when there is JumpCloud client installed on the Mac/Linux/Windows.
will it work again?
Is the user which you scan a local one or its a cloud account like JumpCloud account?
thanks

We can have meetings online.

Sir can u tell me that how to enter into a server and inject a bug and hack the servers cloud and get data base please tell me 😭😭😭

Hi David, amazing video… 2 question: how to identify an omg cable from regular ones (what if friends provide you a cable) and how to identify something is fishy on my laptop? Thanks

Nice new monitor Mr Bombal

Would love to see the reverse shell

just 4 seconds in to the vid.... "does this look normal to you?" um, yeah this guy, has a curved TV as a monitor... meanwhile, i move around with a 15inch laptop. i think 22' is the one one my desk..... ahaha. otherwise, by content, this is excellent!

please do a reverse shell tutorial video I just stumble here to watch this video but it is literally eye-opening it's just look like a normal USB cable who would have thought that a normal-looking cable do so many things

So this relies on a person having direct physical contact with the machine they wish to hack.

how does it communicate with phone over WiFi/Bt/CellData?

what will they think of next no one is safe /be on your toes protect you life

So does it only capture key strokes while it’s plugged in, or does it actually install a keylogger on a target device?

This was an awesome video but now I am afraid 😅 if this can happen to me....... Sir can you please make a video on how to be safe from it.

So if I order a cheap cabel from the internet, it can be this keylogger? Is there any way how to tell the difference? One more thing - if then I use the cable in my car, can they hack the car?

How come other creators say it won’t work on a locked device, but you clearly show here that it can

Nice so I can't forget my passcode and what I type yesterday

If somebody bought this just for the keylogger function, than he is nuts.

Omg I want that cable. If I'm not in student dept I'll buy it for sure

This might be a dumb question but would it not be possible to encrypt keystrokes?

Reverse shell? Yes please :)

David, if I use this on an iphone, can I capture that 4 digit password used to access the device? I only ask because it will obviously be the very 1st buttons pressed so Im not sure if that counts as "typing". I realize that everything typed AFTER the pass code has been entered will be captured, but will the code itself? (Any one who actually knows feel free to educate me) 😅