Nice video. You could have run all the script in 'run command' and use invoke expression. Its stealthier that way without showing a terminal or command shell. You could also add hidden mode and bypassing execution policy by adding parameter '-w' and '-ep bypass'.
The first time I saw your training, I thought I was dreaming. I always wanted to learn such hacking and security training. I think God has given us a new chance by being you. This is very precious
Dear David, great supportive attitude, you deserve my deep respect for the way how you spread your knowledge, I am thankfull and I mean it. Now I am considering to join.
Less than 3k likes 👍????? C'mon people.... hit the damn like button. This is one of the most legit sources on TH-cam. Great content David. Keep it up !!!! I started backtracking your older videos and noticed you're not getting the respect yourself and the channel deserves 😤
Hey david,windows defender can disable by CMD or Powershell this is very easy. [For CMD: >>>sc config WinDefend start= disabled >>>sc stop WinDefend] [For powershell:Run PowerShell with administrative privileges (Windows key + X + A) >>>Set-MpPreference -DisableRealtimeMonitoring $true] If you want to completely remove Windows Defender from Windows 10, use the following PowerShell command: >>>Uninstall-WindowsFeature -Name Windows-Defender
Hello David, im an IT-Student and and purchased the O.MG cable to experiment a little and learn more about IT-Security and understand/learn more in this topic. One Question: How can a (lets say Windows) Computer be defendet if such a device gets connected? Is there anything you can do if the device is already connected? Something to prevent just downloading the "Keybord drivers" maybe ?
so ill say it again, its not that i didnt believe that the script works because it does. The issue is when you exfiltrate the information you got from the script you are sending it up to a local web server. That means you already have a direct connection to the very network you are trying to hack.
Thanks for taking the time to explain this Great video as always Had trouble to connect to the cable Found that programmer first and the cable did the trick - both at the same time did not work for me
Thank you for the tutorial ! I had a question... can we use the programmer to program any usb cable, or do we have to buy the usb cable from the hak5 website?
Thank you. These are specific hardware devices - they are not like normal USB cables / devices. That hak5 cable has an access point and web server embedded in it and pretends to be a keyboard. So, a normal USB cable won't work.
Thank you for the vid and tutorial. Question though: if one was running a virtual machine (VM) over the host OS, would the ducky attack gat access/ edit the VM only or can it still access the host registry?
This is awesome!!! Great video!! Omg I really like hacking and python (or any other programming language) because you can do cool stuff like these with it
I bought the Demonseed V2 EDU because of this video. I am at the step where you put the demonseed into the cable and clean it up to make it look official. I am gettin really frustrated as the guy who made the demon seed did not give me proper instructions for V2 cable. I can’t finish the wire and am stuck here kind of regretting purchasing this.
Amazing just amazing.question tho.when you say it runs ducky scripts does that mean i can just upload a keylogger script to a computer like the rubber ducky and can it run something like jackalope for bash bunny?
I just picked up a omg plug one of the things I would like to implement is have it connect to a Mqtt sever to bypass firewalls and port forwarding to upload and run scripts remotely
Use G-Data, and it will be automatically block new keyboards and moses, so If u are see a message from G-Data u will know this is not a normal cable :)
Thank you for the video. Very informative but Scary! How can we even know that we were attacked, if the antivirus doesn't report anything? Doesn't firewalls block or warn about malicious activity?
-Great content. ...!!! -Keylogger is a very old form of attack but programmable hacking devices are sold on cheap Chinese electronics sites. -Then they can be programmed either in C or C ++ or Python or any language. -I program at home on the Arduino IDE USB devices for wifi that are used as home automation controllers (alias the programs with ready firmware like tasmota or wled with those same programming tools that you used), but to make a keyloguer like that transmitting direct by wifi the information of the machine which would skip their firewall because it would leak the data to a nearby wifi station. -But there are circuit boards that have 3g or 4g, which can after being connected to the PC's USB and leak your data remotely or give remote control inside the device. -Extremely dangerous to place USB devices or any other unreliable device on a machine, especially one on a corporate network or server, windows server if I remenber have the same functions. -In Linux users can be configured to block access to USB or removable devices, because they have the philosophy of original creation on servers and because of that they prevent this type of attack in this way. -Great content, driven by knowledge...!!!
Definitely the best youtuber, I can learn linux when schools are closed, because schools are closed in iraq. So I can learn alot of things with the help of sir bombal!!!
I have one question: in the payload 4 demo, you uploaded your extracted WiFi as a zip file to your webserver, which is you local Kali machine that is joined into the "fbi" network. But you said earlier that when the payloads are run by the OMG cable, the Kali machine disconnects from that WiFi network, so the webserver shouldn't be reachable at the moment of uploading the zip file. So how could that work? Or the webserver is hosted on another machine, that is joined to the WiFi of the network that the target machine is connected to.
While this is happening say your device is under attack and you can see typing on the screen. If you use your keyboard does it add your keystrokes as well or is your keyboard disabled? If you can add keystrokes, and add them quick enough could you potentially throw a stick in the spokes and make the commands function improperly?
You will be surprised how many people use the macbooks at David Lloyds and other gyms around the country you can plug this into every single computer there and libraries and put a key logger injection in and collect everybody’s passwords and data credit cards pins Cvc’s addresses the things you can do this is endless if you’re a criminal there amazing or if you just wanna educate your children or your mum about cyber security and how easy it is for people to steal your data anyway nice video and you’ve getting a sub for me
Hello, David. Nice content. My concern is that it will not work if PC in company’s domain where you have no permission to execute PowerShell scripts, you need admin’s permissions.
Can u have the cable plugged in a wall socket just waiting for people to charge their phone and do some kind of pentest on the phone once they put it to charge ???
Not video related but Since you do such great videos with allot of attention to detail, would you be willing to show us how to mod an existing Captive Portal and use it in wifipumpkin3 or a WiFi pineapple? I found a million videos on how to captive portal but non shows how to mode an run from a template.
I heard that you can even store programmes on the residual coil memory of an simple usb cable. Anyway, thank you for telling me how to install a remote program in a stick or usb and let it on the street in order for someone naive enough to pick it up.
I have an at home charging station, it looks like a nightstand. it has one main cord that plugs into the wall and you plug other cords into it to charge our phone. My question is, can I use the omg cord to hack into an android phone that uses the station?
Well on Mac I guess we could use cmd-space and spotlight to launch the terminal application, and enter some commands, but I still don't know how to export the wifi passwords (or any other sensible information) since they are saved encrypted in the keychain and even a mere export requires the system password.
There are other tricks for a Mac. Have a look at some of the scripts here and elsewhere: github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads - but I'll upload some demos if people are interested. May wait until the latest version of macOS is released however.
hey im having a problem, when i try to do the step u did at 8:52 it loads and says"O.MG-CABLE-PROGRAMMER WAS NOT FOUND ON THESE COMPORTS" then makes me close the tab.
dear sir ..greeting..can u make one video for andriod too?? with similar depth tutorial....and hack account credentials...as sometimes partners arent loyal......
I have a quick question, can you connect the USB Type A to a power adapter or does it have to be connect to a laptop and then other end to a mobile device?
After setup the omg cable must I plug it from my system to phone before I can get the passwords Or after setting it up anywhere that the cable plugs to any system I will get all the information anywhere I am
Nice video. You could have run all the script in 'run command' and use invoke expression. Its stealthier that way without showing a terminal or command shell. You could also add hidden mode and bypassing execution policy by adding parameter '-w' and '-ep bypass'.
The first time I saw your training, I thought I was dreaming. I always wanted to learn such hacking and security training. I think God has given us a new chance by being you. This is very precious
For this reason my antivirus requires to type random 4 characters on the new “keyboard”. I love your content!!
Great video David, I might buy one just to mess with my family. For them to understand more about Cyber Security.
Thank you David. Agreed - you can have a lot of fun :)
Yes so you can catch your bro looking at pron, catch your dad talking to his mistress, & your mom turns out to be a freak.
David what a great video. Thanks for all the clear explanations, for your time and dedication
Thank you Paul. Glad you enjoyed the video :)
Dear David, great supportive attitude, you deserve my deep respect for the way how you spread your knowledge, I am thankfull and I mean it. Now I am considering to join.
Awesome, just AWESOME! I was very eagerly waiting for this. Nicely explained. Thank you, David Bombal.
Thank you Bhargav! Glad you liked it :)
Less than 3k likes 👍????? C'mon people.... hit the damn like button. This is one of the most legit sources on TH-cam.
Great content David. Keep it up !!!! I started backtracking your older videos and noticed you're not getting the respect yourself and the channel deserves 😤
Hey david,windows defender can disable by CMD or Powershell this is very easy.
[For CMD: >>>sc config WinDefend start= disabled
>>>sc stop WinDefend]
[For powershell:Run PowerShell with administrative privileges (Windows key + X + A)
>>>Set-MpPreference -DisableRealtimeMonitoring $true]
If you want to completely remove Windows Defender from Windows 10, use the following PowerShell command:
>>>Uninstall-WindowsFeature -Name Windows-Defender
Agreed. You can definitely get around Windows Defender. Thanks for sharing!
David You are the hero here.... i learned so much from your videos...
Hello David,
im an IT-Student and and purchased the O.MG cable to experiment a little and learn more about IT-Security and understand/learn more in this topic.
One Question: How can a (lets say Windows) Computer be defendet if such a device gets connected? Is there anything you can do if the device is already connected? Something to prevent just downloading the "Keybord drivers" maybe ?
Thank you so much David! this is very helpful I appreciate it
You're welcome Umair
Always sharing the best.Thank you Sir
so ill say it again, its not that i didnt believe that the script works because it does. The issue is when you exfiltrate the information you got from the script you are sending it up to a local web server. That means you already have a direct connection to the very network you are trying to hack.
Thanks for being open and thorough. Sub'd, and I look fwd to the Discord.
Hi David thanks for your Vid and at Udemy especially CCNA very nice course content. And now this learning is awesome.
Thank you! Happy to hear that you are enjoying my courses and this video :)
⁹⁹⁹⁹⁹
FYI there's software you can download and install that'll prevent typing faster than humanly possible hence curtailing any Bad-USB keyboard device.
link
Thank you very much for sharing this !
You're welcome!
Love you sir you explain best
Love your videos also
Lots of love from india sir ❤️
Thank you Senil!
before even i watch i put like
love your videos
I really appreciate that! Thank you.
You’re videos are the best !!
Thanks for taking the time to explain this
Great video as always
Had trouble to connect to the cable
Found that programmer first and the cable did the trick - both at the same time did not work for me
Thank you for the tutorial !
I had a question... can we use the programmer to program any usb cable, or do we have to buy the usb cable from the hak5 website?
Thank you. These are specific hardware devices - they are not like normal USB cables / devices. That hak5 cable has an access point and web server embedded in it and pretends to be a keyboard. So, a normal USB cable won't work.
Thank you for the vid and tutorial. Question though: if one was running a virtual machine (VM) over the host OS, would the ducky attack gat access/ edit the VM only or can it still access the host registry?
This is awesome!!! Great video!! Omg I really like hacking and python (or any other programming language) because you can do cool stuff like these with it
Thanks for such precious info
You're welcome!
Best vedio ever in my life😘😘👍
Hi David what is the range of the cable..to what distance we can connect
Very good video!! Love from quebec ❤
I bought the Demonseed V2 EDU because of this video. I am at the step where you put the demonseed into the cable and clean it up to make it look official. I am gettin really frustrated as the guy who made the demon seed did not give me proper instructions for V2 cable. I can’t finish the wire and am stuck here kind of regretting purchasing this.
Amazing just amazing.question tho.when you say it runs ducky scripts does that mean i can just upload a keylogger script to a computer like the rubber ducky and can it run something like jackalope for bash bunny?
I just picked up a omg plug one of the things I would like to implement is have it connect to a Mqtt sever to bypass firewalls and port forwarding to upload and run scripts remotely
Great video 🤓 Thanks David
Thank you Reden! Glad you enjoyed it :)
Use G-Data, and it will be automatically block new keyboards and moses, so If u are see a message from G-Data u will know this is not a normal cable :)
Great Video Sir!
Thank you for the video. Very informative but Scary! How can we even know that we were attacked, if the antivirus doesn't report anything? Doesn't firewalls block or warn about malicious activity?
Some attacks will be blocked by anti-virus. Others won't. Don't trust unknown USB devices.
Does android / ios recognise these as a keyboard aswell?
Great video keep them coming!!
Thank you!
-Great content.
...!!!
-Keylogger is a very old form of attack but programmable hacking devices are sold on cheap Chinese electronics sites.
-Then they can be programmed either in C or C ++ or Python or any language.
-I program at home on the Arduino IDE USB devices for wifi that are used as home automation controllers (alias the programs with ready firmware like tasmota or wled with those same programming tools that you used), but to make a keyloguer like that transmitting direct by wifi the information of the machine which would skip their firewall because it would leak the data to a nearby wifi station.
-But there are circuit boards that have 3g or 4g, which can after being connected to the PC's USB and leak your data remotely or give remote control inside the device.
-Extremely dangerous to place USB devices or any other unreliable device on a machine, especially one on a corporate network or server, windows server if I remenber have the same functions.
-In Linux users can be configured to block access to USB or removable devices, because they have the philosophy of original creation on servers and because of that they prevent this type of attack in this way.
-Great content, driven by knowledge...!!!
Thank you Eduardo!
I really appreciate it very much 💕
You are welcome Mawuli!
Do you have to get the expensive ones or can you just buy the cable programmer?
Time to save money to buy tips cables!!
lol... save that money!
Pretty dam cool sir
Where can I buy everything
Hello..... Big fan sir.... I m from india
Thank you!
Interesting video✌️🤗🤗
Glad you liked the video :)
@@davidbombal always 💯
What app are you using to edit duckyscript on mac? I tried to get Notepad++ but it doesn't work on mac or the app I tried to run it in.
O.MG❤️
Great cable :)
@@davidbombal this is more advanced😁
I still wasn't able to get my dell laptop running
Best content
Thank you!
Thank you for commenting back
Definitely the best youtuber, I can learn linux when schools are closed, because schools are closed in iraq. So I can learn alot of things with the help of sir bombal!!!
Thanks David!
You welcome
I have one question: in the payload 4 demo, you uploaded your extracted WiFi as a zip file to your webserver, which is you local Kali machine that is joined into the "fbi" network. But you said earlier that when the payloads are run by the OMG cable, the Kali machine disconnects from that WiFi network, so the webserver shouldn't be reachable at the moment of uploading the zip file. So how could that work? Or the webserver is hosted on another machine, that is joined to the WiFi of the network that the target machine is connected to.
Thank you! Very usefull!
You're welcome Marius! Thank you for all your support.
While this is happening say your device is under attack and you can see typing on the screen. If you use your keyboard does it add your keystrokes as well or is your keyboard disabled? If you can add keystrokes, and add them quick enough could you potentially throw a stick in the spokes and make the commands function improperly?
Do thry allow access to the phones themselves or just a computer it is attached to?
Now I just need a cable...
@David are you planning on doing other Hak5 gear? Wifi Pineapple? Bash Bunny? Hmm
Yes... that is the plan (well, if people want to see videos about them)
@@davidbombal hell yeah!!! Sorry for my excitement! Lol
Excitement is good 😀
Hi David,
what if windows Laptop and Kali are not on same network ?
do we need domain and site hosted on vps in that case
Thank you sir
You're welcome!
Hey David I'm curious about the cable itself, what exactly inside the cable and how can I make one if I want to?
You can’t make one unless your smart lol easier to pay £100 and £20 for the programmer well worth it
You will be surprised how many people use the macbooks at David Lloyds and other gyms around the country you can plug this into every single computer there and libraries and put a key logger injection in and collect everybody’s passwords and data credit cards pins Cvc’s addresses the things you can do this is endless if you’re a criminal there amazing or if you just wanna educate your children or your mum about cyber security and how easy it is for people to steal your data anyway nice video and you’ve getting a sub for me
Great video thanks David Bombal.
Thank you Kaba
will the payloads also work on the phone with the USB-A side straight into a power outlet and not from a PC
Can you do server setup of kali linux that u have done , step by step.
Hello, David. Nice content. My concern is that it will not work if PC in company’s domain where you have no permission to execute PowerShell scripts, you need admin’s permissions.
Well, you shouldn't be using this at your job...
Good point Victor!
Absolutely
I am looking at getting the omg plug, can you write code and store it on there and then tell the computer to run the code on the plug?
how to setup that cable to lunch the payload to the IOS device?
Can u have the cable plugged in a wall socket just waiting for people to charge their phone and do some kind of pentest on the phone once they put it to charge ???
Can I run a live-webserver like at home and do the payload somewhere else, does that make sense?
Could normal USB cable turned or flashed into OMG cable?
Helpful bro
Glad to hear that!
Not video related but Since you do such great videos with allot of attention to detail, would you be willing to show us how to mod an existing Captive Portal and use it in wifipumpkin3 or a WiFi pineapple? I found a million videos on how to captive portal but non shows how to mode an run from a template.
would you show us step by step how to set up the http server n how to use it with the script to get wifi credentials from computer
I heard that you can even store programmes on the residual coil memory of an simple usb cable. Anyway, thank you for telling me how to install a remote program in a stick or usb and let it on the street in order for someone naive enough to pick it up.
I have an at home charging station, it looks like a nightstand. it has one main cord that plugs into the wall and you plug other cords into it to charge our phone. My question is, can I use the omg cord to hack into an android phone that uses the station?
But when you plug in the cable,, PC will show that installation of keyboard,, does it???
Can the omg cable send keystrokes to the iPhone or doesn’t it only send to the usb end “computer”
>
Super 😍😍
Love from india
Thank you Sudarshan!
@@davidbombal ❤️
Well on Mac I guess we could use cmd-space and spotlight to launch the terminal application, and enter some commands, but I still don't know how to export the wifi passwords (or any other sensible information) since they are saved encrypted in the keychain and even a mere export requires the system password.
There are other tricks for a Mac. Have a look at some of the scripts here and elsewhere: github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads - but I'll upload some demos if people are interested. May wait until the latest version of macOS is released however.
How cool you are!! , Thank you for sharing this video
Great ...
hey im having a problem, when i try to do the step u did at 8:52 it loads and says"O.MG-CABLE-PROGRAMMER WAS NOT FOUND ON THESE COMPORTS" then makes me close the tab.
I don't see the usb to usb-c cable on their website.
Sir can you start the bug bounty videos 😀 please please sir
Good suggestion!
@@davidbombal thanks sir 🥺
How do I install the drivers ? Can't do it 😢... It don't show automatically like you, I must install but idk how
Any help?
Replace youtube link with Weevely and get reverse shell
dear sir ..greeting..can u make one video for andriod too?? with similar depth tutorial....and hack account credentials...as sometimes partners arent loyal......
I'll see what I can do with regards to Android devices. These cables attack the computers, not the phones.
Do i have to be in a Radius of the cabe or can i be anywahr in the word?
I have a quick question, can you connect the USB Type A to a power adapter or does it have to be connect to a laptop and then other end to a mobile device?
Would it also work if I block data transfer when plugging the cable in? (I saw this feature on android)
Will this method also work for getting access of google chrome passwords??
From where we get this tools
I will never trust on unknown cables !
Better to not trust any unknown cables :)
Awesome😊
Thank you!
I don't get it. I got a o.mg kable woth key log feature and there just simply is no installable file in the drivers folder for the cable like wtf
After setup the omg cable must I plug it from my system to phone before I can get the passwords
Or after setting it up anywhere that the cable plugs to any system I will get all the information anywhere I am
Wehn i cahrage my iphone with this cable on a normal Wall Adapter can they get any info?
Where do you get the programmer?
Can we convert a normal USB cable into a malicious cable like this ??
No. This cable has a lot of special circuitry inside of it
Can I use this on my android phone
Since this tool works on PC only not the iPhone or android I think rubber ducky is better it belongs to PC and cheaper
Great video but you lost me when you discussed setting up a domain and a DNS server
David where do u get these ideas?
Research. Google. Reading.
@@davidbombal thx