Hacking Computers from Blocks Away With a Wi-Fi Duck
ฝัง
- เผยแพร่เมื่อ 15 มิ.ย. 2024
- The USB Rubber Ducky is a famous hacker tool that allows quick exploitation of a target computer, provided you know what script you want to run in advance. We’ll try out a new tool called the Wi-Fi Duck that allows a hacker to connect and run payloads from up to blocks away. This allows hackers to run USB Rubber Ducky like scripts without needing to know what kind of computer they’re hacking in advance.
- วิทยาศาสตร์และเทคโนโลยี
A Rick-roll as a payload - that's sadistic!
"or even worse..." haha that got me
Sadly, an attack that relies on the stupidity of the clueless victim is an all-too-real scenario.
White Chicks Movie
Thank you for taking the time to teach us. I would like to address the people who think no one would leave their laptop unattended in a coffee shop etc. I am 60 plus and female. I can't tell you how many people have asked me to watch their laptop while they go to the bathroom, order another drink etc. I look "harmless". 💀
So true! Thanks for sharing!
You know he is a serious hacker when he has Stickers on his Laptop
The note stickers the more hacks one has pulled off
the defcon sticker in particular is a staple of pro hackers
every sticker represents his victims
I use ubuntu, have bios password, encrypted disk with password and user password. I wonder if he can hack my unattended password protected computer. Honest question.
@@commenter7893 yea you can get the decryption key stored on the RAM as long as the computer is powered on. Even if you shut it of one can physically freeze the RAM a couple of minutes after, copy the stored info and extract encryption key. But there are a few other less complex methods that come to my mind too like using a key logger or an evil maid attack. The only way to really make sure no one hacks into your computer is having an eye on it all the time tbh.
"or even worse(attack)"
*rickrolls*
brilliant.
That's what I'm thinking about.....
how?
@@mayankbalwan9690 hmmmm.... Just a hack that suddenly make his screen have that rickrolls video. 😅
This is exactly why you install and activate the usbguard daemon on your Linux system.
Pretty sneaky... Also, don't end up on any security cameras plugging shit into random computers 🤣. That defeats the whole purpose of not leaving traces on the machine.
Haha, good point! WiFi cameras can be deauthed.
oh my gosh!!
@@SecurityFWD
I can imagine going to a friend's home for a barbeque, let's say the head project manager of XYZ company, and installing this on a company laptop if the USB isn't disabled.
Exactly, may offices are vulnerable too. Because of computers turned to customers or left unlocked in cubical ext..
Thanks for the update.
We have docking stations at work where USBs (type a or c) can be plugged in. Not good.
I learn something every day.
I'll buy one when you figure out how to plug it in while sitting a mile away.
Key word is 'pair' of attackers
@@manuelrangel3229 Yeah well why sit a mile away then?
@@statinskill I think he was just letting it be known its capable from long distance but im sure it works being 10ft away too. Might look a little sus if you use that huge simple wifi antenna though lol
@@manuelrangel3229 Which is why from a short distance I would just sit there with a normal plain laptop and sip my coffee. Another thing is how do you get to a shell when all you have is the keyboard and can't really see what you're doing. You could end up piping things into someone's email client or into a spreadsheet.
@@statinskill convenience
If the same vulnerability would work with the ducky plugged into a USB hub which is plugged into the target machine then the ducky could also *be* that hub with a flash drive as one device and the keyboard as another.
That way the victim could be persuaded to use the ducky as a functional flash drive. In which case to window for attack is much longer and there is no need for such surreptitious activity as plugging something into an unattended computer.
You can make that if you use twin duck on your rubber ducky
Me: "what's this strange peripheral device?...unplugs"
The duck works surprisingly well plugged in behind a desktop.
I love null byte (Your Videos) so yea just subbed here, but but do you know how to get the lazy script to run on the new kali or another script like it?
this text was remotely place here.
Pretty freakin awesome! Question! Can a regular nano adruino work as well as same with ESP8266 ESP be used as the same thing ? If so is scripts still the same?
This is interesting. I am just not sure how I feel about it. There are better attack vectors that don't require many hands on deck and less risk of being caught. This would be one of those (sitting on the edge of your seat) attacks in a Mission Impossible suspense scenes. "Oh man, they are going to see the foot long tail sticking out of their laptop if they look. Oh no, they are looking..."
Could you give some examples of other attack vectors as i am new to the topic and I am not familiar with much. Thanks
My next wall perp hacked into my LAN. They first cracked the WiFi hotspot, from there they breach the home network. Once I set up white list in the router, they are blocked out.
Anybody ever tell you that you look like that British guy from Map Men? You guys look like twins, 100% doppelgangers. I'm half convinced I'm in The Truman Show and the directors underestimated my memory and cast the same actors twice.
in some chinese cheep module like CJMCU, i juste have english keyboard. Is it possible to find some script witch translate the payload wrote on english keyboard to be an payloads wrote on french keyboard?
bro you would win against a cat at a staring contest you don't blink
The Kody isn't programed to blink haha
@@SecurityFWD waiting for softpatch 6.3 XD
I enjoy your framed Sentient Hyper-Optimized Data Access Network
yet school wifi has trouble going more than 30ft from an access point
Not trying to be one of those types of posters but at 1:44 the yagi directional antenna is backwards. Its pointing away from the WiFi Duck.
Haha that is a good catch, our editor was not a wifi person
How does one protect themselves from such an attack?
I used to leave the predecessor USB Rubber Ducky around the office and the payload was to load up Rick Roll. There something satisfying to find out the evolved version wifi duck is now carrying the torch.
There's also the Digispark, a ~$1 USB Rubber Ducky that's pretty cool.
already taken control of defence satilites
why dont you just put a program onto the usb that will auto install a rat bypassing the need for a second hacker and antenna?
Is the case same if a computer is locked, let say with Win 10 installed?
The hacker would have to know the password in that case, from phishing or some other attack.
Worked in lock mode or not ?
Will the script install stuff without knowing the root password? For most linux distros and user scenarios, a root password prompt would come up and I think that'd be the biggest issue?
Depends on how the hacker goes about things, root password could be a roadblock but then you get into privilege escalation.
Next: tutorial in assembling simple wifi, and its functions and descriptions
I don't have a alpha network, can I use my own laptop WiFi to access the ducky? Please help me
Yes but the Range is Smaller
what is the model of that directional wifi antenn?
It's a Simple WiFi Yagi
where can I get that antenna ?
Would the Wi-Fi Duck still work if the victim's computer has auto-mount disabled?
I don't think so, it would need to mount like plugging in a keyboard.
your eye contact with the camera though
Would these payloads still get installed even if you had an antivirus software like Bitdefender Total Security? If it doesn't see the attack, what are we paying for?
This would still work, it's just like plugging in a keyboard. As long as the hacker doesn't install malware that's been fingerprinted by Bitdefender. Antivirus is there to protect you from install malware buy clicking a bad link and things like that.
@@SecurityFWD Thanks for your reply. Thats it! Going to take it offline unless I'm using it! 😁 Very good, clear video by the way, you make it easy even for laymen and the production is nice too. Cheers. Subbed 🙌
Where did you buy the unidirectional antena?
you can make one yourself
Buy some pringles.
i always keep the usb ports closed with laptop sleve
By the way - that sign Varonis on your backpack 0:18 in Latvian mean Hero! You are real security Hero!!! That is very nice!! :)
That's awesome! It's the name of the company that sponsor's this show.
he still don't blink guys
He isn't programmed to blink haha
Can we get the title of the CODES, book in the background please? 🙂
shit i want to know how to use this and troll my friends with rick rolling
does it have USB storage to run an exe automatically?
thats the original rubberducky basically
How does one make wifi reach 5 miles?
We have a video on the subject here: th-cam.com/video/GimqGmgFl3Q/w-d-xo.html
Where can I get the tool
thank you thinkpad.
nice thinkpads
yo u gotta update that esp8266 wifi hacker
Hey spacehuhn
Every hacker has her fixation. You hack people. I hack time.
~ Whiterose
3:34 That guy laughed LMAO
8O What script did you use to physically remove the wi-fi duck like that!!
impractical.
Duck.FishingLine()
another option could be to put a 3 or 4g mobile modem in the ducky...
I just got my ass kicked after plugging in the duck. Hopefully I get out of the hospital this week.
So this only works if 'victim' pc is linux based?
No this works on Windows, Linux, and Mac. It's just like the hacker is plugging in a keyboard.
how to combine this ?
is there a way to plug into a computer with this device via AUX instead of usb?
LOL.. are you planing to sabotage your opponents at the pioneer DJ world championship? 😃
@@donalain69 cute... was thinking of ATM machines at the bank
@@ExecutiveZone1 hmm.. now that you mention it.. your right. Seen some ATM with audio jack.. but I guess that’s only audio out for earphones..
Guess usb is still a better option if the Hardware case isn’t locked. where I live (in thailand) i see at least 3 ATMs per day with open doors or hardware parts placed next to or behind them... and usually the hardware is just a small pc tower.. with usb.
@@donalain69 worth a shot, which is why i asked ;)
@@ExecutiveZone1 well.. I guess you won’t post it on TH-cam in case it worked, so I probably will never know. But wish you good luck with it.
Fascinating. Your meaning in 'temporary access' is that the computer is left in logged in state, correct? The wifi duck doesn't immediately defeat password protection, does it?
At least now this gives a better picture of what all those movies are trying to represent when the agent plugs a USB dongle into a target's machine. Thanks!
Yes temporary access would normally mean logged in, how ever if the hacker did have the password the duck could enter it.
@@SecurityFWD Understood. Thank you!
How can you tell if someone did this to your computer?
Push "F7"
Your computer is going to start behaving abnormally, check your task manager if power shell is open without you opening it you have bee hacked.
You are the lockpicking lawyer?!
I wish haha
@@SecurityFWD You sounded similar there for a minute :)
or use the rubber ducky to inject key strokes opening a backdoor or just installing malware and running it though cmd but lol whos gonna just get up and leave their computor on and not take their stuff
that is sick!! but tho you need to portforward from attacker so you can use revere shells, or must be in same network as victim then rubber ducky is just a better tool
hacker got rick rolled 3:27 lamao
The ultimate hack haha
my wifi cant get farther than my front house. how the heck you get them a block or 5 miles away?
Higher gain antenna and WiFi cards that have higher output. Line of sight can be a huge factor too.
Every hacker talk of WiFi but no one talk about hacking pc in 4G network in public. I tried to look for open ports by getting my ip address of android phone and then USB tethering it to my PC but it was taking hell lot of time to scan. Then I exited because I am noob in hacking.
Kindly upload your PC/Laptop setup!
waiting...
Link to the podcast?
The podcast is here: securitytools.simplecast.com/
Thanks. Appreciate it.
The video is about not leaving your computer unattended
Can i use Esp8266 for this attack
i would do this on my friends just to rick roll them
You don't need any of this equipment all you need to do is know how to program a RAW program and then its like every entry is open and you turned a 300 dollar laptop into a laptop that would of costed you $50,000
Ok
How to put usb into other computer ?
Serve them coffee and wait till they use the restroom
Life in Federal Prison for all hackers.
Somehow YT thinks i am smart enough to understand this gibberish.
How to buy it
Amazing, developing tools that let you he a thief, not caring about what the damage can do to an individual. Think I'll rig a USB port to explode , like a dye pack 😀
Amazing, wishing for all to be ignorant so they can be easily tricked. I think I'll hope no one knows how this works so no one can defend against it!
if a hacker doesn't blink that means hes a good hacker
the probs is when you deal non digitalized mechanism then old school way :D
yeah that's super quick
yo imma troll my teachers with this
I pity the poor soul that bothers to hack into my computer!! 😂😂
Kann man das Programm downloaden
Or Even Worse... RickRoll Injection XD
is this similar to pwnp1?
Somewhat, this is simpler. That is more comparable to a Bash Bunny by Hak5
Hope this did not get Copyright strike.
Why would this get a copyright? lol
@@SecurityFWD No usually TH-cam remove content related to ethical hacking and stuff
I wonder what happened to the NullByte channel 🤔
Samy Kamkar did this years ago...
do 1st world people actually leave a computer unattended???
Yes just depends on the setting. Less likely at a coffee shop but very common in an office or at home.
Or I can just throw my botnet server on a usb, plug it into any “victims” pc and with 2 clicks of the mouse I now have full control over that pc anytime it’s online.
Why not install a backdoor
Sure, you can
why its smoky on 3:19
You hacking course available
You can find all of our content at hack.gay
i think wifi duck is a copy of a similar type of hardware device which is "Malduino W" made my @seytonic
The original is the usb rubber ducky by Hak5.
@@SecurityFWD yeah original is USB rubber ducky but i am talking about wireless one. Seytonic made it first.
2:57 nothing suspicious,. nothing suspicious
legends in Portuguese. it's possible ???
CAN I BE HACKED WITHOUT KNOWING??
This is like the equivalent of a hardware trojan.
Basically haha
This is your 2nd channel
Kody hosts on several channels including Hak5, Null Byte, Retia, and this one.
can i use nodemcu to wifi duck??
Yes you can!
OMG
Alternatively you could just steal the unguarded laptop..
i am hear from NULL-byte
Good to see you!
Could you repeat that? I couldn't here you!