Thanks for this cool idea. I have an invention that I need some help on. I was wondering if you had any knowledge on a device that can shut down a computer using radio frequency or something similar. This has huge potential and I am looking for a capable partner. Thank you
You have a decade over me but even I , have a hard time keeping up. It helps when you are the nerdy type. That's why my friends of your age , call me for computer/technology questions.
I was born in the in 1990 on an island with no electricity until I was 4 then i moved to the United States. It's crazy I remember not even having electricity to the crazy stuff we have now and knowing the endless possibilities in the future.
Not exactly. Where I was born my mother did laundry by hand and anything in the house was about the same things that someone in the US would've had in the 1700 to 1800. We did have boats with engines and when we would go to places such as the resort my mother worked at then we would see modern things like electricity and TV and a fridge. But on the island we lived on and there were only about 6 to 7 families who had generators that would use them once a week to power tvs and people from around the village would come in to see the tv. It was strange how people walked right thru our houses like that but that was because u literally knew everyone maybe 5 to 600 people in the village total. When I turned 4 I remember the mayor coming to the island to tell everyone the electricity was going to be turned on but only on Saturday from 12 to 2 that's it lol.
I actually bought one of these about two years ago, for this exact purpose. Altough I made mine with a rick-roll script, just so that I could have it on my keychain and plug it in to public PC's :)
please help me to hack this account . because someone using sexual harrastment. this account please help me to hack this account . because someone using sexual harrastment.
I needed to do a security presentation and I handed the lead a bad USB they plugged into their laptop, which changed the background to a Star Wars Sith. Made a great impact and made people laugh. That's when I pointed out the risks in plugging in random USB devices.
They're so cute. Update: just made one, thing rocks, so cute works great, no issues, there are never no issues for me! Your 3d case looks nice as well :)
Thanks Heath, one project to look into. Let's test out employees, to see who will bite and plug in some USB from the parking lot. The script can be modified to send also the computer user's name and workstation's, I assume. Just adding the corresponding PowerShell cmdlet and modify the string sent to webhook. This is going to be epic. Thanks a lot!
@@viciousmagician4567 What's dumb about it? Would you rather discover your staff have plugged in a random USB when your system gets infected with ransomware? I honestly don't get it - he's writing the code and leaving it, if an employee is doing that sort of thing it's going to happen regardless of whether it was your USB. Atleast this say it isn't malicious
This is dependent upon PowerShell not being disabled through group policy. If be willing that most companies with dedicated IT staff do not allow PowerShell to run on user machines.
Works great, had to modify a few things, if I opened the smallest cmd window, the output was not formatting nicely, but all good. Also took for ever to figure out where that %temp% dir was... fun to play with. Amazing what you can get for 5 bucks. thanks for the video, very simply put / explained. Made it easy.
@@0xkoko449 I haven't played with this in a while and honestly I don't recall any info about the %temp% directory... or where it is... just keep looking you will find it.. :)
I sure am glad you put a link to the ATtiny85 because the CC kept putting 80 tiny 85 since that is what it sounded like you were saying. I will say, you have the best documentation of anyone I have seen on TH-cam. I expect that from watching your video on why someone shouldn't be a Pen Tester. Bravo! Documentation is key to being an ethical hacker (after permission of course). Besides, if you don't document the findings, how would you prove there is a vulnerability.
Just bought a 5 pack! Still less than $20 at the moment. I have a ton of Hak5 tools, but if I can play around with Arduino + create something cool I'm down!
i have one of these. unfortunately if i steal the wifi password at work they will find out if a new device connects to it and hunt them down. someone setup their own router at work and got fired the next day.
That seems to be the cheapest and easiest method for keyboard data stuffing now. We will be authenticating keyboards soon, I bet. I’m surprised it hasn’t happened already.
yup, and this is why I use MAC authentication. It may be a pain to get every mac on the network but definitely fun when you hear stories of previous guess trying to get on your wifi and failing because you removed them when they left.
It won't help. I think that command also logs the MAC. So someone just has to set that MAC on his network device. But still a good idea to restrict access via MAC
This video was exactly what I was looking for dude. Thank you so much for posting this priceless information. I’ll be setting my attiny85 up as soon as they are delivered.
There is a simpler way. Get yourself a 2GB USB & use a compiled(exe) python script to get all the WiFi password stored on the PC and save it to a txt file in an cryptographic encryption where you are the only person with the key to decrypt it. You have to plug the USB and run the script manually but it is much faster, gets done in around 3 to 5 seconds.
Don't get too excited. Doesn't connect remotely. You need unsupervised access to the running target PC, to physically plug it in and retrieve it. Maybe wait 20 secs while it works. Though I suppose at that price you could just abandon it. And modern Windows may still block it. I know nothing other than having watched this video closely. Having been surprised at the clickbait title. Tiny Arduino thingies look fun, though. So it wont really help you to parasitise your neighbours wifi. Main no (low?) criminality use. For backup when yours goes down. BTfon was best, but they broke their word, and killed it.
Man you are the best . I bought your practical hacking course . It is the best hacking course i had done in my life . Hey a quick request can you make a video how to make a omg cable using one of these .???
I remember learning about this!! I learned how to pull up the command prompt and do this manually... I'm sure this can be done without the "rubber ducky" but hey it's still dope
you mean netsh wlan show profile? if only u can use someone's laptop/pc. but with this thing i guess u don't need to unlock someone's /laptop/pc you just have to turn in on and plug it in.
Awesome to see you are getting into hardware as well! I just order a rubber ducky, before your video came out, but I was reading that this kind of "attacks" are not an issue anymore since windows defender catch them regularly, any input on it?
As far as i know (i might be wrong) . Windows 10 update I cant remember the correct number made it impossible, unless windows defender is disabled, then you're free to go.
These are recognized as a USB keyboard when plugged in. WinDef doesn't see that as a threat. Now, if the PC is set up with high level admin privs (which most don't) to require an admin password even for plugging in a new USB mouse/keyboard, then this wont work. Other than that, theres no stopping it.
I guess we have to send our thanks to Microsoft yet again for making it so easy to get all sensitive data from our PC with just few lines of Powershell script. Who needs complicated trojans/keyloggers that get discovered by our antivirus, while you can simply just use what Microsoft gives you on silver plate. Anyone knows if we can get logged in username and password as easy as that? I wouldn't be surprised if any of these big brains from MS came up with that idea as well.
thats possible as well, just a little more complicated. First you need to imitate a ethernet cable instead of an HID device like shown in the video, capture transferred password hashes, crack them, switch to HID mode and type in the username and password. Of course this is a little simplified and some steps are more complex like the hash cracking but it is doable
Its the first time ive seen any of your vids and ive decided i dont know you for shit so im not going to hate you but i will stand back and watch you every chance i get.
Man you can learn and achiev within short time as long as you have motivation and desire to learn Get it skill like A+ ccna or n+ Linux and go ahead like that pick some programming language like python bash and power shell hit the road and start researching how you can join to this industry
What a great project!! I'll definately be giving that a go. I am correct in saying this will only run if I connect it to windows systems or if I search will I also find a linux variant?
He said that was to prevent the commands overwriting each other which would cause them to fail. I'm sure you could definitely tune them down to be even more precise though to accomplish exactly what you're saying.
LOL! (Alice in Wonderland) One of my oldest Avatars was "Matt Hatter". ;) We studied both books (Through the Looking Glass) in my undergraduate law classes. Nice Ink!
I love your videos. Any advice for a new creator on publishing offensive security related tutorials without getting them pulled down? My intentions are good, I simply want to provide educational and informative content about offensive security, like you do. One of my recent videos was pulled down, it was a android hacking tutorial. Any advice would be greatly appreciated. Thanks!
Great videos sir, I am so thankful to you not only for teaching us technical topics but also teaching us with the way of life. Great vedios God bless you
Great video! OK, you got me thinking but I'm working on too many projects right now to try it now but what if... Invoke one web request to get the payload code then a second web request to save/rename the file then execute it? Maybe too noisy that way. Just a thought.
The only problem with this approach or hardware is that once you have flashed the payload and you want to edit it, it will start running payload as soon as you insert the device. So editing the payload becomes difficult.
I was just about to ask: How do you change the payload on this type of USB without running the attack on yourself. There's no button on it to go into programming mode.
I got the answer!!! you need to put the new script on arduino IDE and then verify and upload it. After that timer shows, just plug in the chip. Here the trick is that you don't plug in the chip before.
@@epicsmoke8597 Wait seriously, that's all it takes? Why would it not execute its pre-existing payload (the one you're trying to replace) if the IDE is running?
Interesting video love watching cyber video's as a Cisco Network guy (CCNP) It's very helpful side note Is that a Bombardier T-Shit? Cool! I was a Bombardier at one time in The Royal Regiment of Artillery (British Army) left as a Sergeant
If I am understanding correctly, this simply reads the password then on the target PC since the USB is treated as a trusted device? It is not effectively brute forcing the password? So a 64 character password would be cracked in as much time as a 8 character one correct?
Correct - however the USB doesn’t even need to be seen as a trusted device. The USB essentially just types a powershell command in which the computer sees as just a normal user typing the powershell command in (you can try just using the command yourself) and copies whatever it gets back over to the the webpage as a post request
What a good video, thank you so much. One question for you what kind of 3d printer did you purchase ? I been window shopping them and was curious. and again thank you for the video.
Dear Mr. Mentor, I really enjoy your tutorials. But if you could, maybe get a better mic., or eq some of the mids out, you come across very "clicky" and too bright. Just a friendly suggestion 😐
Have you seen any errors with reuploading after you uploaded the first script because mine is failing to upload changes but keeps running the uploaded script ... And Great video ... Thanks
You still can. You can learn so much from just browsing forums & videos. You don't need to go on a course. I am a dyslexic adhder, if I can learn these basics, I'm sure for sure you can
Nice Video. BUT the Code as it is, works just for english users. If you are from another country you have to change your keyboard layout first (you can do that automated with windows shell befor you launch the attack). I also had to change a couple of lines where it says "Wi-Fi". In German the XML-Files start with "WLAN", so it couldnt find any file. After that it worked fine to me, thanks for uploading!
Kurze Frage, hat Windows bei dir den Digispark ATtiny85 direkt erkannt? Mir sagt Windows 10 nach zwei Sekunden immer das er den USB Diskriptor nicht erkennt und wirft das Gerät raus. EDIT: Nevermind, ich habe einen anderen USB Port benutzt und es hat funktioniert, seltsam, aber soll mir recht sein.
@@horatiumarasescu6187 Just search "attiny85" in your amazon store. U cand find them in aliexpress too, there are plenty of bundles, options and all of them are pretty cheap!
Every USB device has a controller on the board - telling the PC its connected to what it is. This allows the computer to know which permissions a device should have. For USB Flash Drives, the device would tell the PC that its a storage device - that way the PC knows to assign it a drive letter (if you're on Windows) or be able to mount it (if you're on Mac/Linux) as well as make the device appear as a folder to you - the user. Mice and keyboards however are programmed to be a Human Interface Device - so the computer gives them permissions to move the on-screen mouse or make keyboard inputs. This ATtiny has an HID controller, so an unsuspecting device would assume that its yet another keyboard and not raise any suspicion when the ATtiny starts making the computer write out lines of code.
I was thinking this was going to be a promiscuous mode snooping type device. One that spoofs, de-auths, and then grabs the details, but this is a physical device. It is very limited in what it can do. You need an unlocked machine that has minimal to non-existent security profiles. Fun to show your friends, but still enough to get you in plenty of trouble if you don't have your get out of jail free card (authorization).
This seems to not work at all on my windows 11 laptop, I plug it in and nothing at all happens. Also does not work on my girlfriends laptop. We both have an Acer Nitro 5. The weird thing is it seems to work fine on my desktop when I have wifi enabled? Does anyone have any ideas? EDIT- I just realized the laptop case will not allow the attiny85 to plug into the USB port all the way...works fine with an adapter though
This works great but I had a small problem, right after the code was uploaded it started itself. I'm totally cool with it doing that for the wifi passwords but if I want to use another code I'd rather it not immediately backfire. Any suggestions?
I'm sorry to say but if you don't want to back fire you. You need to restart pico to manufacture setting by holding button and connect to PC that's only way to not to back fire you ( i know)
Hi can you please make videos of hak5 Lan Turtle, bash bunny and other tools? Hak5 videos are available but they have other gibberish and non sense talk which doesn't let you focus on the functionality. I have watched their videos multiple times but couldn't really understand the use of their tools. I request you to explain hak5 tools in your videos. Thanks.
I have a unique question with these ATtiny85 boards. I want to run the code I have on them but once that code is executed I want to run a code that wipes the ATtiny85 as the very last thing it does. I have tried looking online but everyone says the same thing and it does not work the way I am trying to get it to. Any help/input would be appreciated!
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
The product on amazon is not availbe
??
❤️🔥
Why can't I open these links
Thanks for this cool idea. I have an invention that I need some help on. I was wondering if you had any knowledge on a device that can shut down a computer using radio frequency or something similar. This has huge potential and I am looking for a capable partner. Thank you
I am 64 years old and all this technology is mind boggling. Now I know how my father felt when he was my age. Thank you for posting. Amazing.
You have a decade over me but even I , have a hard time keeping up. It helps when you are the nerdy type. That's why my friends of your age , call me for computer/technology questions.
I was born in the in 1990 on an island with no electricity until I was 4 then i moved to the United States. It's crazy I remember not even having electricity to the crazy stuff we have now and knowing the endless possibilities in the future.
Not exactly. Where I was born my mother did laundry by hand and anything in the house was about the same things that someone in the US would've had in the 1700 to 1800. We did have boats with engines and when we would go to places such as the resort my mother worked at then we would see modern things like electricity and TV and a fridge. But on the island we lived on and there were only about 6 to 7 families who had generators that would use them once a week to power tvs and people from around the village would come in to see the tv. It was strange how people walked right thru our houses like that but that was because u literally knew everyone maybe 5 to 600 people in the village total. When I turned 4 I remember the mayor coming to the island to tell everyone the electricity was going to be turned on but only on Saturday from 12 to 2 that's it lol.
Shoot I’m 31 and I’m not surprised by any of these technologies. I’m more impressed that Artificial intelligence hasn’t destroyed the world yet
64 years old? That’s a whole stack of diamonds.
I actually bought one of these about two years ago, for this exact purpose.
Altough I made mine with a rick-roll script, just so that I could have it on my keychain and plug it in to public PC's :)
does that rick-roll script convert normal usb to rubber ducky??, if yes , is that script available on github??
@@suryadev4968 What do you mean by "convert"?
@@L4marca he wants to use a usb drive to be a “covert” but cheaper rubber ducky
Lmafao
please help me to hack this account . because someone using sexual harrastment.
this account please help me to hack this account . because someone using sexual harrastment.
I remember using it to change everyone's desktop wallpaper to sausages in the lab, lol
I wish I could learn more about this...
Can you please suggest me any article or something.... 🙏
@@impyy3521 thanks man 🙏🙏
I needed to do a security presentation and I handed the lead a bad USB they plugged into their laptop, which changed the background to a Star Wars Sith. Made a great impact and made people laugh. That's when I pointed out the risks in plugging in random USB devices.
@@fanuchman è na robba
Relatable
It's people like you who keep me interested in programming. Thanks G
Was just about to buy those and needed a review since I was a little skeptic on the price. Your timing is perfect 🔥
th-cam.com/video/MYlIi2Zn-JE/w-d-xo.html
Nice profile pic
They're so cute.
Update: just made one, thing rocks, so cute works great, no issues, there are never no issues for me!
Your 3d case looks nice as well :)
Thanks Heath, one project to look into.
Let's test out employees, to see who will bite and plug in some USB from the parking lot.
The script can be modified to send also the computer user's name and workstation's, I assume.
Just adding the corresponding PowerShell cmdlet and modify the string sent to webhook.
This is going to be epic.
Thanks a lot!
What a dumb ass thought to have
Label it "private collection"
How'd you go with this?
@@viciousmagician4567 What's dumb about it? Would you rather discover your staff have plugged in a random USB when your system gets infected with ransomware? I honestly don't get it - he's writing the code and leaving it, if an employee is doing that sort of thing it's going to happen regardless of whether it was your USB. Atleast this say it isn't malicious
This is dependent upon PowerShell not being disabled through group policy. If be willing that most companies with dedicated IT staff do not allow PowerShell to run on user machines.
What is really amazing is the bad security of Windows.
Works great, had to modify a few things, if I opened the smallest cmd window, the output was not formatting nicely, but all good. Also took for ever to figure out where that %temp% dir was... fun to play with. Amazing what you can get for 5 bucks. thanks for the video, very simply put / explained. Made it easy.
What %temp% dir???
Trying for weeks to make it work and I just can’t find where all the user/password goes???
Driving me crazy
@@0xkoko449 I haven't played with this in a while and honestly I don't recall any info about the %temp% directory... or where it is... just keep looking you will find it.. :)
I sure am glad you put a link to the ATtiny85 because the CC kept putting 80 tiny 85 since that is what it sounded like you were saying. I will say, you have the best documentation of anyone I have seen on TH-cam. I expect that from watching your video on why someone shouldn't be a Pen Tester. Bravo! Documentation is key to being an ethical hacker (after permission of course). Besides, if you don't document the findings, how would you prove there is a vulnerability.
Your video just gave me the confidence to try this out. Always been nervous about ducky stuff because it wasn't explained well. Thank you
Just bought a 5 pack! Still less than $20 at the moment. I have a ton of Hak5 tools, but if I can play around with Arduino + create something cool I'm down!
Recommend some tools please
The savior of my stimmy. Thank you. I'm definitely giving this a go.
i have one of these.
unfortunately if i steal the wifi password at work they will find out if a new device connects to it and hunt them down.
someone setup their own router at work and got fired the next day.
"I recommend you do this for your own. Don't use mine, cos what if I'm watching you...?" 👀😱 Lol
That seems to be the cheapest and easiest method for keyboard data stuffing now. We will be authenticating keyboards soon, I bet. I’m surprised it hasn’t happened already.
yup, and this is why I use MAC authentication. It may be a pain to get every mac on the network but definitely fun when you hear stories of previous guess trying to get on your wifi and failing because you removed them when they left.
It won't help. I think that command also logs the MAC. So someone just has to set that MAC on his network device. But still a good idea to restrict access via MAC
This video was exactly what I was looking for dude. Thank you so much for posting this priceless information. I’ll be setting my attiny85 up as soon as they are delivered.
Once again thanks so much, Heath. I really appreciate all the hard work you put in to helping mentor others.
I am a beginner so I love these cheaper smaller projects thank you
There is a simpler way.
Get yourself a 2GB USB & use a compiled(exe)
python script to get all the WiFi password stored on the PC and save it to a txt file in an cryptographic encryption where you are the only person with the key to decrypt it.
You have to plug the USB and run the script manually but it is much faster, gets done in around 3 to 5 seconds.
Ah that one time I was thinking about how much I want them to be obedient to my ducky.
Imagine buying one of these. You plug it in and it steals your password because it was preprogrammed :D
😭😭😭
Thank you Windows for saving our WiFi passwords in plain text. Why not have an option to view and email them to the entire internet ? -_-
Don't get too excited.
Doesn't connect remotely.
You need unsupervised access to the running target PC, to physically plug it in and retrieve it.
Maybe wait 20 secs while it works.
Though I suppose at that price you could just abandon it.
And modern Windows may still block it.
I know nothing other than having watched this video closely.
Having been surprised at the clickbait title.
Tiny Arduino thingies look fun, though.
So it wont really help you to parasitise your neighbours wifi.
Main no (low?) criminality use. For backup when yours goes down.
BTfon was best, but they broke their word, and killed it.
Man you are the best .
I bought your practical hacking course . It is the best hacking course i had done in my life . Hey a quick request can you make a video how to make a omg cable using one of these .???
Cool you used to color your hair! Mines neon green. My wife’s is pink though. Love the sleeve!
I'm thinking I should have other keystrokes saved for it to do, like a 20 minute delay, then open up a Rick Roll.
I remember learning about this!! I learned how to pull up the command prompt and do this manually... I'm sure this can be done without the "rubber ducky" but hey it's still dope
you mean netsh wlan show profile? if only u can use someone's laptop/pc. but with this thing i guess u don't need to unlock someone's /laptop/pc you just have to turn in on and plug it in.
Awesome to see you are getting into hardware as well!
I just order a rubber ducky, before your video came out, but I was reading that this kind of "attacks" are not an issue anymore since windows defender catch them regularly, any input on it?
There are different ways to bypass windows defender
As far as i know (i might be wrong) . Windows 10 update I cant remember the correct number made it impossible, unless windows defender is disabled, then you're free to go.
These are recognized as a USB keyboard when plugged in. WinDef doesn't see that as a threat. Now, if the PC is set up with high level admin privs (which most don't) to require an admin password even for plugging in a new USB mouse/keyboard, then this wont work. Other than that, theres no stopping it.
@@iyeetpaste3797 You can disable the ability to run either powershell or cmd.exe in windows quite easily. That would stop it dead.
Think Grey. Simplicity will always triumph over latest greatest.
Definitely don't hate you, freaking love your content! Thanks!!!
I guess we have to send our thanks to Microsoft yet again for making it so easy to get all sensitive data from our PC with just few lines of Powershell script.
Who needs complicated trojans/keyloggers that get discovered by our antivirus, while you can simply just use what Microsoft gives you on silver plate.
Anyone knows if we can get logged in username and password as easy as that? I wouldn't be surprised if any of these big brains from MS came up with that idea as well.
thats possible as well, just a little more complicated. First you need to imitate a ethernet cable instead of an HID device like shown in the video, capture transferred password hashes, crack them, switch to HID mode and type in the username and password. Of course this is a little simplified and some steps are more complex like the hash cracking but it is doable
Need the Alice In Wonderland video, tell us why you like it what's the backstory, what interests you...
Thanks
I am also not able to buy hak5 rubber ducky
Thanks for that solution
Appreciate your work for who can't afford the things for pentesting
Its the first time ive seen any of your vids and ive decided i dont know you for shit so im not going to hate you but i will stand back and watch you every chance i get.
Happy new month bro, I love your channel.
I want to learn Ethical hacking fast.
You can't learn ethical hacking fast because it needs time and patience and lot of effort
Man you can learn and achiev within short time as long as you have motivation and desire to learn
Get it skill like A+ ccna or n+ Linux and go ahead like that pick some programming language like python bash and power shell hit the road and start researching how you can join to this industry
Fast is not a option, but just do your thing. If there is a will, there is a way!
;)
I will take my time to learn it.
@@abdiwahidahmed6826 thanks man
This really does show how unsecure parts of Windows are.
i learned something new. how could anyone not like this vid. liked and subscribed
What a great project!! I'll definately be giving that a go. I am correct in saying this will only run if I connect it to windows systems or if I search will I also find a linux variant?
6 months late but for anyone else, there's GitHub repos with payloads for mac and Linux too
So how do you protect your WiFi passwords.
It's more insane that , you can even reduce this 20 second... Just reduce the delays in program
He said that was to prevent the commands overwriting each other which would cause them to fail. I'm sure you could definitely tune them down to be even more precise though to accomplish exactly what you're saying.
@@DementiaAcerbus yeah brother...
And that is insane.. 🔥
Love your videos, please don't stop making them
LOL! (Alice in Wonderland) One of my oldest Avatars was "Matt Hatter". ;) We studied both books (Through the Looking Glass) in my undergraduate law classes. Nice Ink!
great demo better than Hak5 ones. i hope YT does not take down due to the wiered reasons
I love your videos. Any advice for a new creator on publishing offensive security related tutorials without getting them pulled down? My intentions are good, I simply want to provide educational and informative content about offensive security, like you do. One of my recent videos was pulled down, it was a android hacking tutorial. Any advice would be greatly appreciated. Thanks!
Great videos sir, I am so thankful to you not only for teaching us technical topics but also teaching us with the way of life.
Great vedios God bless you
th-cam.com/video/MYlIi2Zn-JE/w-d-xo.html
So the requirement is physically insert the device. Why is this not made clear from the start?
Amazing video this was so informative and satisfying for any ethnic hacker
Ethnic Hacker? What's that?
What does ethnicity have to do with it?
Ethical hacker? 🤨
Did anyone run into an issue where, to choose a port number wasn't an option?
I have the same issue, were you able to solve it?
@@yamman4480 did u find solution
Great video Adams, love From india🇮🇳 ❤️
❤️❤️😁😁
Me too
Damn i wanted to use this on my family’s router to get the wifi password
Great video! OK, you got me thinking but I'm working on too many projects right now to try it now but what if... Invoke one web request to get the payload code then a second web request to save/rename the file then execute it? Maybe too noisy that way. Just a thought.
The only problem with this approach or hardware is that once you have flashed the payload and you want to edit it, it will start running payload as soon as you insert the device. So editing the payload becomes difficult.
I was just about to ask: How do you change the payload on this type of USB without running the attack on yourself. There's no button on it to go into programming mode.
i have the same question...
can someone answer that?
I got the answer!!! you need to put the new script on arduino IDE and then verify and upload it. After that timer shows, just plug in the chip. Here the trick is that you don't plug in the chip before.
@@epicsmoke8597 Wait seriously, that's all it takes? Why would it not execute its pre-existing payload (the one you're trying to replace) if the IDE is running?
Hope this question isn't to dumb, will this be able to get my pass word if I forgot mine? Also on apps that passwords are forgotten?
And if you don't know then now you know.
- Notorious B.I.G.
Interesting video love watching cyber video's as a Cisco Network guy (CCNP) It's very helpful
side note Is that a Bombardier T-Shit? Cool! I was a Bombardier at one time in The Royal Regiment of Artillery (British Army) left as a Sergeant
Okay, so how do we protect ourselves?
If I am understanding correctly, this simply reads the password then on the target PC since the USB is treated as a trusted device? It is not effectively brute forcing the password?
So a 64 character password would be cracked in as much time as a 8 character one correct?
Correct - however the USB doesn’t even need to be seen as a trusted device. The USB essentially just types a powershell command in which the computer sees as just a normal user typing the powershell command in (you can try just using the command yourself) and copies whatever it gets back over to the the webpage as a post request
@@SensoryPlayToys Thanks for the clarification. Crazy.
What a good video, thank you so much. One question for you what kind of 3d printer did you purchase ? I been window shopping them and was curious. and again thank you for the video.
Since they got rid of the dislike counter, I guess I'll have to watch the whole thing.
Haha..no one can hate you ..we all love you loads ❤️🤟🏻
absolutely true
your*
Dear Mr. Mentor, I really enjoy your tutorials. But if you could, maybe get a better mic., or eq some of the mids out, you come across very "clicky" and too bright. Just a friendly suggestion 😐
Very true. It's an older video. Hopefully the newer stuff sounds better!
Does this only work on an antinny 85?
I want a video on how to make that lamp now
This is how a simple lamp can make you a criminal 😂
Have you seen any errors with reuploading after you uploaded the first script because mine is failing to upload changes but keeps running the uploaded script ...
And Great video ...
Thanks
Many people mention this issue
Pink haired pirate.
I dig
Man I wish I would have gotten into tech
You still can. You can learn so much from just browsing forums & videos. You don't need to go on a course. I am a dyslexic adhder, if I can learn these basics, I'm sure for sure you can
Would it be possible to replace the webhook with a discord one for security reasons
Nice Video.
BUT the Code as it is, works just for english users. If you are from another country you have to change your keyboard layout first (you can do that automated with windows shell befor you launch the attack). I also had to change a couple of lines where it says "Wi-Fi". In German the XML-Files start with "WLAN", so it couldnt find any file.
After that it worked fine to me, thanks for uploading!
Kurze Frage, hat Windows bei dir den Digispark ATtiny85 direkt erkannt? Mir sagt Windows 10 nach zwei Sekunden immer das er den USB Diskriptor nicht erkennt und wirft das Gerät raus.
EDIT: Nevermind, ich habe einen anderen USB Port benutzt und es hat funktioniert, seltsam, aber soll mir recht sein.
@@draco5991rep Technik die begeistert 😂
2:19 Correction: "I did modify the code an (AT)tiny bit"
@2$ my whole apartment complex could be hacked in just a few days
I just checked Amazon Spain (Im Spanish), 10€ a 3-pack, pretty cheap, just ordered that pack. One love!
Care to share a link? Gracias
@@horatiumarasescu6187 Just search "attiny85" in your amazon store. U cand find them in aliexpress too, there are plenty of bundles, options and all of them are pretty cheap!
Why can't we use a normal USB instead of an ATtiny85 5-pack?
I am new to cybersecurity so plz don't be mad at my question.
Plz HELP
Every USB device has a controller on the board - telling the PC its connected to what it is. This allows the computer to know which permissions a device should have. For USB Flash Drives, the device would tell the PC that its a storage device - that way the PC knows to assign it a drive letter (if you're on Windows) or be able to mount it (if you're on Mac/Linux) as well as make the device appear as a folder to you - the user. Mice and keyboards however are programmed to be a Human Interface Device - so the computer gives them permissions to move the on-screen mouse or make keyboard inputs. This ATtiny has an HID controller, so an unsuspecting device would assume that its yet another keyboard and not raise any suspicion when the ATtiny starts making the computer write out lines of code.
How to reset it because when we try to change its payload it will automatically run the script on our pc.
Any idea how to avoid it.
That little device needs to be plugged in the PC with already connected WIFI ?
I was thinking this was going to be a promiscuous mode snooping type device. One that spoofs, de-auths, and then grabs the details, but this is a physical device.
It is very limited in what it can do. You need an unlocked machine that has minimal to non-existent security profiles.
Fun to show your friends, but still enough to get you in plenty of trouble if you don't have your get out of jail free card (authorization).
Any info on where you can purchase the 3D printed cases? Thanks! :)
Can you use a flash drive instead
Do you have to solder anything? Never did anything like this before. Kinda cool. Thanks.
nope, just plug and play,
Do you have to have an existing internet connection?
Windows needs to have a security feature that will not allow a usb to execute its processes without a code you received 1 time and 1 time only
This seems to not work at all on my windows 11 laptop, I plug it in and nothing at all happens. Also does not work on my girlfriends laptop. We both have an Acer Nitro 5. The weird thing is it seems to work fine on my desktop when I have wifi enabled? Does anyone have any ideas?
EDIT- I just realized the laptop case will not allow the attiny85 to plug into the USB port all the way...works fine with an adapter though
Do you have to the install the drivers on the target pc?
Off topic: how comfy is that secret labs chair for prolonged use?
Theyre fabulous. I have 2
Can u hack someone WiFi on ur own Laptop or does it need to be someone elses?
the digispark is sold out and not producing anymore until they find a new manufacturer, any alternative recommendations?
Yeah go get a Arduino Pro Micro
Wow this can really show that wifi protection should step up....... :( Thanks for this info.
Love those tattoos, bro
On the budget to steal WiFi passwords in seconds... That sounds so weird...
I tried it a couple of times. It didn't work for me
This works great but I had a small problem, right after the code was uploaded it started itself. I'm totally cool with it doing that for the wifi passwords but if I want to use another code I'd rather it not immediately backfire. Any suggestions?
I'm sorry to say but if you don't want to back fire you. You need to restart pico to manufacture setting by holding button and connect to PC that's only way to not to back fire you ( i know)
Digispark library doesn’t work anymore
add a small switch to it and you can store and use multiple payloads with a flick of a switch :)
Never plug anything you find into anything you own
Hi can you please make videos of hak5 Lan Turtle, bash bunny and other tools? Hak5 videos are available but they have other gibberish and non sense talk which doesn't let you focus on the functionality. I have watched their videos multiple times but couldn't really understand the use of their tools. I request you to explain hak5 tools in your videos. Thanks.
Can I make it using normal usb
I mean can I creating rubber chuky using my normal pendrive
Imagine pluging it in the teachers pc 😏
I think something like this may have happened to me when I left the classroom. How can I prevent this?
I have a unique question with these ATtiny85 boards. I want to run the code I have on them but once that code is executed I want to run a code that wipes the ATtiny85 as the very last thing it does. I have tried looking online but everyone says the same thing and it does not work the way I am trying to get it to. Any help/input would be appreciated!
Sir I'm having a problem purchasing the ATtiny85 5-pack because the delivery isn't available in my region (PAKISTAN) Is there any other way out?