DucKey Logger V.2 | Keylogger for USB RubberDucky
ฝัง
- เผยแพร่เมื่อ 28 พ.ย. 2021
- Hey Hackers!
The DucKey Logger is a PowerShell keylogger for the USB RubberDucky
MalwareDNA: github.com/CosmodiumCS/Malwar...
I hope you enjoyed the video. If you have any questions make sure to leave them in a comment down below. You can also contact me through my website on the "Contact and Information" page or on my discord server.
Website: cosmodiumcs.com
Instagram: / cosmodium.cs
GitHub: github.com/CosmodiumCS
Discord: / discord
Want to support CCS?:
GoFundMe: www.gofundme.com/f/CosmodiumCS
More Info: cosmodiumcs.com/support
Make sure to like and subscribe!
Happy Hacking! - วิทยาศาสตร์และเทคโนโลยี
Wow this is awesome I definitely wanna add some stuff to it!
Hey Cosmo, do u know if this can do it with other hardware like CJMCU with atmel32uC ?
Hey cosmo, love your work. Two questions. Do you have to leave it in the device? Also, how would I get the whole network keylog, not just the target machine?
Yooo!! First, nah u don’t have to leave it in. As soon as the powershell closes u can take it out👍. Second, the best way to do what ur talking about is using my new keylogger payload. It uses discord Webhooks to send keylogs in LIVE time. And it attaches the username so u kno who it’s coming from. It wouldn’t get the whole network because it isn’t necessarily how it works. But u can get multiple machines on the network and their keylogs👍
github.com/CosmodiumCS/payloads/tree/main/rubberducky/DucKeyhook
@@CosmodiumCS is there a way to get multiple keylogs via the WiFi pineapple and netcat? Maybe do a full video on that.
@@CosmodiumCS can I run the duckMinister to get the login, then continue the payload with reverse shell as "admin"?
I really wanna try this on a friend he said i bet you 20$ you cannot hack my laptop so imma prove him wrong
Great Upload thank you
seem to be having a problem i have noticed this works on a windows server 2022 but when I tried it on my machine and then a windows 10 Pro ISO it does not send emails to the account, Any suggestions?
Does this payload work with the flipper zero badusb app? or does it have to be a rubberducky that has the twin-duck firmware?
twinduck is what is was intended for, i will be updating them for other platforms down the road :)
hello cosmo, is it possible if i rename the inject.bin into other name like ijnect1.bin , inject2.bin etc..? because u stored few payloads, thanks....
@cosmodium can this be used on a windows machine, or is it just linux
It only works on windows, and not linux. You may need to watch the vid in its entirety :P
dang this is good but like could you maybe make a tutorial of how to put this on a flashdrive? and how to remove it?
It uses powershell scripts, which may or may not work already on Windows XP (service pack 3 or higher), Windows 7 and Windows 10 (or higher). Not sure if the DucKey Logger really needs the latest powershell v5 or something. @CosmodiumCS please let me know and update your github accordingly.
Also.. do you want to share in which version of DuckyScript this logger is written in? If it's v1. I think it should be able to also run from a flipper zero..
@cosmodium can you make one for the new usb rubber ducky please :)
Can we use an alternative email as Gmail account requirements are.. let's say, not in our favour.
I can plug this in a computer and in like 5 second even if i remove the key i would get the keylog in my gmail?
yes
will this still work without LSA enabled ?
Hey man, let’s say my ducky’s label is «G», will this change if i plug it in a different computer? If so, is there any way to change the label to stay the same on any computer?
Sup! The payload gets the letter of whatever drive is labeled the name of your micro sd card. That “L” is the name of the micro sd card so if i plug it in and it’s the “D” drive or “E” drive, it will still go to the microsd card👍. I have the microsd card labeled “L” so the duck has less keystrokes to inject, so the payload is quicker
@@CosmodiumCS Ah thanks, so it does not matter which letter the sd card is given by the computer at all? (If it says which letter the sd card is, in the payload)
@Myggen Nah man! Just put the name of your sd card in the payload so it knows what to look for 🤝
@@CosmodiumCS ah very good:) i made an exception for the temp folder instead of disabling the antivirus, looks like it did not work too well for you in the video. A great script which i will try tomorrow:) would you be interested in making a ducky project?
hey man one question i have an rpi pico that can run ducky scripts. does it work to?
have you figured this out?
If we’re using bad usb on a flipper zero. I would imagine the name of the micro sd card would be different on the line in p.ps1
I keep getting an error.
Windows Defender need to turn off then run script?
does the ducky need to stay plugged into the target computer?
No, u can unplug it as soon as the powershell closes. The files got move to the directories so it will run properly 👍
@@CosmodiumCS do you know the time it takes and can you alter the delay?
i have a question, does it work with pico-ducky (a rubber ducky in rasberry pi pico)
i tried it it does
Did it work correctly and the information was sent by email? @@shivenduseja8549
Great vid man, i’ve set up my ducky but now when i plug it in it runs the script but i want to change the payload but can’t see the usb in my drivers and devices…. how can i access the ducky again to change the payload?
if ur on the old ducky you need to flash twinduck, if ur using the new one you need to add an ATTACKMODE STORAGE i believe, (haven't played too much with the new ducky)
@@CosmodiumCS Thanks for the reply man! im using the new one, i tried your duckyhook logger but couldnt get it working. Still working at it. cheers
would be great if you made another version of this payload that instead of saving to a microsd, it just only sends as im a big on using my O.MG instead so i dont have the ability to save anywhere. Preferablly a webhook to discord :D
Already did ;) github.com/CosmodiumCS/payloads/tree/main/rubberducky/DucKeyhook
@@CosmodiumCS so how exactly would this work with an O.MG? It doesnt have an SD card so how would i go about putting it together?
Will you do an updated version or video for the new (late 2022) rubber ducky with ducky script 3.0?
I have a ton of plans for projects regarding the new duckyscript. But a keylogger will likely not be one of them ha!
@@CosmodiumCS Can't wait for that.. What do I need to do to port over the DuckKeyHook to a newer rubber ducky?
@@MyriadDubstep if old duckyscript is no longer compatible, then i will squeeze the time in to making a new one. But it should still work on the latest ducky. If it’s not reach out and I’ll get on it🫡
@@CosmodiumCS Ok I will mess around with it a bit.. So this is grabbing all the extra files straight from the storage of the rubber ducky? I don't need to use a CDN or anything like that on this script? The new RD has a built in HID/Storage mode so I don't think theres a need for twin duck anymore so that should just make things easier.. just making sure I don't need to upload anything online to a CDN for it to work. I'll get back in a day or so and let you konw if I've figured it out with the new RD. Thanks man.
@@CosmodiumCS I am trying to get it to work with 3.0 but I'm having trouble.. do you have a discord where I can talk to you or if you want to throw together a revised version for 3.0 I would love to dig into it and see what you did. I'm still pretty new to writing these payloads and especially with DS 3.0.
Simple question : can we use it on digiapark ; if yes how we can
No sorry, the payload was designed for the ducky. But I’m in the works of making multi compatible payloads so stay tuned👍
Hey man, would the victim ever be able to see that this is going on ? Also how do I stop it after say 2 days ? Thanks bro
You can not stop it unless you get access to the device, if you get access you can stop them by deleting them on the system or disable them to run when booting the system.
hey bro
i dont know about that is a good question , but i ask
why is the copyright from the license from 2020 ?
where can I find V3 with discord?
Here-> Log Keystrokes In LIVE Time!! | DucKeyhook USB Rubber Ducky Payload
th-cam.com/video/E0sYZLe-7fk/w-d-xo.html
Cool! Can i use this script on badusb atmega32u4???
On the wut? 😆
"see what i did there... no?..."
Hahaha!
ive only gotten into this because of internet restrictions
Anybody who is black i support them.
Hey, i tried this and after the second string in the payload it has a bunch of errors about '#' not recognized or something like that. I don't think this matters but im using a raspberry pi pico instead of a rubber ducky but i have it set up to read ducky script and it's basically the same as a rubber ducky. Only thing is didn't flash twin duck on it cause its already recognized as a storage device and hid. Help lol. Also i dont use discord so if we need futher discussion please put an email or smthn. Thx
Okay after some messing around i do think it may be because its not working as a storage device. Do you know any work around fir this? I was attempting to see if i could flash the pico with twin duck but i couldn't get any of the copy and paste commands to work off the github link you posted in your 2 min tutorial, i thought maybe the tutorial wasn't working cause i was in windows so i attempted to use vmware and run a kali Linux vm but my computer was not up to it. Help more lol. Thx
Hey im getting this error when my ducky runs powershell:
At line:1 char:272
+ ... soft/Windows/Start Menu/Programs/Startup@;cd $env:temp;echo @@>@$env: ...
+ ~
Unrecognized token in source text.
At line:1 char:273
+ ... oft/Windows/Start Menu/Programs/Startup@;cd $env:temp;echo @@>@$env:U ...
+ ~
Unrecognized token in source text.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnrecognizedToken
I tried looking at it but can't identify why this is occuring
Join the discord in the description so i or someone else can help you troubleshoot 👍