Coder Social home page Coder Social logo

vaginessa / ducky_reaper Goto Github PK

View Code? Open in Web Editor NEW

This project forked from jonnybanana/ducky_reaper

1.0 0.0 0.0 206 KB

Collection of Multi-platform Scripts for Rubber Ducky that exploit the css webkit filter attack to crash Internet Explorer, Edge or Safari, crashing the target machine Compatibility: Windows - MacOs - Linux (Ubuntu)

Home Page: https://jonnybanana.github.io/safari-ie-reaper.github.io/

License: GNU General Public License v3.0

Batchfile 86.96% Visual Basic 13.04%

ducky_reaper's Introduction

DUCKY_REAPER

Collection of Multi-platform Scripts for Rubber Ducky that exploit the css webkit filter attack
to crash Internet Explorer, Edge or Safari, crashing the target machine.
Compatibility: Windows - MacOs - Linux (Ubuntu)


Alt text


For this script I used the page I had previously created to test the attack.


You can view the original repo here:


https://github.com/JonnyBanana/safari-ie-reaper.github.io


The Css WebKitFilterTestAttack Page is Here: (Try at your Risk!!!!!!!)


https://jonnybanana.github.io/safari-ie-reaper.github.io/


It is sufficient to open the page with one of these browsers: Internet Explorer, Edge, Safari (and others that I have probably not tested yet, it does not work with Opera, Mozilla and Chrome) to crash the browser and then the victim machine.


Video testing the exploit on an iPhone:
(I advise you not to do it on an iPhone, because it can seriously damage the
hardware and you have to do a wipe reset with the Tunes to restore the phone!)


Safari-IE-Reaper


I created three scripts altogether:
Two for Windows, and a multiplatform that works on both MacOs and Windows and Linux
(although I don't know with which browser, but some users say that on Ubuntu it works!)


WINDOWS


I created two scripts for windows (v1 and v2), both are compatible
with all systems from Windows Xp up (XP, VISTA, 7, 8, 10)

V1


Requirements


-none

How it works?


The script is a One-Liner and does nothing but call the html page with the exploit crashing the system ...

V2


Requirements


-Twin Duck Firmware

-Rubber Ducky Must be Named "_"

-Killer.vbs & .bat

-Launcher.vbs & .bat

-Quack_Control_NEW.vbs & .bat

-Quack_Control_OLD.vbs & .bat


How it works?


ATTENTION THIS SCRIPT CAN SERIOUSLY DAMAGE THE PC VICTIM !!! TRY ONLY IN VIRTUAL BOX .....

The script is a One-Liner but it is much more complex than the previous script,
as it uses a series of .vbs and .bat files to create persistence in the victim machine.


The script requires the Twin Duck Firmware to be executed, if you want to try it put
all the files contained in the "v2" folder in the root of the Rubber Ducky.


The script copies a .bat file to the startup folder (depending on the system it can change but the script detects the folder location and copies the script by hiding it). It also creates tasks (via schtask), one of which opens the html page that contains the exploit every minute, making it impossible to use, and the other listens once a day, checking if the script file is still in the startup folder, if it is not, it copies a copy (making the removal of the virus a real sick ...)


Alt text


I currently don't have this script, because I don't have a free vb that I can destroy ...
If someone tests it, they are asked to open an issue or a pull request, tnx.


MAC_OS


In the MAC_OS folder there is a special script for MAC, but actually using a little trick
(taken from the book USB Rubber Ducky: a guide to keystroke injection attacks by Darren Kitchen)


the script can be multiplatform:
On Linux I do not know the Browser with which it works (to be tested)
On Windows it works as long as the default browser is IE or Edge (or Safari, for some absurd reason ...)


ducky_reaper's People

Contributors

jonnybanana avatar

Stargazers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.