Install OwnCloud and Cracking Passwords with a Rubber Ducky


Install OwnCloud and Cracking Passwords with a Rubber Ducky

Cracking Windows passwords in 15 seconds or less with a special USB Rubber Ducky firmware and mimikatz. Build your own Dropbox alternative for free with OwnCloud - Shannon's Installation and Configuration guide. Then Darren borrows a page from Mubix with a Ducky Script to dump Windows memory for password cracking without getting caught by Anti-Virus. All that and more, this time on Hak5!

Cracking Windows Passwords in 15 seconds or less with a USB Rubber Ducky
This USB Rubber Ducky payload by RedMeatUK
is wicked. Using Gentilkiwi's">Mimikatz, this duckyscript is able to grab the plaintext password of the logged on user from a target Windows box running anything between XP and Windows 8 - 32 or 64 bit.

I decided to give it a go and make a modified version which uses the Ducky-Decode community firmware to grab the plaintext password from our target machine and save it to the SD card on the duck.

The Twin Duck firmware is nothing short of amazing. It makes the USB Rubber Ducky show up as both a HID Keyboard and Mass Storage - just like a regular USB drive. There are a few limitations, but nothing that hinders this payload. Specifically the Twin Duck is only capable of executing payloads of 2048 keystrokes (4K inject.bin files). It also only supports a transfer speed of about 150 KB/s - which is about 9 megabytes per minute. That said it is a fantastic firmware perfect for this situation.

Taking the Windows Password Recovery Ducky Script a little further I was inspired by Mubix's blog on about using Microsoft's Sysinternals tool ProcDump to grab the memory from lsass.exe for later password extraction goodness with mimikatz. This is beautiful because Microsoft's own tool is used to recover the Windows password - so there's little chance of it setting off any Anti-Virus alarm bells. Grab the USB Rubber Ducky Payload here.

Looking forward I figured this would be a great opportunity to use Matt Graeber's awesome PowerSploit in order to dump process memory even quicker. Low and behold b00stfr3ak took this on with a Ducky lsass dumper written in Ruby. Using it you're able to pull off a lsass memory dump without the need for mass storage -- it'll transfer the file right over the network and even sets up the listener for you. Awesome stuff all around!

How to Install OwnCloud in Ubuntu Server 12.04
OwnCloud is a dropbox alternative that is open source and available for multiple platforms. Today, I am installing OwnCloud and setting it up on my Linux Ubuntu 12.04 server in a VM. There are steps online, but they are a bit outdated, so we want to start by going to <> and using the terminal steps to download and install OwnCloud. This takes a little while so I've already pre-installed it. Once it's installed you can go to your browser and surf to your ifconfig IP address from the server. This should open the OwnCloud GUI. Type reboot if you get an error in OwnCloud. Create your admin account and you should be set! Log into your account, download the desktop or mobile phone app and start uploading.