Cracking Windows passwords in 15 seconds or less with a special USB Rubber Ducky firmware and mimikatz. Build your own Dropbox alternative for free with OwnCloud - Shannon's Installation and Configuration guide. Then Darren borrows a page from Mubix with a Ducky Script to dump Windows memory for password cracking without getting caught by Anti-Virus. All that and more, this time on Hak5!
Cracking Windows Passwords in 15 seconds or less with a USB Rubber Ducky
This USB Rubber Ducky payload by RedMeatUK
is wicked. Using Gentilkiwi's
The Twin Duck firmware is nothing short of amazing. It makes the USB Rubber Ducky show up as both a HID Keyboard and Mass Storage - just like a regular USB drive. There are a few limitations, but nothing that hinders this payload. Specifically the Twin Duck is only capable of executing payloads of 2048 keystrokes (4K inject.bin files). It also only supports a transfer speed of about 150 KB/s - which is about 9 megabytes per minute. That said it is a fantastic firmware perfect for this situation.
Taking the Windows Password Recovery Ducky Script a little further I was inspired by Mubix's blog on Room362.com about using Microsoft's Sysinternals tool ProcDump to grab the memory from lsass.exe for later password extraction goodness with mimikatz. This is beautiful because Microsoft's own tool is used to recover the Windows password - so there's little chance of it setting off any Anti-Virus alarm bells. Grab the USB Rubber Ducky Payload here.
Looking forward I figured this would be a great opportunity to use Matt Graeber's awesome PowerSploit in order to dump process memory even quicker. Low and behold b00stfr3ak took this on with a Ducky lsass dumper written in Ruby. Using it you're able to pull off a lsass memory dump without the need for mass storage -- it'll transfer the file right over the network and even sets up the listener for you. Awesome stuff all around!
How to Install OwnCloud in Ubuntu Server 12.04
OwnCloud is a dropbox alternative that is open source and available for multiple platforms. Today, I am installing OwnCloud and setting it up on my Linux Ubuntu 12.04 server in a VM. There are steps online, but they are a bit outdated, so we want to start by going to
Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn't your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Then we wrap it all up with a healthy dose of cocktails and geek comedy. Damn the warranties, it's time to Trust your Technolust.
Want the most recent episode of this show always up to date on your website? Use this self-updating embed code!