Permalink
Browse files

Cleaning Up Repo

Viva La Figa!
  • Loading branch information...
whid-injector committed Sep 17, 2018
1 parent 50d7839 commit 9acfde13afa569f51a3566abbfea3df4f6e5ed50
Showing with 2,635 additions and 6 deletions.
  1. +21 −0 Deprecated_fw/WifiDucky/LICENSE
  2. +196 −0 Deprecated_fw/WifiDucky/README.md
  3. +130 −0 Deprecated_fw/WifiDucky/arduino_wifi_duck/arduino_wifi_duck.ino
  4. +90 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/Settings.cpp
  5. +39 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/Settings.h
  6. +52 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/data.h
  7. +396 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/esp8266_wifi_duck.ino
  8. +32 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/html/files/functions.js
  9. +98 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/html/files/index.html
  10. +58 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/html/files/info.html
  11. +21 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/html/files/license.txt
  12. +209 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/html/files/live.html
  13. +427 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/html/files/normalize.css
  14. +135 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/html/files/settings.html
  15. +466 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/html/files/skeleton.css
  16. +57 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/html/files/style.css
  17. +119 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/html/files/view.html
  18. +49 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/html/minifier.html
  19. +7 −0 Deprecated_fw/WifiDucky/esp8266_wifi_duck/html/readme.md
  20. BIN Deprecated_fw/WifiDucky/images/leonardo_duck_1.jpg
  21. BIN Deprecated_fw/WifiDucky/images/leonardo_duck_2.jpg
  22. BIN Deprecated_fw/WifiDucky/images/my_wifi_duck.jpg
  23. BIN Deprecated_fw/WifiDucky/images/wifiduck_screenshot_1.jpg
  24. 0 { → Deprecated_fw}/sketches/WHID_and_Cactus_micro_rev2_sketches/Arduino_Sketch/Arduino_Sketch.ino
  25. 0 { → Deprecated_fw}/sketches/WHID_and_Cactus_micro_rev2_sketches/ESP_Sketch/ESP_Sketch.ino
  26. 0 {payloads/wifi-ducky → Deprecated_fw/wifi-ducky_payloads}/CmdExecOverDNS.txt
  27. 0 {payloads/wifi-ducky → Deprecated_fw/wifi-ducky_payloads}/Mimikatz.txt
  28. 0 {payloads/wifi-ducky → Deprecated_fw/wifi-ducky_payloads}/MimikatzScr.txt
  29. 0 {payloads/wifi-ducky → Deprecated_fw/wifi-ducky_payloads}/NewAdminTechnique.txt
  30. 0 {payloads/wifi-ducky → Deprecated_fw/wifi-ducky_payloads}/PhishCreds.ps1
  31. 0 {payloads/whid-gui → Payloads}/EmpireAgent.txt
  32. 0 {payloads/whid-gui → Payloads}/LinuxIfconfig.txt
  33. +16 −0 Payloads/LinuxSerialExfil.txt
  34. +3 −3 {payloads/whid-gui → Payloads}/Mimikatz.txt
  35. +3 −3 {payloads/whid-gui → Payloads}/MimikatzScr.txt
  36. 0 {payloads/whid-gui → Payloads}/PhishCreds.ps1
  37. 0 {payloads/whid-gui → Payloads}/WinCalc.txt
  38. +11 −0 Payloads/WinSerialExfil.txt
@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2017 Stefan Kremser
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
@@ -0,0 +1,196 @@
# Wi-Fi Ducky
Upload, save and run keystroke injections remotely with an ESP8266 + ATmega32u4
![image of my DIY Wi-Fi Duck](https://raw.githubusercontent.com/spacehuhn/wifi_ducky/master/images/my_wifi_duck.jpg)
[![Donate](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=RCHANSVSX9M8C)
## Contents
- [Introduction](#introduction)
- [What it is](#what-it-is)
- [How it works](#how-it-works)
- [The benefits of adding Wi-Fi](#the-benefits-of-adding-wi-fi)
- [Disclaimer](#disclaimer)
- [Installation](#installation)
- [Preparation](#preparation)
- [ESP8266](#esp8266)
- [Arduino ATmega32u4](#arduino-atmega32u4)
- [Wire everything up](#wire-everything-up)
- [Update ESP8266 over the Webinterface](#update-esp8266-over-the-webinterface)
- [How to use it](#how-to-use-it)
- [Improvements](#improvements)
- [License](#license)
- [Sources and additional Links](#sources-and-additional-links)
## Introduction ##
### What it is
It's a Wi-Fi controlled BadUSB device to remotely execute Ducky Scripts.
Using a USB device which act as a keyboard to inject keystrokes is well kown these days.
The [USB Rubber Ducky](https://hakshop.com/products/usb-rubber-ducky-deluxe) by [Hak5](https://www.hak5.org/) is THE hacker gadget for this kind of attack. It introduced a simple script language called *Ducky Script*, which this project uses too.
### How it works
The ESP8266 is a popular Wi-Fi chip used in a lot of projects. Because it's cheap, small and has its own file system ([SPIFFS](https://github.com/esp8266/Arduino/blob/master/doc/filesystem.md)), it's perfect for enabling an easy remote connection and holding Ducky Script payloads.
Although the ESP8266 is awesome, it doesn't have native USB, which means it can't act as a keyboard :(
([cnlohr](https://github.com/cnlohr) made a cool project on this and added a USB stack himself: https://github.com/cnlohr/espusb. The problem with that is, that it isn't compatible with the current SDK version, also I wanted to use Arduino to make it more user friendly.)
Here comes the ATmega32u4 into play!
It can act as keyboard and thanks to [Seytonic](http://youtube.com/seytonic) run Ducky Script ([link](https://github.com/Seytonic/Duckduino-microSD)).
So what I did is connecting the ATmega to the ESP8266 via serial.
The ESP will open up a Wi-Fi access point and host a webinterface from what you can upload and manage your scripts.
When you hit run, it will send the script to the ATmega, which then will execute it on the target machine.
### The benefits of adding Wi-Fi
**But why add Wi-Fi** ...you might ask.
With Wi-Fi you can upload and run your Ducky Script payloads remotely.
You just need to plug the device in, connect to its Wi-Fi network and you have full control over the target machine.
It also gives you one big advantage over other BadUSBs, you can test your scripts live! You don't need to copy them onto a micro-sd card or compile them. You can run them live over the webinterface, which makes its super easy for testing and improving your scripts.
It also adds a lot of possibilites for different attacks.
You could make the target download executables from the Wi-Fi chip, instead of the internet.
Or execute different attacks and send the results back to the Chip. Or open up a reverse shell on the ESP8266s Wi-Fi.
And so on... there are so much possibilities!
## Disclaimer
Use it only for testing purposes on your own devices!
I don't take any responsibility for what you do with this project.
## Installation
### Short version:
Upload the `arduino_wifi_duck` sketch to your ATmega32u4 and upload the `esp8266_wifi_duck` sketch to your ESP8266.
Then connect the serial pins (RX and TX (Arduino) to TX and RX (ESP8266)) and GND.
---
### Preparation
What you will need:
- **ESP8266 Wi-Fi chip**
I recommend using an ESP-12. It's widely used, cheap, tiny and has 4MB of flash memory.
However if you're a beginner you should probably start with a developer board like the NodeMCU or a Wemos d1 mini.
- **ATmega32u4**
The Arduino Micro and Arduino Leonardo use an ATmega32u4 for example. You could also get a Arduino Pro Micro or other cheap Arduino clones which use the ATmega32u4. I will use an [ATmega32u4 CJMCU Beetle](https://www.google.de/search?q=Cjmcu-beetle&tbm=isch).
- **(a 3.3V regulator)**
I put that in brackets because you will only need this if your ATMega32u4 board doesn't provide 3.3V. The ESP8266 only works with 3.3V, so depending on your board you may need a regulator to get 3.3V out of the 5V.
- **Some skill, knowledge and common sense on this topic**
That's probably the most important part here. **This project is not noob friendly!** If you are a beginner, please start with other projects and get some knowledge about how Arduino and its code works, how to handle errors and how to work with the ESP8266. **I can't cover every little detail here. Please respect that.** Depending on your hardware choices you may need to add or change a bit of the Arduino code.
So make your hardware choices!
Also I wouldn't go straight forward and solder everything together. Test it beforehand, otherwise debugging can be hard!
**For an easy start, better debugging, further development or if you just wanna test this project, I recommend using a Nodemcu + an Arduino Leonardo:**
![nodemcu with a leonardo as wifi duck](https://raw.githubusercontent.com/spacehuhn/wifi_ducky/master/images/leonardo_duck_1.jpg)
This is easy to setup, you don't need any soldering skills and you can still use both the NodeMCU and the Arduino for other cool projects.
But now let's get started!
### ESP8266
First you will need to flash your ESP8266.
You can either flash the bin file directly or compile it yourself using Arduino.
**Note:** You will only need to flash it once, every new update can then be done over the webinterface.
If don't use a USB dev board and don't know how to flash your plain ESP8266, I recommend you to have a look at this instructable: http://www.instructables.com/id/Getting-Started-with-the-ESP8266-ESP-12/?ALLSTEPS
You could also use your Arduino to flash it: https://gist.github.com/spacehuhn/b2b7d897550bc07b26da8464fa7f4b36
(The connections are the same for this project, the only difference is that you need to set GPIO-0 to LOW to enabling a firmware update).
**Flash the .bin File**
Go to [releases](https://github.com/spacehuhn/wifi_ducky/releases) and download the right bin file for your ESP8266.
You can flash it with the [esptool](https://github.com/espressif/esptool) or the [nodemcu-flasher](https://github.com/nodemcu/nodemcu-flasher).
**Upload using Arduino**
Open the `esp8266_wifi_duck` sketch with [Arduino](https://www.arduino.cc/en/Main/Software).
You need to install the following Librarys:
- [the latest ESP8266 SDK](https://github.com/esp8266/Arduino)
- [ESPAsyncWebServer](https://github.com/me-no-dev/ESPAsyncWebServer)
- [ESPAsyncTCP](https://github.com/me-no-dev/ESPAsyncTCP)
Then compile and upload it to your ESP8266 (check if your settings are right).
### Arduino ATmega32u4
Open the `arduino_wifi_duck` sketch in Arduino and upload it to your Arduino.
### Wire everything up
Ok so now you need to connect the ESP8266 with the Arduino.
Connect these pins:
| Arduino | ESP82666 |
| ------------- |:-------------:|
| TX | RX |
| RX | TX |
| GND | GND |
| VCC (3.3V) | VCC (3.3V) |
Like I mentioned before, you'll need a 3.3V regulator if your Arduino only provides 5V.
**Don't connect the ESP8266 to 5V!**
If you use a plain ESP-12 like me, you also have to set the enable pin and to HIGH and GPIO15 to LOW:
| PIN | Mode |
| ------------ |:----------:|
| GPIO15 | LOW (GND) |
| CH_PD (EN) | HIGH (3.3V)|
### Update ESP8266 over the Webinterface
Once you flashed the software, you can update it over the webinterface.
Go to `192.168.4.1/update` and upload the new .bin file.
(In Arduino go to `Sketch`->`Export compiled Binary` to compile your own .bin file)
## How to use it
Plug your Wi-Fi Ducky in and connect to the new Wi-Fi network `WiFi Duck`. The password is `quackquack`.
Open your browser and go to `192.168.4.1`.
![screenshot of the webinterface](https://raw.githubusercontent.com/spacehuhn/wifi_ducky/master/images/wifiduck_screenshot_1.jpg)
There you can now upload, view, delete and run new Ducky Scripts.
**PLEASE NOTE that the max length per row for a script is 600 chars.**
How to write Ducky Scripts: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript
Happy hacking :)
## Improvements
My wishlist:
- add support for Digispark (ATtiny85) as alternative for the ATmega32u4 Arduino
- change settings within the webinterface (Wi-Fi SSID, password etc.)
- full support of all Ducky Script commands (DEFAULTDELAY is missing)
- auto execute scripts
- add mouse
- control over the internet
## License
This project is licensed under the MIT License - see the [license file](LICENSE) file for details
## Sources and additional Links
The USB Rubber Ducky: https://hakshop.com/products/usb-rubber-ducky-deluxe
The Malduino (a BadUSB-Arduino/Rubber-Ducky-alternative by Seytonic): https://www.indiegogo.com/projects/malduino-badusb-arduino-usb#/
Seytonic: http://youtube.com/seytonic
https://github.com/seytonic
Arduino Ducky Script interpreter: https://github.com/Seytonic/Duckduino-microSD
Cnlohrs ESP8266 USB Software Driver: https://github.com/cnlohr/espusb
@@ -0,0 +1,130 @@
#include <Keyboard.h>
#define BAUD_RATE 9600
#define ExternSerial Serial1
String bufferStr = "";
String last = "";
int defaultDelay = 0;
void Line(String _line)
{
int firstSpace = _line.indexOf(" ");
if(firstSpace == -1) Press(_line);
else if(_line.substring(0,firstSpace) == "STRING"){
for(int i=firstSpace+1;i<_line.length();i++) Keyboard.write(_line[i]);
}
else if(_line.substring(0,firstSpace) == "DELAY"){
int delaytime = _line.substring(firstSpace + 1).toInt();
delay(delaytime);
}
else if(_line.substring(0,firstSpace) == "DEFAULTDELAY") defaultDelay = _line.substring(firstSpace + 1).toInt();
else if(_line.substring(0,firstSpace) == "REM"){} //nothing :/
else if(_line.substring(0,firstSpace) == "REPLAY") {
int replaynum = _line.substring(firstSpace + 1).toInt();
while(replaynum)
{
Line(last);
--replaynum;
}
} else{
String remain = _line;
while(remain.length() > 0){
int latest_space = remain.indexOf(" ");
if (latest_space == -1){
Press(remain);
remain = "";
}
else{
Press(remain.substring(0, latest_space));
remain = remain.substring(latest_space + 1);
}
delay(5);
}
}
Keyboard.releaseAll();
delay(defaultDelay);
}
void Press(String b){
if(b.length() == 1) Keyboard.press(char(b[0]));
else if (b.equals("ENTER")) Keyboard.press(KEY_RETURN);
else if (b.equals("CTRL")) Keyboard.press(KEY_LEFT_CTRL);
else if (b.equals("SHIFT")) Keyboard.press(KEY_LEFT_SHIFT);
else if (b.equals("ALT")) Keyboard.press(KEY_LEFT_ALT);
else if (b.equals("GUI")) Keyboard.press(KEY_LEFT_GUI);
else if (b.equals("UP") || b.equals("UPARROW")) Keyboard.press(KEY_UP_ARROW);
else if (b.equals("DOWN") || b.equals("DOWNARROW")) Keyboard.press(KEY_DOWN_ARROW);
else if (b.equals("LEFT") || b.equals("LEFTARROW")) Keyboard.press(KEY_LEFT_ARROW);
else if (b.equals("RIGHT") || b.equals("RIGHTARROW")) Keyboard.press(KEY_RIGHT_ARROW);
else if (b.equals("DELETE")) Keyboard.press(KEY_DELETE);
else if (b.equals("PAGEUP")) Keyboard.press(KEY_PAGE_UP);
else if (b.equals("PAGEDOWN")) Keyboard.press(KEY_PAGE_DOWN);
else if (b.equals("HOME")) Keyboard.press(KEY_HOME);
else if (b.equals("ESC")) Keyboard.press(KEY_ESC);
else if (b.equals("INSERT")) Keyboard.press(KEY_INSERT);
else if (b.equals("TAB")) Keyboard.press(KEY_TAB);
else if (b.equals("END")) Keyboard.press(KEY_END);
else if (b.equals("CAPSLOCK")) Keyboard.press(KEY_CAPS_LOCK);
else if (b.equals("F1")) Keyboard.press(KEY_F1);
else if (b.equals("F2")) Keyboard.press(KEY_F2);
else if (b.equals("F3")) Keyboard.press(KEY_F3);
else if (b.equals("F4")) Keyboard.press(KEY_F4);
else if (b.equals("F5")) Keyboard.press(KEY_F5);
else if (b.equals("F6")) Keyboard.press(KEY_F6);
else if (b.equals("F7")) Keyboard.press(KEY_F7);
else if (b.equals("F8")) Keyboard.press(KEY_F8);
else if (b.equals("F9")) Keyboard.press(KEY_F9);
else if (b.equals("F10")) Keyboard.press(KEY_F10);
else if (b.equals("F11")) Keyboard.press(KEY_F11);
else if (b.equals("F12")) Keyboard.press(KEY_F12);
else if (b.equals("SPACE")) Keyboard.press(' ');
//else Serial.println("not found :'"+b+"'("+String(b.length())+")");
}
void setup() {
Serial.begin(BAUD_RATE);
ExternSerial.begin(BAUD_RATE);
pinMode(13,OUTPUT);
digitalWrite(13,HIGH);
Keyboard.begin();
}
void loop() {
if(ExternSerial.available()) {
bufferStr = ExternSerial.readStringUntil("END");
Serial.println(bufferStr);
}
if(bufferStr.length() > 0){
bufferStr.replace("\r","\n");
bufferStr.replace("\n\n","\n");
while(bufferStr.length() > 0){
int latest_return = bufferStr.indexOf("\n");
if(latest_return == -1){
Serial.println("run: "+bufferStr);
Line(bufferStr);
bufferStr = "";
} else{
Serial.println("run: '"+bufferStr.substring(0, latest_return)+"'");
Line(bufferStr.substring(0, latest_return));
last=bufferStr.substring(0, latest_return);
bufferStr = bufferStr.substring(latest_return + 1);
}
}
bufferStr = "";
ExternSerial.write(0x99);
Serial.println("done");
}
}
Oops, something went wrong.

0 comments on commit 9acfde1

Please sign in to comment.