hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
usbrubberducky-payloads/payloads/library/credentials/BitLockerKeyDump
History
0i41E 40f7f072ea
Changed Username 		2024-05-28 19:25:26 +02:00
..
payload.txt Changed Username 2024-05-28 19:25:26 +02:00
readme.md Changed Username 2024-05-28 19:25:26 +02:00

readme.md

Title: BitLockerKeyDump

Author: 0i41E
OS: Windows
Version: 1.0

What is BitLockerKeyDump?

Lets first explain, what is "a BitLocker recovery key"?

A BitLocker recovery key is a unique 48-digit numerical password that is generated when you enable BitLocker on a Windows computer or device. BitLocker is a disk encryption program included with Windows, and is designed to protect the data on your hard drive by encrypting it. The recovery key is a critical component of BitLocker because it is used to unlock or recover access to the encrypted drive in case you forget your BitLocker password or experience issues with your computer's hardware or software. Common scenarios where you might need a BitLocker recovery key:

  • Forgotten Password: If you forget the password you set for BitLocker, you can use the recovery key to regain access to your encrypted drive.
  • Hardware Changes: If you make significant hardware changes to your computer, such as replacing the motherboard or hard drive, BitLocker may trigger a recovery mode, and you'll need the recovery key to unlock the drive.
  • Operating System Errors: In the event of certain operating system errors or issues, BitLocker may require the recovery key to restore access to the encrypted drive.

It's important to keep your BitLocker recovery key in a safe and secure location because it provides a way to bypass BitLocker's encryption and access your data.

Now that we have explained what BitLocker and the recovery key are, what is BitLockerKeyDump? Short and easy: It dumps the recovery key and exfiltrates it via Keystroke Reflection.

Instructions:

  1. Set the correct "Yes" shortcut in line 132. (i.e. ALT j for german systems, ALT y for english keyboard layouts)

  2. Plug in your RubberDucky into a Windows target and wait for the process to end. Have fun observing the Keyboards LEDs ;)

*If plugged into a non Windows system, ATTACKMODE OFF will be triggered, unless CAPSLOCK is ON while the Ducky is getting plugged in. This way you can collect the loot savely.

  1. Open the exfiltrated loot.bin file to access the recovery key.