usbrubberducky-payloads/payloads/library/credentials/DuckyLogger2/README.md

2.0 KiB

About:

  • Title: DuckyLogger 2.0
  • Description: Keylogger, which sends each and every keystroke of the target remotely/locally.
  • AUTHOR: drapl0n
  • Version: 2.0
  • Category: Credentials.
  • Target: Unix-like operating systems with systemd.
  • Attackmodes: HID.

DuckyLogger 2.0 is the most efficient version of the original DuckyLogger, which captures every keystroke of the traget and sends it back to the attacker.

Features:

  • Live keystroke capturing.
  • Detailed key logs.
  • Persistent.
  • Autostart payload on boot.

What's new ?

  • No trigger from the target's end is required.
  • Completely autostarts the payload on boot.
  • Removed unnecessary script blocks.
  • No need to run two different services.

Workflow:

  • Encoding payload and injecting it into the target's system.
  • Checks whether the internet is connected to the target system.
  • If the internet is connected, then it sends raw keystrokes to the attacker.
  • Attacker processes raw keystrokes.

Changes to be made in payload:

  • Replace ip (0.0.0.0) and port number (4444) with your server's ip address and port number on line no. 43.
  • Increase/Decrease time interval to restart service periodically (default is 5 minutes), on line no. 59.

Usage:

  1. Encode payload.txt and inject it into the target's system.
  2. Start Netcat listner on the attacking system:
  • nc -lvp <port number> > <log filename> use this command to create new a logfile with raw keystrokes.
  • nc -lvp <port number> >> <log filename> use this command to append raw keystrokes to an existing log file.
  1. Process raw keystrokes using the DuckyLoggerDecoder utility:
./duckyLoggerDecoder
DuckyLoggerDecoder is used to decode raw key strokes acquired by duckyLogger.

Usage: 
Decode captured log:    [./duckyLoggerDecoder -f <Logfile> -m <mode> -o <output file>]

Options:
-f      Specify the log file.
-m      Select Mode(normal|informative)
-o      Specify an output file.
-h      For this banner.

Support me if you like my work: