2.0 KiB
2.0 KiB
About:
- Title: DuckyLogger 2.0
- Description: Keylogger, which sends each and every keystroke of the target remotely/locally.
- AUTHOR: drapl0n
- Version: 2.0
- Category: Credentials.
- Target: Unix-like operating systems with systemd.
- Attackmodes: HID.
DuckyLogger 2.0 is the most efficient version of the original DuckyLogger, which captures every keystroke of the traget and sends it back to the attacker.
Features:
- Live keystroke capturing.
- Detailed key logs.
- Persistent.
- Autostart payload on boot.
What's new ?
- No trigger from the target's end is required.
- Completely autostarts the payload on boot.
- Removed unnecessary script blocks.
- No need to run two different services.
Workflow:
- Encoding payload and injecting it into the target's system.
- Checks whether the internet is connected to the target system.
- If the internet is connected, then it sends raw keystrokes to the attacker.
- Attacker processes raw keystrokes.
Changes to be made in payload:
- Replace ip (0.0.0.0) and port number (4444) with your server's ip address and port number on line no.
43
. - Increase/Decrease time interval to restart service periodically (default is 5 minutes), on line no.
59
.
Usage:
- Encode payload.txt and inject it into the target's system.
- Start Netcat listner on the attacking system:
nc -lvp <port number> > <log filename>
use this command to create new a logfile with raw keystrokes.nc -lvp <port number> >> <log filename>
use this command to append raw keystrokes to an existing log file.
- Process raw keystrokes using the DuckyLoggerDecoder utility:
./duckyLoggerDecoder
DuckyLoggerDecoder is used to decode raw key strokes acquired by duckyLogger.
Usage:
Decode captured log: [./duckyLoggerDecoder -f <Logfile> -m <mode> -o <output file>]
Options:
-f Specify the log file.
-m Select Mode(normal|informative)
-o Specify an output file.
-h For this banner.