This USB Rubber Ducky payload by RedMeatUK
is wicked. Using Gentilkiwi's
The Twin Duck firmware is nothing short of amazing. It makes the USB Rubber Ducky show up as both a HID Keyboard and Mass Storage - just like a regular USB drive. There are a few limitations, but nothing that hinders this payload. Specifically the Twin Duck is only capable of executing payloads of 2048 keystrokes (4K inject.bin files). It also only supports a transfer speed of about 150 KB/s - which is about 9 megabytes per minute. That said it is a fantastic firmware perfect for this situation.
Taking the Windows Password Recovery Ducky Script a little further I was inspired by Mubix's blog on Room362.com about using Microsoft's Sysinternals tool ProcDump to grab the memory from lsass.exe for later password extraction goodness with mimikatz. This is beautiful because Microsoft's own tool is used to recover the Windows password - so there's little chance of it setting off any Anti-Virus alarm bells. Grab the USB Rubber Ducky Payload here.
Looking forward I figured this would be a great opportunity to use Matt Graeber's awesome PowerSploit in order to dump process memory even quicker. Low and behold b00stfr3ak took this on with a Ducky lsass dumper written in Ruby. Using it you're able to pull off a lsass memory dump without the need for mass storage -- it'll transfer the file right over the network and even sets up the listener for you. Awesome stuff all around!
How to Install OwnCloud in Ubuntu Server 12.04
OwnCloud is a dropbox alternative that is open source and available for multiple platforms. Today, I am installing OwnCloud and setting it up on my Linux Ubuntu 12.04 server in a VM. There are steps online, but they are a bit outdated, so we want to start by going to