Time
2 hours 25 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
Okay, now the moment most have you been probably waiting for. We're going to start our first lab now. This first lab will be our U S P H i d. Spoofing lab.
00:09
Okay, so you'll need a number of things and we're fall along. First of all, for our U S B h i d. Spoofing device, I will be using what's called the USB rubber ducky,
00:20
and that device is sold by Hack five.
00:22
You can get that device a shop, not hack five dot or GE.
00:26
Now, um, the reason I'm using this one is because it has an advantage over other devices and that it looks like a normal USB storage device. Other companies sell other things, but they don't quite look like a regular USB device.
00:41
So that's why I'm using it here in this demonstration.
00:44
There are other alternatives because thes USB rubber duckies a rather spend these around $45 company called Mel Tronics also sells what's called Montesinos,
00:56
and they have a few different versions. One version. I think it's called the Light. They sell for around $15. There's a leak version that's, ah, think 20 to $30. So there are significantly cheaper if you want to try those out. But all the set up I will be doing this lab will be with the USB rubber Ducky.
01:15
Next, you'll need a computer's Internet access in order to access the Web sites we need for this lab.
01:22
Then my attack will be launched against the Windows 10 Machine
01:26
s so you will need a Windows 10 machine. This this might work on a window. Seven hasn't been tested in a seven. So preferably a Windows 10 machine. In order to test this attack against,
01:38
um, now, we will be encoding our payloads. They will need to be encoded in orderto work on the USB rubber ducky, and you'll need to access duct tool.
01:49
Excuse me. Duck tool kit dot com slash and coder. There are other ways to encode thes payloads. This isn't the most simple. So we'll just go ahead and use this one.
01:59
Next for a text editor, I will be using no pad plus. Plus,
02:04
you can use a similar program. Um, for, for example, if you have a Mac or Lennox machine, you can't get no pad plus Plus,
02:12
you could go to sublime text dot com. And it's a good alternative to know pad plus plus.
02:19
Okay. Lastly, we'll be getting the language pack
02:23
for Ducky script in No Pet plus Plus.
02:25
So you'll need a visit that get, huh? Blink on the bottom in order. Download that.
02:30
Okay, so let's get started. Our first lab.

Up Next

USB Drop Attack

Malicious devices are everywhere these days, whether you can see them or not.

Instructed By

Instructor Profile Image
Shawn Briere
Information Security Analyst
Instructor