Prep for offline attacks
Grab a Rubber Duck and infiltrate your target network…
Hopefully by now you’ll have found that the wireless networks you targeted were proof against any attempts to crack the password. If so, it’s important to consider the next steps a malicious hacker might take, which is to gain physical access to your machine(s) and compromise them from there.
A simple form of this attack might be for someone to break into your office with a DVD of Kali, then boot it from your Windows machine so they can examine unencrypted files on your hard disk.
More sophisticated attacks are possible through using a USB Rubber Ducky. This tool, created by Hak5, resembles a USB stick, but is actually a very sophisticated keystroke injection platform. It uses a microSD card and a simple scripting language to deliver payloads: automated attacks that do things like give you root access to a target machine. The Rubber Ducky tricks machines into thinking it’s a keyboard to make them accept commands. While you’re encouraged to create your own attacks, Hak5 maintain a payload wiki of pre-assembled attacks for Windows, Linux and MacOS which you can copy to the Rubber Ducky.
If you decide that sneaking into your own home to insert the device into a vulnerable machine wouldn’t be much of a challenge, you can give the Rubber Ducky (and possibly a crowbar) to an IT illiterate friend who can then try to break in and try to compromise your machine.
To get started, invest in a USB Rubber Ducky from Hak5 ( https://hakshop.com/products/usb-rubber-duckydeluxe). They currently retail for around $45.
While you’re waiting for it to arrive, fire up Kali and open Terminal. Enter the command git clone --recursive git:// github.com/skysploit/simple-ducky.git /usr/share/simpleducky to download the program SimpleDucky, which is useful for automatically generating payloads.
Next run bash /usr/share/simple-ducky/install.sh to execute the installer, then simple-ducky to launch Simple Ducky. Before getting started with the payloads, choose Option 9 to download any dependencies. Follow the steps ( seetheboxbelow) to copy a payload onto the USB Rubber ducky. If none of the payloads in SimpleDucky fit your needs, you can find more at www.usbrubberducky.com.
Once this is complete, the Rubber Ducky is ready to infiltrate your target device. Make life harder for fellow pentesters by using Linux with Full Disk Encryption. Shut down machines fully when leaving rooms and lock the door.