馃攳
So you think your phone or iPad are safe? Rubber Ducky script for mobile targets and Hak5 OMG cables - YouTube
Channel: unknown
[0]
this video is part of my series showing
[1]
you how to use omg cables to hack
[4]
networks in this first video i'm going
[6]
to show you how to hack an android phone
[8]
as well as an ios device in this case an
[11]
ipad using an omg cable this is a usbc
[15]
to usbc omg cable now the scariest thing
[19]
about these omg cables is that you can't
[22]
see the difference between a traditional
[24]
usb cable or lightning cable and these
[28]
omg cables they look exactly the same
[31]
but they have access points within them
[34]
they allow you to run scripts on devices
[36]
such as android devices and ios devices
[39]
they also now
[42]
are key loggers so you can log
[44]
keystrokes using these omg cables so in
[47]
this first video i'm going to show you
[48]
how to rick roll a person using an omg
[51]
cable i'll show you how to make a
[53]
telephone call using an omg cable and an
[56]
android device
[64]
and i'll show you how to take
[65]
photographs using the omg cable it's
[68]
extremely worrying and extremely scary
[71]
what you can do with these cables
[73]
never just trust any cable don't just
[76]
plug in your devices into some random
[78]
cable or into some random usb port
[81]
because you never know what's going to
[83]
happen
[84]
as always what i'm demonstrating in this
[86]
video is for educational purposes only
[89]
do not go and use this information and
[91]
get into trouble make sure that you use
[93]
this information to make people aware of
[96]
the vulnerabilities in the usb standard
[99]
don't just trust any usb cable don't
[102]
just trust any device you need to act
[105]
with security in mind
[107]
don't just trust anyone don't just trust
[109]
any device or cable
[112]
[Music]
[117]
now before we continue i'm really happy
[118]
to announce that mg and darren from hack
[121]
five are sponsoring a giveaway one
[123]
person is going to win 180 hack five
[125]
gift card
[126]
that will allow you to purchase an omg
[128]
cable such as this or one of the others
[131]
so one person is going to win 180 hack
[134]
five gift card but you need to use a
[136]
secret code to enter this competition so
[138]
make sure that you watch the entire
[140]
video so that you can get the secret
[142]
code to enter the competition in this
[144]
example i've plugged the cable into an
[146]
android phone nothing else is connected
[149]
but what i can do
[150]
is on my iphone as an example
[153]
connect to
[155]
a access point running within that cable
[158]
so in this example i've configured it as
[160]
the fbi network
[162]
you when you set up this cable can
[164]
configure it with any kind of access
[165]
point name that you want to any kind of
[168]
security i've previously connected to
[170]
this network so the password has been
[172]
stored i'm automatically connected to
[174]
the device
[176]
by default
[177]
it uses an address 192.168.4.1
[181]
i can connect to that network and as you
[183]
can see i'm now connected to the omg
[186]
cable connected to this android phone so
[189]
what i could do is load a script i'll
[192]
load a script from slot one the various
[194]
slots here you can pre-load scripts
[197]
ready to deploy or you can simply copy
[199]
and paste the script remotely onto
[202]
the omg cable
[203]
so before i do anything notice i'm not
[206]
touching the phone not touching the
[207]
cable but what i'll do is press run
[211]
and hopefully the phone will do
[213]
something
[217]
notice it's opening up a url
[222]
and
[222]
i'll unmute the phone
[224]
we get the famous rick roll
[227]
so
[228]
that's an example of
[230]
opening up a website
[232]
now i can get it to do all kinds of
[234]
things
[235]
i could get that to go to malicious
[237]
website if i wanted to but in this
[239]
example let's try and get it to do
[240]
something else so let's run this script
[242]
and see what it
[252]
your account does is too low
[255]
so what i got it to do there is make a
[258]
phone call this phone has a sim card in
[261]
that doesn't have enough credit to make
[263]
any phone calls i need to top it up it's
[264]
just a top-up sim card doesn't have any
[266]
credit on it so it can't actually make
[268]
the phone call but notice it tries to
[270]
dial the number and i'll run that
[281]
to again up purchase a three voucher and
[284]
dial four or from your free handset
[287]
0843-373-4444
[291]
from another phone
[293]
okay so it tried to make a phone call
[297]
quite scary that
[299]
let's try one last test with an android
[301]
phone and then i'll show you with ios
[304]
so i'll load another script here
[309]
press run
[317]
and what that just did was take a photo
[320]
so if i
[321]
press here notice it's just taken two
[323]
photos
[325]
run that again as an example
[327]
so
[328]
run that what it should do hopefully is
[331]
take two photographs
[338]
and there you go just took
[340]
two extra photographs so that's quite
[342]
worrying because this cable looks just
[345]
like a normal usbc to usb c cable
[349]
but i can get it to do all kinds of
[351]
malicious things
[352]
so let's do it with an ipad now what
[355]
i'll do in this example is copy a script
[358]
instead of loading a script i'll simply
[360]
copy
[360]
a new script
[362]
and
[363]
i'll paste it in
[365]
to the omg cable
[367]
so i've connected my mac to the omg
[370]
cable using the fbi network
[373]
i've opened up a browser to the omg
[375]
cable i've pasted in the script now
[377]
before i run it i'll change this string
[380]
so it doesn't go to the omg website but
[382]
to a youtube page so that i can rick
[385]
roll the person using this ipad
[388]
so i'll run the payload
[396]
and what you'll notice there is an ad is
[398]
playing
[404]
[Music]
[408]
and there you go so i've been able to
[410]
rick roll both an ipad as well as an
[414]
android phone
[415]
using the omg cable really scary what
[418]
you can do with the omg cable now mg the
[421]
creator of the omg cable gave me the
[423]
scripts to open up a web browser on
[424]
android as well as ios
[426]
i created the call script as well as the
[430]
take photo script i did those very very
[432]
quickly in a short amount of time so
[433]
they're not perfect they may not
[435]
necessarily always work if you're going
[437]
to use them you're probably going to
[439]
want to fix them and iterate them and
[440]
make them better but that was sort of a
[442]
quick test to see if i could get it to
[444]
work and i did as always please don't
[446]
use the information that i'm sharing
[448]
here for malicious purposes but be aware
[450]
of the issues of trusting cables don't
[454]
just trust any cable from your friends
[456]
or from some random stranger because it
[458]
could be an omg cable such as this again
[460]
the only way to identify this is an omg
[463]
cable rather than a standard
[465]
usb cable is by this little tag so if i
[468]
took that off i wouldn't be able to
[470]
differentiate between this cable and a
[473]
standard usb cable now in this video i
[475]
simply wanted to demonstrate some of the
[477]
options with the omg cable i've put
[479]
links to the scripts below this video if
[482]
you want to try this yourself again use
[483]
it at your own risk i'll cover the setup
[485]
of the omg cable in a separate video i
[487]
have discussed the setup of the omg
[489]
cable in a previous video which i've
[490]
linked here and below but i'll do an
[492]
updated version of that video process is
[495]
very similar the language used here is
[497]
very similar to the rubber ducky
[499]
language i'll also create some
[501]
additional videos on the rubber ducky
[502]
language because some of you have asked
[504]
for that this video does cover some of
[506]
the basics if you're interested in
[507]
learning how to set up the rubber ducky
[509]
as an example
[510]
okay so the secret code that you need is
[512]
omg cable hacks
[514]
use the code omg cable hacks to enter
[517]
the competition using the link below i
[520]
want to wish you all the very best for
[521]
the competition but more importantly all
[524]
the very best for your career go out
[526]
there and make a success of your life
[529]
[Music]
[537]
[Music]
Most Recent Videos:
You can go back to the homepage right here: Homepage