nerdexam
GIAC

GCIH · Question #621

Which of the following can be used in a USB attack to bypass authentication by hijacking the password libraries on a Windows system?

The correct answer is B. Rubber Ducky. The USB Rubber Ducky is a HID attack device that injects automated keystrokes to execute payloads capable of interacting with or replacing Windows password-related libraries on an unlocked system.

Vulnerability Exploitation & Privilege Escalation

Question

Which of the following can be used in a USB attack to bypass authentication by hijacking the password libraries on a Windows system?

Options

  • AInception
  • BRubber Ducky
  • CLan Turtle
  • DKon-boot

How the community answered

(42 responses)
  • A
    2% (1)
  • B
    88% (37)
  • C
    2% (1)
  • D
    7% (3)

Why each option

The USB Rubber Ducky is a HID attack device that injects automated keystrokes to execute payloads capable of interacting with or replacing Windows password-related libraries on an unlocked system.

AInception

Inception exploits DMA vulnerabilities over FireWire or Thunderbolt interfaces to directly patch Windows memory and bypass lock screens at the hardware level, and does not use USB HID injection or library-level manipulation.

BRubber DuckyCorrect

The Rubber Ducky presents itself to Windows as a trusted HID keyboard, requiring no driver installation or user interaction, and immediately executes preprogrammed Ducky Script payloads that can run commands to manipulate Windows authentication DLLs or password libraries such as those accessed by LSASS. Because Windows inherently trusts keyboard input, this attack bypasses standard USB security controls and can compromise authentication mechanisms within seconds of insertion into an unlocked machine.

CLan Turtle

Lan Turtle is a USB network adapter used for covert network access, man-in-the-middle interception, and reverse shell establishment, not for bypassing local Windows authentication by manipulating password libraries.

DKon-boot

Kon-boot patches the Windows kernel or bootloader during the startup process to bypass login authentication at the OS level, rather than hijacking password libraries through HID keystroke injection on a running system.

Concept tested: USB HID Rubber Ducky attack bypassing Windows authentication

Source: https://docs.hak5.org/usb-rubber-ducky

Topics

#USB HID attack#authentication bypass#Rubber Ducky#Windows credentials

Community Discussion

No community discussion yet for this question.

Full GCIH Practice