411Hall

DuckToolkit NG

80 posts in this topic

I am happy to announce that the DuckToolkit NG is now available!

This is an entirely new version of the previous site which has been rewritten in Python/Django by myself and KevtheHermit. 

Current Features:

  • Online Encoder
  • 30+ Recon/Exploit/Reporting PowerShell scripts
  • Online Decoder
  • UK/US Language Support
  • Standalone Python Encoder/Decoder

We are working to add new languages and to implement Linux/OSX scripts in the coming weeks, however since this in an open source project please feel free to help us! If you want a certain language added then help us by writing it!

You can access the online DuckToolkit NG here:

https://www.ducktoolkit.com

You can access the standalone DuckToolkit here:

https://github.com/kevthehermit/DuckToolkit

Any issues, comments or suggestions then either post on the Disqus thread on the website or respond in this thread,

 

411.

Edited by 411
Toolkit Updated.
7

Share this post


Link to post
Share on other sites

Looks great! :D

Hopefully, Darren will see this and get in touch.

We'll probably need to check the source for any potenital loop-holes, incase any drive-by attackers try to exploit the application.

0

Share this post


Link to post
Share on other sites

Would defiantly want these scripts made available. The more payloads the better.

0

Share this post


Link to post
Share on other sites

Looks good Im interested. \

@411

#Darren

#Darren?

lol

0

Share this post


Link to post
Share on other sites

Thanks for the feedback guys, glad you like the looks of it! :D

You will have to give me a couple of days to get the scripts sorted so they can run induvidually, they way the website is designed is to add a standard header to the beginning of each script which opens CMD etc. and then if a recon script has been added the html required to make the reports is also included.

I have alot more scripts and features which i had intended to add but just never got the chance, so i will try to get working on a few of them over the next couple of weeks.

Also added some new images showing the net scan and port scan.

411.

2

Share this post


Link to post
Share on other sites

Looks wicked! Should be easy to support other keyboard layouts right?

0

Share this post


Link to post
Share on other sites

Setting up a github to post this can be helpful to the community in general.

1

Share this post


Link to post
Share on other sites

Well done! It would be awesome to play with your suite, and a great set of scripts to learn from.

0

Share this post


Link to post
Share on other sites

The first version of the site is now online! :D

http://ducktoolkit-411.rhcloud.com/Home.jsp

I had to remove a few features from the orginial specification but i plan to reintroduce these in the future.

What i need is people to test the site/scripts and let me know if everything is working properly. If you have any issues with either the scripts or the site please let me know in this thread so i can fix asap.

411.

Edited by 411
1

Share this post


Link to post
Share on other sites

I have updated the Duck Toolkit.

New Features

1 x Reconnaissance Script (Copy FireFox Profile)

3 x Exploitation Scripts (Enable Reverse Desktop, Create a Reverse Shell, DNS Poisoning)

1 x Reporting Script (Email Reporting via Gmail)

You are now able to download both .bin file and the .txt file. This will allow you create the scripts and encode them later offline.

Existing recon scripts have been modified to include more data.

An MD5 hash value is now generated for each payload

A sample reconnaissance report has been added

I am planning on adding some scripts from the simple-ducky over the next few weeks and I am also trying to find a way to implement twin duck support.

411.

0

Share this post


Link to post
Share on other sites

This topic actually helped me a lot! Great great Great is all I can say.

Made my first bin file and now I'm over to the hak5 shop to buy my first ducky duck. I'm planning to use it also for a school project.

In my last project by the way about wireless security I've been using the Pineapple so hak5 is really helping me to get graduated on a pleasant way:-)

Thumbs up !!

0

Share this post


Link to post
Share on other sites

Just a heads up that i have added 2 new scripts to the Toolkit and have also fixed some bugs that were reported with the Online Encoder.

New Scripts

Copy SAM File (Creates a shadow copy of the SAM file so it can be accessed)

Remove Windows Update (Allows the user to specify a Windows Update to be removed from the target system)

Other New Features

Line numbers have been added to the online encoder.

The error handling on the online encoder has been improved

Support for French Mac keyboards has been added

Swedish keyboard mapping has been updated to allow support for ^

I am still working on Twin Duck reporting and exploitation functionality but its proving hard.

411.

0

Share this post


Link to post
Share on other sites

I am having a little trouble understanding this duck toolkit.

I understand the duck when inserted types commands to steal username and pw from memory, saves that to flash and when you pull it out that data is with you. You now can go back to that system and login.

It seems the duck toolkit doesn't include any of that.

So that happens anyway and this generator adds to that function, which is always there.

Is that about right? Or am I confused?

0

Share this post


Link to post
Share on other sites

Hello, I enjoy using this toolkit very much. However I seem to have a problem with the "ComputerInfo.html" file. My example situation is the following: Select "Computer Information" and "User Information" recon check boxes from your toolkit site and build a payload to gmail to myself from the target computer. Everything works fine. Now, when I build and test another payload on the same machine, this time I select (for example) "User Document List" or anything else from those checkboxes in the "Reconnaissance" section that would report back into ComputerInfo.html. Then I encode the ducky as normal and insert into the same machine. I get a popup when its almost done telling me that there is another ComputerInfo.html file already there and if I want to copy and replace. This is where the hiccup is because the script is not programmed to make a decision at this window. But It then creates the zip file anyway with the original ComputerInfo.html fIle, not the new one (which would be the "User Document List") and sends it out through email. Apparently, that previous ComputerInfo.html file was not erased properly or something after the first payload finished even though the temporary folder "C:\Users\MY-PC\Duck" is deleted once it exports the zip file. If that folder is deleted after a payload finishes, then why do I get a "do you want to copy and replace" window during a new different recon payload?

I want to be able to use the same machine multiple times with different combinations of payloads and it report the intended "ComputerInfo.html" file to me.

How can I prevent this? Is there a way to tell that I won't run into this problem before I insert the ducky?

-Thank you in advance

0

Share this post


Link to post
Share on other sites

Hope someone can answer my question.

The web based script generators such as this one are very awesome, don't get me wrong.

But i'm wondering what happens when the sites themselves are no longer available, ie. domains expire, site owner/creator moves on with life, etc.

Is there a way we can get a zip file of these sites from the creator to mirror locally so that we always have a copy no matter what shappens?

I understand that there are noobs who would love to put there own name to someone elses creation for their own gain...but..

Hope people can see where I'm coming from.

0

Share this post


Link to post
Share on other sites

Hello, I enjoy using this toolkit very much. However I seem to have a problem with the "ComputerInfo.html" file. My example situation is the following: Select "Computer Information" and "User Information" recon check boxes from your toolkit site and build a payload to gmail to myself from the target computer. Everything works fine. Now, when I build and test another payload on the same machine, this time I select (for example) "User Document List" or anything else from those checkboxes in the "Reconnaissance" section that would report back into ComputerInfo.html. Then I encode the ducky as normal and insert into the same machine. I get a popup when its almost done telling me that there is another ComputerInfo.html file already there and if I want to copy and replace. This is where the hiccup is because the script is not programmed to make a decision at this window. But It then creates the zip file anyway with the original ComputerInfo.html fIle, not the new one (which would be the "User Document List") and sends it out through email. Apparently, that previous ComputerInfo.html file was not erased properly or something after the first payload finished even though the temporary folder "C:\Users\MY-PC\Duck" is deleted once it exports the zip file. If that folder is deleted after a payload finishes, then why do I get a "do you want to copy and replace" window during a new different recon payload?

I want to be able to use the same machine multiple times with different combinations of payloads and it report the intended "ComputerInfo.html" file to me.

How can I prevent this? Is there a way to tell that I won't run into this problem before I insert the ducky?

-Thank you in advance

So sorry about the delay in my reply. I have started a new job recently so things have been manic.

Yeah that script is poorly written, i will make a modification this weekend that adds a number and increments by one each time or possibly a timestamp. Anyway should be fixed by Sunday, thanks for bringing that to my attention :)

Hope someone can answer my question.

The web based script generators such as this one are very awesome, don't get me wrong.

But i'm wondering what happens when the sites themselves are no longer available, ie. domains expire, site owner/creator moves on with life, etc.

Is there a way we can get a zip file of these sites from the creator to mirror locally so that we always have a copy no matter what shappens?

I understand that there are noobs who would love to put there own name to someone elses creation for their own gain...but..

Hope people can see where I'm coming from.

Definately see where your coming from, its very similar to when i-ducke disappeared and seems to be lost forever. The Duck Toolkit is hosted on a free hosting site with no 'time limit' so there is no reason that it should disappear overnight.

That being said i have been planning to get it on github for several months but work commitments have just taken all my time. I will get this moving over the coming weeks, there are still changes that need to be made to the code as there are a few issues that will prevent in running elsewhere. Its also such a big project i will need to comment the code as i doubt my code will make much sense.

I will let you know when this is all done.

Dead silence on this one. Hmm.

I think you may be a little confused. The Duck is capable of stealing usernames and passwords from a target computer this is however one of its MANY uses.

The aim of this project was to introduce a tool which would allow users to select from multiple pre compiled scripts (25+) in order to build a payload which suited their needs. Some of these scripts already existed however I created many of the scripts myself for my own uses.

The secondary aim of the project was to introduce a reporting functionality to the Ducky which would allow users to extract reconnaissance information from a target machine, an example of this can be seen here: http://www.ducktoolkit.com/SampleReport.html

You rightly point out that the Duck Toolkit doesn’t include twin duck functionality at this time which would allow you to insert a USB & Ducky and steal the password file but it is still in its early stages. I have a lot of the code in place which would allow the twin duck approach to work but it isn’t easy to merge this with my current approach, major code revisions are needed.

The Toolkit does contain the username/password stealing functionality btw, but you have to email, ftp or save to the local machine.

Anyway, hope that answer your question.

411.

1

Share this post


Link to post
Share on other sites

So sorry about the delay in my reply. I have started a new job recently so things have been manic.

Yeah that script is poorly written, i will make a modification this weekend that adds a number and increments by one each time or possibly a timestamp. Anyway should be fixed by Sunday, thanks for bringing that to my attention :)

Definately see where your coming from, its very similar to when i-ducke disappeared and seems to be lost forever. The Duck Toolkit is hosted on a free hosting site with no 'time limit' so there is no reason that it should disappear overnight.

That being said i have been planning to get it on github for several months but work commitments have just taken all my time. I will get this moving over the coming weeks, there are still changes that need to be made to the code as there are a few issues that will prevent in running elsewhere. Its also such a big project i will need to comment the code as i doubt my code will make much sense.

I will let you know when this is all done.

I think you may be a little confused. The Duck is capable of stealing usernames and passwords from a target computer this is however one of its MANY uses.

The aim of this project was to introduce a tool which would allow users to select from multiple pre compiled scripts (25+) in order to build a payload which suited their needs. Some of these scripts already existed however I created many of the scripts myself for my own uses.

The secondary aim of the project was to introduce a reporting functionality to the Ducky which would allow users to extract reconnaissance information from a target machine, an example of this can be seen here: http://www.ducktoolkit.com/SampleReport.html

You rightly point out that the Duck Toolkit doesn’t include twin duck functionality at this time which would allow you to insert a USB & Ducky and steal the password file but it is still in its early stages. I have a lot of the code in place which would allow the twin duck approach to work but it isn’t easy to merge this with my current approach, major code revisions are needed.

The Toolkit does contain the username/password stealing functionality btw, but you have to email, ftp or save to the local machine.

Anyway, hope that answer your question.

411.

Well, there's no doubt I am confused. Ha. Completely!

I saw where it could email or ftp or save, but not to the duck, to the machine (or so it seems). Or can it save to the filesystem on the duck?

I watched the video of Darrin at the bar, showing how his USB rubber duck could retrieve his PW, "lamepassword", which he admonished us to not use. Maybe he was using minikatz on that show?

I kind of thought that was a primary use of the rubber duck. Stick it in, it gets the pw, here it is, and you may now login.

I was trying to figure out how I can put that on an innocuous looking usb drive I have so many of on hand, could come in handy in my bag of tricks. Ya know, you use stuff like that, and people think you're a genius! Solve their problems like it was nothing.

Har.

Edited by Steevo
0

Share this post


Link to post
Share on other sites

Just a heads up. I have made a few minor adjustments to the toolkit based on feedback i got from users.

- The payloads will no longer fail if a Ducky folder already exists in the user home directory

- The network scan will no longer fail if the user is using a VPN

- The encoders error messages have been tweaked so they display the correct line (sometimes the messages were +10 lines off)

Most importantly i have switched to using the Duck Encoder v2.6.2. Which means now thanks to midnitesnake i can include keyboard language selections for Spanish, Canadian and Swiss keyboards.

411.

0

Share this post


Link to post
Share on other sites

Very very nice, waiting for my duck's to arrive but I've looked at some of the payloads and they are very nice indeed, you really should make an option to save to ducky though.

0

Share this post


Link to post
Share on other sites

honestly man, who wouldn't just check every box that wasnt obtrusive. It's not like I DONT want the computer name. This didnt work for me, but then, i packed the list.

IMHO, ducky tech has evolved to where it's now about getting the report file back on the twin duck or loading exes from it. everything else has been done. Glad to see a web site for it though. even if it didnt work for me ;)

0

Share this post


Link to post
Share on other sites

I have a problem and it's most likely something I'm doing wrong, but when I do any of the reconnaissance scripts it does everything it is suppose to do except save the Report.zip in the directory I choose? Looking through the plain text I can see it's not being told to save to the directory I choose? What could I be doing wrong?

Also is there a way to save this tool for offline use?

Thanks in advance for any answers and thanks to the amazing creator of this sweet tool!

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.