411Hall Posted January 23, 2014 Author Share Posted January 23, 2014 honestly man, who wouldn't just check every box that wasnt obtrusive. It's not like I DONT want the computer name. This didnt work for me, but then, i packed the list. IMHO, ducky tech has evolved to where it's now about getting the report file back on the twin duck or loading exes from it. everything else has been done. Glad to see a web site for it though. even if it didnt work for me ;) Sorry for the delay in my reply. I promise it will get there! Did it error for you out of curiosity or just out right fail? I have a problem and it's most likely something I'm doing wrong, but when I do any of the reconnaissance scripts it does everything it is suppose to do except save the Report.zip in the directory I choose? Looking through the plain text I can see it's not being told to save to the directory I choose? What could I be doing wrong? Also is there a way to save this tool for offline use? Thanks in advance for any answers and thanks to the amazing creator of this sweet tool! Ah sorry about that its probably a coding error on my end. Would you mind messaging me a few more details on here or emailing me at ducktoolkit@outlook.com Specifically I want to know where your asking the file to save and what the text file is displaying instead. 411. Quote Link to comment Share on other sites More sharing options...
Hak6 Posted January 24, 2014 Share Posted January 24, 2014 Ah sorry about that its probably a coding error on my end. Would you mind messaging me a few more details on here or emailing me at ducktoolkit@outlook.com Specifically I want to know where your asking the file to save and what the text file is displaying instead. 411. Either C:\Users\Public\Documents or back to the duck J:\ (on my system). No matter where I ask in the plain text file it always says and I'm not sure how much of the code you will need to see but this is what I'm seeing. ($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = 'C:\Windows\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile Let me know if you need any more info, thanks again Quote Link to comment Share on other sites More sharing options...
411Hall Posted January 24, 2014 Author Share Posted January 24, 2014 Either C:\Users\Public\Documents or back to the duck J:\ (on my system). No matter where I ask in the plain text file it always says and I'm not sure how much of the code you will need to see but this is what I'm seeing. ($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = 'C:\Windows\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile Let me know if you need any more info, thanks again All fixed mate. Was a stupid mistake on my end. Sorry about that, 411. Quote Link to comment Share on other sites More sharing options...
Hak6 Posted January 24, 2014 Share Posted January 24, 2014 All fixed mate. Was a stupid mistake on my end. Sorry about that, 411. Awesome, I'll test it out after work. Again, awesome tool thank so much! Quote Link to comment Share on other sites More sharing options...
Hak6 Posted February 4, 2014 Share Posted February 4, 2014 (edited) Is it possible to add the SYSTEM file to the extract SAM file payload? Also I notice "ALT y" in the beginning of a lot of the code, What purpose dose it serve? Just curious. DELAY 3000 GUI r DELAY 750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 ENTER Thanks in advance! Edited February 4, 2014 by Hak6 Quote Link to comment Share on other sites More sharing options...
411Hall Posted February 8, 2014 Author Share Posted February 8, 2014 Is it possible to add the SYSTEM file to the extract SAM file payload? Also I notice "ALT y" in the beginning of a lot of the code, What purpose dose it serve? Just curious. DELAY 3000 GUI r DELAY 750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 ENTER Thanks in advance! Yeah adding System file shouldn't be an issue. I will try a few things later on and roll it out with the next update if it works. The 'ALT y' is used as a way to answer yes on the User Account Control dialogue which appears when you try to run programs with admin privileges. I found it more reliable than the 'LEFT ENTER' method i was using before. The start of my scripts is taken directly from Darren's UAC bypass script posted here: https://forums.hak5.org/index.php?/topic/30100-payload-faster-uac-bypass/ 411. Quote Link to comment Share on other sites More sharing options...
brazen Posted February 10, 2014 Share Posted February 10, 2014 Am I to understand that this can be used for any os? Quote Link to comment Share on other sites More sharing options...
411Hall Posted February 10, 2014 Author Share Posted February 10, 2014 (edited) Am I to understand that this can be used for any os? No sorry, only Windows systems with admin priveledges that have PowerShell installed. What OS are you interested in running it against? 411. Edited February 10, 2014 by 411 Quote Link to comment Share on other sites More sharing options...
brazen Posted February 10, 2014 Share Posted February 10, 2014 No sorry, only Windows systems with admin priveledges that have PowerShell installed. What OS are you interested in running it against? 411. os x Quote Link to comment Share on other sites More sharing options...
Dolphineer Posted February 18, 2014 Share Posted February 18, 2014 (edited) I'm having trouble with this toolkit's email function. I always try to send all the reconnaissance info to an email address, but it never sends the email to the one i specified.This is how the menu is setup for email recon (I'm certain you know how it looks anyway) Reporting Scripts Email Report via GMAIL Email address to send report to: (name@gmail.com) Email Username: (name) Email Password: (Password123) For example, the first box I fill in with: cgdcrew@gmail.com The second box I fill out with: cgdcrew@gmail.com And then the password for my gmail account. I download the binary, but the inject.bin into the root of the Ducky, put it onto a test machine that I have, it writes and executes all code, but no email is sent to the specified address. Is this a bug or am I doing something wrong? Thanks. Edited February 18, 2014 by Dolphineer Quote Link to comment Share on other sites More sharing options...
411Hall Posted February 18, 2014 Author Share Posted February 18, 2014 I'm having trouble with this toolkit's email function. I always try to send all the reconnaissance info to an email address, but it never sends the email to the one i specified. This is how the menu is setup for email recon (I'm certain you know how it looks anyway) Reporting Scripts Email Report via GMAIL Email address to send report to: (name@gmail.com) Email Username: (name) Email Password: (Password123) For example, the first box I fill in with: cgdcrew@gmail.com The second box I fill out with: cgdcrew@gmail.com And then the password for my gmail account. I download the binary, but the inject.bin into the root of the Ducky, put it onto a test machine that I have, it writes and executes all code, but no email is sent to the specified address. Is this a bug or am I doing something wrong? Thanks. Hey mate, Sorry about that. I have just tested the script and it worked for me, I am assuming you have checked Junk folders etc? (I have to ask) I think you may be having one of two possible issues: 1. Its possible that either the 'Report.zip' isn't ever being created so it can be uploaded and sent via email, that would cause the script to crash. 2 . SMTP (port 25) may be blocked on your firewall which is preventing the script from being sent. However I have never had this issue and I have tried on several computers with different firewalls etc. First thing i would try is disabling any firewalls etc and doing a test run, if the email arrives then problem sorted. Although i will need to fix that issue. If that doesn't work then its probably a 'Report.zip' issue. Could you try making a recon script and select the 'Save Report to Target Machine' option, enter a folder directory for the file to save too and run the script. That will let me know if the zip creation functionality is working on your computer. Sorry for the issues, 411. Quote Link to comment Share on other sites More sharing options...
Rondinelle Lima Bispo Posted February 20, 2014 Share Posted February 20, 2014 Greetings friends, I am newbie in the forum, and I'm having trouble with the keyboard configuration Portuguese (Brazil), I found the selection of the site layout keyboard. Can someone help me? Quote Link to comment Share on other sites More sharing options...
411Hall Posted March 1, 2014 Author Share Posted March 1, 2014 Version 2 of the Duck Toolkit is now online! v.2 Changes: New UI USB Reporting Payload Duck Slurp Payload Fixed Encoder Issues USB Recon Script Updated Fixed Other Backend Issues Check it out at http://www.ducktoolkit.com Feedback is always appreciated. Also I really want to get some fresh scripts on the site in the coming weeks so if anyone has any requests just message me. Enjoy, 411. Quote Link to comment Share on other sites More sharing options...
lilfear1 Posted March 11, 2014 Share Posted March 11, 2014 (edited) I am having the same problem, and if I try to physically click no or yes the ducky doesn't finish the attack. this wont let me paste the post this was referring to and I hit quote..... Anyway the post I am referring to says that when I insert the ducky into my target computer then remove. add another payload on ducky re-insert into same target computer comes up with error saying file already exists (cant think of the file atm sorry) but it goes on to ask if you want to replace it or not. I thought that file would be deleted showing no evidence of even being there. If I hit yes to override it the ducky doesn't finish the attack. Also on another subject my SD that came with my ducky is also bad I have a 4Gb that seems to work though. Edited March 11, 2014 by lilfear1 Quote Link to comment Share on other sites More sharing options...
Merlintime Posted March 11, 2014 Share Posted March 11, 2014 Anyway the post I am referring to says that when I insert the ducky into my target computer then remove. add another payload on ducky re-insert into same target computer comes up with error saying file already exists (cant think of the file atm sorry) but it goes on to ask if you want to replace it or not. I thought that file would be deleted showing no evidence of even being there. If I hit yes to override it the ducky doesn't finish the attack. I've just started working with the Rubby Ducky and the scripts generated on the Duck Toolkit site, so hopefully I'm not giving you bad information. I believe you are referring to the file listed below. CTRL S DELAY 1500 STRING C:\Windows\config.ps1 The above is only a portion of the script generated on the Duck Toolkit site. The CTRL S line opens the option in Notepad to save a file. "STRING C:\Windows\config.ps1" enters the name and location in which to save the file. If the file already exist in C:\Windows\, a message will prompt for replacement. The final portion of the script is to execute the config.ps1 file via Powershell in a hidden window. STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER Currently I do not see anything which automatically removes the C:\Windows\config.ps1 file. This means prior to deploying the Ducky payload, you will need to manually remove the file or add a line to the script which removes the file automatically to avoid the error message letting you know the file already exist. Hope that helps a bit. Quote Link to comment Share on other sites More sharing options...
411Hall Posted March 11, 2014 Author Share Posted March 11, 2014 (edited) I am having the same problem, and if I try to physically click no or yes the ducky doesn't finish the attack. this wont let me paste the post this was referring to and I hit quote..... Anyway the post I am referring to says that when I insert the ducky into my target computer then remove. add another payload on ducky re-insert into same target computer comes up with error saying file already exists (cant think of the file atm sorry) but it goes on to ask if you want to replace it or not. I thought that file would be deleted showing no evidence of even being there. If I hit yes to override it the ducky doesn't finish the attack. Also on another subject my SD that came with my ducky is also bad I have a 4Gb that seems to work though. Sorry about that mate. Its exactly what Merlintime said, nice one btw! The PowerShell file which is created when the script is deployed is called config.ps1, this is saved in the C:\Windows folder. The file will erase itself after completion. So that fact that its still there means the script you run before has either errored or hasn't completed. Have you by chance run the Twin Duck script? I seem to remember that doesn't finish for a very very long time even after alot of the files have been copied to the USB. Anyway its a simple enough fix. I will make sure that future scripts overwrite the config.ps1 file if its present. Should be able to push the changes out by the weekend. Issue is now fixed. Thanks for using the Toolkit and sorry about the issues. 411. Edited March 12, 2014 by 411 Quote Link to comment Share on other sites More sharing options...
lilfear1 Posted March 14, 2014 Share Posted March 14, 2014 I've just started working with the Rubby Ducky and the scripts generated on the Duck Toolkit site, so hopefully I'm not giving you bad information. I believe you are referring to the file listed below. CTRL S DELAY 1500 STRING C:\Windows\config.ps1 The above is only a portion of the script generated on the Duck Toolkit site. The CTRL S line opens the option in Notepad to save a file. "STRING C:\Windows\config.ps1" enters the name and location in which to save the file. If the file already exist in C:\Windows\, a message will prompt for replacement. The final portion of the script is to execute the config.ps1 file via Powershell in a hidden window. STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER Currently I do not see anything which automatically removes the C:\Windows\config.ps1 file. This means prior to deploying the Ducky payload, you will need to manually remove the file or add a line to the script which removes the file automatically to avoid the error message letting you know the file already exist. Hope that helps a bit. Ok thank you for your help. I wil just add in a line and hopefully I dont do it wrong lol thanks a bunch Quote Link to comment Share on other sites More sharing options...
Qtec Posted April 26, 2014 Share Posted April 26, 2014 HiI am new to hak5 forum, and i love the show.I always do a lot of googling before using forums as last resort.I came by this rubber ducky tool and the site is realy nice.I was wondering if it is possible to run payload script generated on a normal usb flash drive? Any help or link to reading about this will be much appreciated. Quote Link to comment Share on other sites More sharing options...
Xcellerator Posted April 26, 2014 Share Posted April 26, 2014 Afraid not, the ducky is NOT a flash drive. You could write scripts for one of the Teensy boards that would achieve the same effect, but the ducky is superior. Quote Link to comment Share on other sites More sharing options...
411Hall Posted May 7, 2014 Author Share Posted May 7, 2014 I have added a new delay feature to the Toolkit. Now you can specify exactly how much delay you want on each script, this should prevent any run time errors with the scripts trying to execute faster than the target computer can handle. 411. Quote Link to comment Share on other sites More sharing options...
xyntax Posted May 28, 2014 Share Posted May 28, 2014 Why if I choose italian layout keyboard the shortcut are still USA? example: alt y. In italian its alt s. Also when generating the script i see lot of downarrow that are useless at my point of view. P.s. I choosed, computer information + find and upload a file FTP + save report to target machine but I had to modify all the shortcut because they were wrong. What can I do now?? Quote Link to comment Share on other sites More sharing options...
411Hall Posted June 1, 2014 Author Share Posted June 1, 2014 Hi xyntax sorry for the delay in my reply. I believe there is an issue with the italian keyboard layout in the latest encoder as you are not the only person to report this to me. The down arrows are there to pull the notepad off screen. The amount of down arrows required to get the notepad off screen vary depending on screen resolution. Since i dont know the users screen resolution i have included more that should be would probably be necessary to ensure the notepad is always hidden. 411. Quote Link to comment Share on other sites More sharing options...
nazgul Posted June 10, 2014 Share Posted June 10, 2014 I am having an issue creating a working payload ... I am new to the gear so please bear with me :) I am trying to generate a very simple payload ... Just selecting Comper Info from RECON and Save to target for REPORT ... The Script seems to run fine on the target ... However after the command prompt closes I just have a PowerShell file on my desktop and NO c:\report.zip file .... What am I missing??? Quote Link to comment Share on other sites More sharing options...
411Hall Posted June 10, 2014 Author Share Posted June 10, 2014 I am having an issue creating a working payload ... I am new to the gear so please bear with me :) I am trying to generate a very simple payload ... Just selecting Comper Info from RECON and Save to target for REPORT ... The Script seems to run fine on the target ... However after the command prompt closes I just have a PowerShell file on my desktop and NO c:\report.zip file .... What am I missing??? Hi nazgul, sorry you are having issues! Would you mind sending the .txt and .bin payloads to ducktoolkit@outlook.com so i can have a look? There is definitely something wrong as the PowerShell file should be hidden in C:\Windows. 411. Quote Link to comment Share on other sites More sharing options...
411Hall Posted October 14, 2014 Author Share Posted October 14, 2014 Just a heads up. I have updated the encoder on the Toolkit to 2.6.3. Hoping this will fix the issues users have been having with the Encoder. Any issues let me know. 411. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.