Jump to content

DAPPR - Ducky Android Pocket Payload Reserve


Cola

Recommended Posts

The following is a true story of a small victory I felt that I should share, and maybe help someone with similar interests.

This is likely not the easiest way to achieve this, but it was a simple concept I wanted to give a shot.

I had an idea the other day to copy all of my saved payloads onto my android phone. This way, whenever I might be feeling mischievous, *err*, need to perform "administrative tasks", I could do so without going to my laptop. which I might not have on me, choosing the script, compiling, and transferring onto my ducky.

Step 1: Organization

My goal was to "pre-compile", and relocate each source file, along with its resulting inject.bin file into its own directory, so as to easily access them on my android; easy selection, and transfer them quickly to the storage of my ducky.

Originally, I had about 40 scripts saved as .txt files in a directory named "Payloads".

[Payloads]
|
|----Payload1.txt
|----Payload2.txt
|----Payload3.txt

etc.

With a bit of windows, and a crash course in powershell-fu, I made a script to create directories with the name of the payload, and move the payload into its respective directory.

MakeDirAndRename.ps1:



$files = get-childitem "C:\Users\Cola\Desktop\Duck\Payloads\*.txt"
ForEach ($file in $files) {
    $dirname = $file.BaseName
    New-Item -Path $dirname -type directory
    Move-Item $file $dirname
}

Result:

[Payloads]
|
|----[Payload1]
|    |
|    |----Payload1.txt
|
|
|----[Payload2]
|    |
|    |----Payload2.txt
|
|
|----[Payload3]
|    |
|    |----Payload3.txt


etc.

Step 2: Compiling Recursively

Realizing that the compiler looks for files named payload.txt, I made another script to recursively rename them all to payload.txt, in retrospect, I would have just modified the compiler batch file to look recursively through the directories and compile all the things, but its all about learning, so this is what I did:

RecursiveRename.ps1

get-childItem -recurse | Where {$_.extension -eq ".txt"} | rename-item -newname payload.txt

Result:

[Payloads]
|
|----[Payload1]
|    |
|    |----payload.txt
|
|
|----[Payload2]
|    |
|    |----payload.txt
|
|
|----[Payload3]
|    |
|    |----payload.txt


etc.

I modified the compiler to include the path to encode.jar, then wrote a cute little batch script to run the compiler.bat in each directory recursively.

call "C:\Users\Cola\Desktop\Duck\Payloads\compile.bat"
for /r /d %%x in (*) do (
    pushd "%%x"
    call "C:\Users\Cola\Desktop\Duck\Payloads\compile.bat"
    popd
)

The final result:

[Payloads]
|
|----[Payload1]
|    |
|    |----Payload1.txt
|    |----inject.bin
|
|----[Payload2]
|    |
|    |----Payload2.txt
|    |----inject.bin
|
|----[Payload3]
|    |
|    |----Payload3.txt
|    |----inject.bin

etc.

Pardon the icky, roundabout way, but with my limited windows/IT background, I was pretty darn happy when I got it all working.

Step 3: Deployment

After organizing the files in a phone/tablet friendly way, and eliminating the need to compile every time I needed to change scripts, I transferred all of the directories onto a folder on my phones built in storage. To retrieve them, I will either plug the ducky in to my phone via OTG cable (I'm using 4CAP firmware), or just the SD card.

I hadn't seen anything about this and the idea just kinda hit me when I had my ducky with me, but no laptop.

Please give me some feedback on what I've done and let me know what I could have done better!

Also, I'd love to see some similar stories!

EDIT: Wrapping up

After experimentation, I decided to add a bookmark to http://ducktoolkit-411.rhcloud.com/Home.jsp to my home screen, next to my preferred filesystem browser

This has the Online Duck Encoder, and various other recources.

Edited by Cola
Link to comment
Share on other sites

So how did you get the tablet to move the compiled file to the root of the drive? Is there some drag and drop feature in the file explorer?

On my Galaxy S4 Active, when I plugged in the 4CAP duck, i got a notification that I attached mass storage, which opened by default "My Files", which you can use to copy and paste from where you stored the bin files to the ducky.

Edited by Cola
Link to comment
Share on other sites

It's a good solution. Maybe somebody will design an app that does this.

That was my hope! It sure makes the platform much more mobile and flexible.

Edited by Cola
Link to comment
Share on other sites

It is really not so hard to do without an app. However, I do think that an app that allows syncing with a cloud service like Google Drive, and has built in shortcuts to the Online Encoder Website, and the Hak5 Ducky forums so you can stay up-to-date with payloads would be cool.

It'd also be nifty if there was an easy way to copy the source from the forum posts and quickly submit it to the online Duck Encoder.

If anyone has the skillset to create something like this, I think it would be a great way to expand the mobility and practicality of the ducky as an attack platform.

Link to comment
Share on other sites

It is really not so hard to do without an app. However, I do think that an app that allows syncing with a cloud service like Google Drive, and has built in shortcuts to the Online Encoder Website, and the Hak5 Ducky forums so you can stay up-to-date with payloads would be cool.

It'd also be nifty if there was an easy way to copy the source from the forum posts and quickly submit it to the online Duck Encoder.

If anyone has the skillset to create something like this, I think it would be a great way to expand the mobility and practicality of the ducky as an attack platform.

Well i am just starting of codeing for android so i will give it ago and see were i get

Link to comment
Share on other sites

It is really not so hard to do without an app. However, I do think that an app that allows syncing with a cloud service like Google Drive, and has built in shortcuts to the Online Encoder Website, and the Hak5 Ducky forums so you can stay up-to-date with payloads would be cool.

It'd also be nifty if there was an easy way to copy the source from the forum posts and quickly submit it to the online Duck Encoder.

If anyone has the skillset to create something like this, I think it would be a great way to expand the mobility and practicality of the ducky as an attack platform.

It's a good solution. Maybe somebody will design an app that does this.

Just update due to being very new i am forced to use Open Source Notepad app TextPad But now i have made to work with Android Studio and now trying to get it to save .bin

Some idea i had are

To get it to download and upload useing dropbox

so when your at your desktop put you inject file in drop box and in will download to your phone and then app could edit and save this

and then upload all payloads from Usb Rubber Ducky wiki but for now you will need to keep updateing the app

and i am thinking of trying to add this too Google play store but i would find this hard

p.s The whole software will be open to any one to use :)

any idea commant or pm me

Link to comment
Share on other sites

Don't bite off more than you can chew though, I would prefer having a simple app that recurses duck payload folders that works than a cloud based solution that doesn't.

Also I looked at trying to convert the duck encoder to android a while back, and could not find anything on the rich text files that the normal encoder supports, so might want to drop support for that particular feature.

Edited by overwraith
Link to comment
Share on other sites

Don't bite off more than you can chew though, I would prefer having a simple app that recurses duck payload folders that works than a cloud based solution that doesn't.

Also I looked at trying to convert the duck encoder to android a while back, and could not find anything on the rich text files that the normal encoder supports, so might want to drop support for that particular feature.

Yes i am i am been battle android studio crappy importing but it all works now

i am not useing normal text editer like i said be for i have done some digging and will be picking up old project that Member had started he made duck encoder for android and i will just takeing over as he not been on since March 9 2012 but i will be sending him inbox to his last know email saying i will be picking this project up if you disagree pm me

and he upload the project to git

any way when i have basic down i will make a topic on it

got any idea just ask

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...