Jump to content

Run Exe From Ducky... Possible?


Recommended Posts

Hey guys,

I am pretty new to the rubber ducky, so here is what i did so far:

- Some test payloads (all working great!)

- Flashed the FW to Twin Duck

- Found the payload "runexe from sd" & "run jar file from sd"

The thing that I do not like pretty much is that there is on screen activity. Like visible stuff going on. On some hackercon video I saw guys flashing some usbs to run directly exe files from that usb. So i thought maybe RD could do it :)

So my goal is to run a *.exe file directly from the SD card of RubberDucky (NOT an additional USB Storage). I heard that this is only possible with TwinDuck so installed it. I want to get the final goal of:

--> Insert the Ducky into a computer so it automatically runs an exe file from the Ducky itself (for example lets say notepad.exe).

Questions:

1. Is this possible to do this? If yes how?

2. Is it possible to do this WITHOUT showing anything like running the cmd, powershell, run as...

Appreciate any help, thanks!

Link to comment
Share on other sites

1. Perhaps a Ducky owner can expand on this?

2. Probably not. The Ducky is an automated keyboard, nothing more, nothing less. It can only achieve the same things your keyboard can, so a quick keypress that starts a dosbox (cmd.exe), provide some script live-typed to discover what letter the drive is under and run a program on it in the background, then close the dosbox. I can't imagine any way to achieve the same without having things on the screen.

I believe the direct-running of stick contents is based on ancient Windows versions that allowed autorun on USB sticks and such, support of which has long since been suspended precisely because of the potential for abuse.

Link to comment
Share on other sites

The Rubber Ducky is a Human Interface Device (HID) that types like a keyboard. It is not meant to be used for flash storage and execution of .exe files in the way you seek. I don't know about Twin Duck and it's capabilities so if you think it may work then do some more research. The only way I can think of executing a file is to use the ducky to either download the file first or access it from a flash drive that you insert along with it and execute it via command prompt or PowerShell.

As far as hiding windows during this process I have used some scripts from DuckToolkit that use keyboard commands to move a window off screen while it's in use. Other than that I don't think there is a way to do what you want with the ducky.

Link to comment
Share on other sites

On screen activity is pretty much a given, there is no way to start a DOS prompt below the bottom of the screen that I know about. The trick is to minimize the footprint (Ex. arrowing down a lot). Another individual discussed a while back how it was possible to use the drivers on the Windows machine to start the computer's screen saver while the script was running. The objective is to be able to execute code on the machine in an automated manner hopefully on an admin machine, unless you have a payload which can elevate privilages. Also, Twin duck can allow you to run directly off the micro SD, but unless the current versions have become a lot better than what I have (red version), there is going to be wait time involved (the micro sd connecting is slow, not the keyboard operation). It is pretty slow. I remember this while I was developing on mine. I would invest in a usb splitter that looks cool, and thus combine the ducky with a higher speed USB flash drive for exfil/upload purposes. Another option is to put your hack tools online, and download them via a downloader script. The best application of a USB rubber ducky is attacking machines which are unattended. Is very simple to have a usb rubber ducky on your person at all times where the user of a machine just has to slip up once. You should check the USB rubber ducky forum, that is where a lot of the discussion on it occurrs, and there is a wealth of information in past posts. You should also check out Darren's Github page for the ducky where a lot of payloads are. Instillation of the twin duck should be covered in at least one discussion in the forum, as well as the flashing tutorial on the Github page. I am a little out of practice posting on the ducky I am currently looking for a job, amongst other things. Ducky users generally never post in the USB hack forum, that is for antiquated stuff like the USB hacksaw and switchblade which hasn't worked for years. Unless someone finds a flaw in Windows drivers again (I am looking at you equation group), there is probably not much possiblity of using the USB hacks forum.

Edited by overwraith
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...