Jump to content

HID Escaping Special Characters Not Working


jjd

Recommended Posts

I cant get this to work! I found another thread when searching for how to escape special char, but it seem to not work for me. copying that code

 
Q STRING \$Bunny \= \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\' \|  Select-Object -ExpandProperty DriveLetter\)

in my bunny outputs this to notepad

 
$Bunny = (gwmi win32_volume -f <label=<<BashBunny<<< ~ Select-Object -ExpandProperty DriveLetter)

the code from the WiPassDump payload

Q STRING '.((gwmi win32_volume -f '"'"'label='"''"'BashBunny'"'''"').Name+'"'"'payloads/'

outputs

.((gwmi win32_volume -f <label=<<BashBunny<<<).Name+<payloads#)

and this

 
Q STRING '$a = Get-WmiObject -Class Win32_Volume -Filter "Label='BashBunny'" | select -expand Name'

outputs

 
$a = Get-WmiObject -Class Win32_Volume -Filter @Label=BashBunny@ ~ select -expand Name

this is what made me realize that i needed to escape them

This works the same on both windows and mac clients, I am in Canada (not french Canada) and my language (on pc) is set to English US.

anyone have any ideas? I have tried setting 

QUACK SET_LANGUAGE us

but it does not seem to help, us.json is all thats in my languages folder.

 

any ideas?

Link to comment
Share on other sites

One thing that i noticed that may or may not be relevent here is that sometime editing a payload in something like wordpad will change normal quotations to the slanted ones.. (forgetting what thats called) . I had to manually paste in the " 

Link to comment
Share on other sites

this is driving me crazy! it seemed to work for about 15 minutes tonight, then trying again it didn't..... 

it would be great to get an official response about how escaping should work so I could know if it's me or the hardware.

some things seem to escape with ' some with \ 

none of the payloads that use any sort of special char work for me at all.... maybe that means it's not me but rather the hardware? i would think it should work with the payloads from the git?

Link to comment
Share on other sites

Just now, illwill said:

use backslashes instead of doublequotes to escape

yeah i tried that... from my first post:

 
 STRING \$Bunny \= \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\' \|  Select-Object -ExpandProperty DriveLetter\)

in my bunny outputs this to notepad

$Bunny = (gwmi win32_volume -f <label=<<BashBunny<<< ~ Select-Object -ExpandProperty DriveLetter)

 

 

if you see anything wrong with the escaping please tell me because I have no ideas

Link to comment
Share on other sites

Still not sure what the issue was but I got so frustrated I did a firmware recovery and after resetting up the bunny the exact same was as last time it seems to work now...... I like the bunny more today

Link to comment
Share on other sites

  • 4 weeks later...
On 3/24/2017 at 6:05 PM, jjd said:

yeah i tried that... from my first post:



 

 STRING \$Bunny \= \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\' \|  Select-Object -ExpandProperty DriveLetter\)

in my bunny outputs this to notepad


$Bunny = (gwmi win32_volume -f <label=<<BashBunny<<< ~ Select-Object -ExpandProperty DriveLetter)

 

 

if you see anything wrong with the escaping please tell me because I have no ideas

Hmm, try this.

 

In your Notepad++, make sure your encoding is UTF8, located in the lower right just left on the INS or OVR indicator.  Linux likes UTF8.

Right to the left of the the encoding, I would make use the Window CR LF is Unix LF. (I do most of my editing in Linux).

Last, try doing this to lessen how much escaping you have to do, encapsulate you quacked string in double quotes.  When you do that you only have the escape the $'s and any addition double quotes you want to use in your string before the ending double quote.  So, your quack string should look like this:

STRING "\$Bunny = (gwmi win32_volume -f \"label='BashBunny'\" |  Select-Object -ExpandProperty DriveLetter)"

I changed it a little bit to remove all the extra single quotes you had and stuff.  This should work as intended.  Try it,

 

 

Link to comment
Share on other sites

I was having a similar problem and found a non-elegant knuckle dragger work around.
let's say you want to inject keystrokes <keystrokes that I want to inject> into cmd or powershell.
If there are double quotes and a pair of single quotes somewhere between the double quotes then everything else is injected as is. Your line could look like
Q STRING "<keystrokes that I want to inject> & '' "
the two ticks directly to the right of the ampersand are two single quotes
This does cause an error as '' is rightfully interpreted as garbage but it will execute whatever is on the left of the ampersand correctly and will simply complain then ready for the next command.

Link to comment
Share on other sites

Your computer's language (not the BB's) - is it set to US-International by any chance? Or some other US variant? If so, swap it to US. If your already on US, swap it to US-International.

EDIT: Also, update to the latest firmware (1.2) and edit the config.txt folder that magically appeared in your BB's main folder. You can set the language in there using DUCKY_LANG us (already setup by default, though).

 

Link to comment
Share on other sites

  • 1 year later...
On 4/26/2017 at 1:34 AM, PoSHMagiC0de said:

Hmm, try this.

 

In your Notepad++, make sure your encoding is UTF8, located in the lower right just left on the INS or OVR indicator.  Linux likes UTF8.

Right to the left of the the encoding, I would make use the Window CR LF is Unix LF. (I do most of my editing in Linux).

Last, try doing this to lessen how much escaping you have to do, encapsulate you quacked string in double quotes.  When you do that you only have the escape the $'s and any addition double quotes you want to use in your string before the ending double quote.  So, your quack string should look like this:


STRING "\$Bunny = (gwmi win32_volume -f \"label='BashBunny'\" |  Select-Object -ExpandProperty DriveLetter)"

I changed it a little bit to remove all the extra single quotes you had and stuff.  This should work as intended.  Try it,

 

 

The UTF8 thing saved my day :-)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...