overwraith

It might be possible to simply take the two .bin files that the duckencoder makes and simply paiste the byte code from one at the end of the other. I dont know for shure though, since I dont really know how the duckencoder works as far as java code goes(not enough time on my hands). This might be a little problematic if the payloads byte length adds up to be longer than the duckey/encoder supports. There appears to be a file size limit, because once I tried to make a really big payload that typed in an exe's bytes, and it stopped typing after about 5 min.

In case anyone is still interested I have recently recollected that Java bytecode is portable between computers, and that java class files are frequently smaller than java source files. Provided that there are no nondisplayable characters in java class files, it would be possible to convert the java file to Duck code to type the class file into copy con, thus uploading to the target PC. I have also recollected that almost every computer has the java runtime environment and in that file is java.exe. Because java.exe is in the file, it would be unnecessary to install and compile java code using the Java Developer Kit (JDK) on the target computer when the class file can be simply run using the exe in the jre folder. I wish I had remembed this before I had posted the first time...

Finally finished the full java solution feel free to modify, or improve. Use the -help/-h/-H/-? command line flags for directions on how to use. When inputting a string on the command prompt using the -con flag, remember that the ctrl+z character must be adjacent to the last line of text you wish to input. There is a slight bug in the code that does not allow the ctrl+z character to be recognized if on a line by its self. ***File: ToDuckScript.java***

I probably should have mentioned that I use a Windows box, but theres probably windows option for bash... Im glad that a couple of people were interested in my topic. After I posted this topic I began working on a java solution, and I will post it here. I am working on a GUI option for the java program, right now only command line options work. There are a couple of bugs in the code, like when typing the ^Z character to end the console input you must type it adjacent to text, not on a line by its self. Remember to compile first, then use the java command on the command prompt to run the class. I had a few problems with uploading the file, so I will just copy and paiste the text here;

I have found that often one wants to write an ASCII file, like a batch file, or something, and then wants to convert the file to Duck Script which involves; batch.bat~ Bat cmd Bat cmd Bat cmd Bat cmd Duck Script~ REM INPUT FILE BATCH.BAT STRING copy con batch.bat ENTER STRING Bat cmd ENTER STRING Bat cmd ENTER STRING Bat cmd ENTER STRING Bat cmd ENTER It would be really Awesome if we could write a JAVA/PYTHON/C++/C program to do this automatically. A java program could probably serve both as a command line called program, aswell as a GUI program, using a cmd line flag or the prescence of multiple flags to differentiate between the run states.

Hello all, been just watching hak 5 for a while now, finally signed up for an account recently. I was just wondering if anyone had thought of implementing more payloads, possably using Java, or Python as the target for the USB rubber duckey. -Could use the FTP Download / Upload payload to download the interpreter setup.exe -Silent flag for command line would need to be used to install the interpreter, if it exists in the setup, -A java program could be compiled/interpreted/run using the compiler/interpreter, -javaw.exe that is provided in the JDK could be used to run java code withoud a black box showing up. -Apparently use of java GUI stuff would be counter productive, and tip user off that something is up. -Java can be used to implement system stuff like moving/copying files which could be used in an info theft class() Im just getting a little tired of running batch cmds, they just arent very intuitive. There is usually much more control and clarity in a programming language. (Can obfuscate later either in the java/python code using some kind of a syntax scrambler, or at a lower level, like java or python byte code using a downloadable obfuscator. ) ***I do not think I will have time to implement this idea, but wanted to know what the rest of the Hak 5 community thought of it. *** PS.. Havent taken Assembly class yet, so though I understand the concept of buffer overflow, format string exploit, ect I couldnt find exploitable code without the source code.