[DuckToolkit NG]

Am I to understand that this can be used for any os?

No sorry, only Windows systems with admin priveledges that have PowerShell installed. What OS are you interested in running it against?

411.

[DuckToolkit NG]

Is it possible to add the SYSTEM file to the extract SAM file payload?

Also I notice "ALT y" in the beginning of a lot of the code, What purpose dose it serve? Just curious.

DELAY 3000

GUI r

DELAY 750

STRING powershell Start-Process notepad -Verb runAs

ENTER

DELAY 1500

ALT y

DELAY 500

ENTER

Thanks in advance!

Yeah adding System file shouldn't be an issue. I will try a few things later on and roll it out with the next update if it works.

The 'ALT y' is used as a way to answer yes on the User Account Control dialogue which appears when you try to run programs with admin privileges. I found it more reliable than the 'LEFT ENTER' method i was using before. The start of my scripts is taken directly from Darren's UAC bypass script posted here:

https://forums.hak5.org/index.php?/topic/30100-payload-faster-uac-bypass/

411.

[DuckToolkit NG]

Either C:\Users\Public\Documents or back to the duck J:\ (on my system). No matter where I ask in the plain text file it always says and I'm not sure how much of the code you will need to see but this is what I'm seeing.

($fileSaveDir){

ENTER

STRING $srcdir = $fileSaveDir

ENTER

STRING $zipFile = 'C:\Windows\Report.zip'

ENTER

STRING if(-not (test-path($zipFile))) {

ENTER

STRING set-content $zipFile

Let me know if you need any more info, thanks again

All fixed mate. Was a stupid mistake on my end.

Sorry about that,

411.

[DuckToolkit NG]

honestly man, who wouldn't just check every box that wasnt obtrusive. It's not like I DONT want the computer name. This didnt work for me, but then, i packed the list.

IMHO, ducky tech has evolved to where it's now about getting the report file back on the twin duck or loading exes from it. everything else has been done. Glad to see a web site for it though. even if it didnt work for me ;)

Sorry for the delay in my reply. I promise it will get there! Did it error for you out of curiosity or just out right fail?

I have a problem and it's most likely something I'm doing wrong, but when I do any of the reconnaissance scripts it does everything it is suppose to do except save the Report.zip in the directory I choose? Looking through the plain text I can see it's not being told to save to the directory I choose? What could I be doing wrong?

Also is there a way to save this tool for offline use?

Thanks in advance for any answers and thanks to the amazing creator of this sweet tool!

Ah sorry about that its probably a coding error on my end. Would you mind messaging me a few more details on here or emailing me at ducktoolkit@outlook.com

Specifically I want to know where your asking the file to save and what the text file is displaying instead.

411.

[DuckToolkit NG]

Just a heads up. I have made a few minor adjustments to the toolkit based on feedback i got from users.

- The payloads will no longer fail if a Ducky folder already exists in the user home directory

- The network scan will no longer fail if the user is using a VPN

- The encoders error messages have been tweaked so they display the correct line (sometimes the messages were +10 lines off)

Most importantly i have switched to using the Duck Encoder v2.6.2. Which means now thanks to midnitesnake i can include keyboard language selections for Spanish, Canadian and Swiss keyboards.

411.

[Online Duck Encoder alternatives?]

Try my site, the encoder isnt anywhere near as good but it works.

http://www.ducktoolkit.com/Encoder.jsp

411.

[DuckToolkit NG]

Hello, I enjoy using this toolkit very much. However I seem to have a problem with the "ComputerInfo.html" file. My example situation is the following: Select "Computer Information" and "User Information" recon check boxes from your toolkit site and build a payload to gmail to myself from the target computer. Everything works fine. Now, when I build and test another payload on the same machine, this time I select (for example) "User Document List" or anything else from those checkboxes in the "Reconnaissance" section that would report back into ComputerInfo.html. Then I encode the ducky as normal and insert into the same machine. I get a popup when its almost done telling me that there is another ComputerInfo.html file already there and if I want to copy and replace. This is where the hiccup is because the script is not programmed to make a decision at this window. But It then creates the zip file anyway with the original ComputerInfo.html fIle, not the new one (which would be the "User Document List") and sends it out through email. Apparently, that previous ComputerInfo.html file was not erased properly or something after the first payload finished even though the temporary folder "C:\Users\MY-PC\Duck" is deleted once it exports the zip file. If that folder is deleted after a payload finishes, then why do I get a "do you want to copy and replace" window during a new different recon payload?

I want to be able to use the same machine multiple times with different combinations of payloads and it report the intended "ComputerInfo.html" file to me.

How can I prevent this? Is there a way to tell that I won't run into this problem before I insert the ducky?

-Thank you in advance

So sorry about the delay in my reply. I have started a new job recently so things have been manic.

Yeah that script is poorly written, i will make a modification this weekend that adds a number and increments by one each time or possibly a timestamp. Anyway should be fixed by Sunday, thanks for bringing that to my attention :)

Hope someone can answer my question.

The web based script generators such as this one are very awesome, don't get me wrong.

But i'm wondering what happens when the sites themselves are no longer available, ie. domains expire, site owner/creator moves on with life, etc.

Is there a way we can get a zip file of these sites from the creator to mirror locally so that we always have a copy no matter what shappens?

I understand that there are noobs who would love to put there own name to someone elses creation for their own gain...but..

Hope people can see where I'm coming from.

Definately see where your coming from, its very similar to when i-ducke disappeared and seems to be lost forever. The Duck Toolkit is hosted on a free hosting site with no 'time limit' so there is no reason that it should disappear overnight.

That being said i have been planning to get it on github for several months but work commitments have just taken all my time. I will get this moving over the coming weeks, there are still changes that need to be made to the code as there are a few issues that will prevent in running elsewhere. Its also such a big project i will need to comment the code as i doubt my code will make much sense.

I will let you know when this is all done.

Dead silence on this one. Hmm.

I think you may be a little confused. The Duck is capable of stealing usernames and passwords from a target computer this is however one of its MANY uses.

The aim of this project was to introduce a tool which would allow users to select from multiple pre compiled scripts (25+) in order to build a payload which suited their needs. Some of these scripts already existed however I created many of the scripts myself for my own uses.

The secondary aim of the project was to introduce a reporting functionality to the Ducky which would allow users to extract reconnaissance information from a target machine, an example of this can be seen here: http://www.ducktoolkit.com/SampleReport.html

You rightly point out that the Duck Toolkit doesn’t include twin duck functionality at this time which would allow you to insert a USB & Ducky and steal the password file but it is still in its early stages. I have a lot of the code in place which would allow the twin duck approach to work but it isn’t easy to merge this with my current approach, major code revisions are needed.

The Toolkit does contain the username/password stealing functionality btw, but you have to email, ftp or save to the local machine.

Anyway, hope that answer your question.

411.

[Anybody have a cookie vacuming script?]

My Copy FireFox profile script does copy the cookies.sqlite file which i believe contains the users cookie and can be viewed using something like this:

http://www.webdevbros.net/2008/07/31/query-your-firefox-cookies-with-sql/

I haven't actually tried rebuilding any of the cookies though. Not sure if that's any help.

411.

[DuckToolkit NG]

Just a heads up that i have added 2 new scripts to the Toolkit and have also fixed some bugs that were reported with the Online Encoder.

New Scripts

Copy SAM File (Creates a shadow copy of the SAM file so it can be accessed)

Remove Windows Update (Allows the user to specify a Windows Update to be removed from the target system)

Other New Features

Line numbers have been added to the online encoder.

The error handling on the online encoder has been improved

Support for French Mac keyboards has been added

Swedish keyboard mapping has been updated to allow support for ^

I am still working on Twin Duck reporting and exploitation functionality but its proving hard.

411.

[www.iducke.com - No Longer Active?]

Yer i would like to see it back up and updated with the new encoders tbh.

If you looking for a quick way to encoder things online you can use my site: http://www.ducktoolkit.com/IDE.jsp

Its nowhere near as good though.

411.

[Help Please!]

Do I need to do any updating or flashing on the ducky before some things work? Because I try some payloads and just hear the computer making some ding noises as if it were pushing key combos that don't work/ exist..

Err it definately shouldnt be doing that. You don't need to flash the duck or anything, aslong as you are using Windows 7, 8 or Server 2008 and have selected the right keyboard layout it should work fine.

Would you mind messaging me one of the .txt files so i can try it and see whats happening?

411.

[Help Please!]

If your still having issues you could try my online encoder

http://www.ducktoolkit.com/IDE.jsp

Just stick the contents of your .txt file in the text box, select a language and encode.

Its not perfect but it works.

411.

[Multi Language Online Encoder]

I have added a multi-language encoder to the Duck Toolkit.

Its very much in the early stages and needs more work to make it anywhere near as good as iDucke.

But it is working, so i thought why not release it now and just keep working on it.

Check it out at http://www.ducktoolkit.com

411.

[[Payload] Reverse Powershell Script]

Awesome script dude, I also had no idea about the encodedCommand cmdlet. Think I have some changes to make to the DuckToolkit!

[[Payload] Faster UAC Bypass]

Good stuff! I have replaced the Toolkits method with this one.

[DuckToolkit NG]

I have updated the Duck Toolkit.

New Features

1 x Reconnaissance Script (Copy FireFox Profile)

3 x Exploitation Scripts (Enable Reverse Desktop, Create a Reverse Shell, DNS Poisoning)

1 x Reporting Script (Email Reporting via Gmail)

You are now able to download both .bin file and the .txt file. This will allow you create the scripts and encode them later offline.

Existing recon scripts have been modified to include more data.

An MD5 hash value is now generated for each payload

A sample reconnaissance report has been added

I am planning on adding some scripts from the simple-ducky over the next few weeks and I am also trying to find a way to implement twin duck support.

411.

[DuckToolkit NG]

The first version of the site is now online! :D

http://ducktoolkit-411.rhcloud.com/Home.jsp

I had to remove a few features from the orginial specification but i plan to reintroduce these in the future.

What i need is people to test the site/scripts and let me know if everything is working properly. If you have any issues with either the scripts or the site please let me know in this thread so i can fix asap.

411.

[DuckToolkit NG]

Thanks for the feedback guys, glad you like the looks of it! :D

You will have to give me a couple of days to get the scripts sorted so they can run induvidually, they way the website is designed is to add a standard header to the beginning of each script which opens CMD etc. and then if a recon script has been added the html required to make the reports is also included.

I have alot more scripts and features which i had intended to add but just never got the chance, so i will try to get working on a few of them over the next couple of weeks.

Also added some new images showing the net scan and port scan.

411.

[DuckToolkit NG]

I am happy to announce that the DuckToolkit NG is now available!

This is an entirely new version of the previous site which has been rewritten in Python/Django by myself and KevtheHermit. 

Current Features:

• Online Encoder
• 30+ Recon/Exploit/Reporting PowerShell scripts
• Online Decoder
• UK/US Language Support
• Standalone Python Encoder/Decoder

We are working to add new languages and to implement Linux/OSX scripts in the coming weeks, however since this in an open source project please feel free to help us! If you want a certain language added then help us by writing it!

You can access the online DuckToolkit NG here:

https://www.ducktoolkit.com

You can access the standalone DuckToolkit here:

https://github.com/kevthehermit/DuckToolkit

Any issues, comments or suggestions then either post on the Disqus thread on the website or respond in this thread,

 

411.