MB60893

Try working with the online Duck Toolkit by 411. Click Online Encoder and see if that works there. If I've missed my guess, I'd say that you haven't specified the output. This just generates the inject.bin and it will save you from going through the command line/terminal with multiple errors.

Remove the colon. DuckyScript is very specific, all in capitals, without the colon. The number of times is separated by a space, for example REPEAT 100 Give that a go.

Hi R3V0L4T0R! Just because you name your SD card doesn't mean that when it is plugged into the duck it won't show up with the name "ducky". Take an android phone, for example. When you put the micro SD into your computer, you can name it "Android Micro SD" for example. When you put the SD card back into the phone, it changes the name of the SD card to Removable Disk, which is really making it look like your SD card is a USB Flash Drive. What this all boils down to is when you put your duck into the machine with the MicroSD in the duck, check your My Computer (presuming you have Windows) and see what the duck is called. If that works, then you should be all good! Aside from that, check to see if the syntax (the lines of code that the duck types out) are correct for your specific purpose. Watch the episode of Hak5 (season 15, episode 3, I think,) and see if you can check your code is correct. Send me a message if it works out. Cheers, MB60893. :)

Sometimes it is just best to find your target machine, plug in the duck and wait for it to install the driver, then you can just walk up later with the payload and with a suitable delay of 3000 to 5000, and it should work fine from there.

Look at using Metasploit in conjunction with the ducky. While large amounts of it are for pen-testing, you should be able to find a backdoor or two in the toolkit. Download the free metasploit framework and see what you can find. Then upload the tool you wish to use to a service like dropbox, then use the wget powershell script to download the tool, else transfer the file off of a drive named "Ducky" using a reverse duck slurp-like approach.

OK, Thanks for clearing that up about the Bind Shell, however that still doesn't really help me with my problem of recoding the reverse shell to make it a bind shell. Help is still needed! Please Help Me!

Hi Everyone, I originally posted the "Reverse Shell - Wait for Connection" page and I still need help with it. If you could please refer to the original page and give me a hand with the VBScript, it would be much appreciated. :) Many Thanks, MB60893.

On the topic of it not working, how so? Make sure you have set NetCat up on your computer BEFORE you execute the reverse shell with your host name or IP address of the computer with NetCat running on it. Let me know if you need any more help on this topic.

I think you might have been confused with it converting base64 encoded ascii to binary, as currently I have a reverse shell deployed on a 64-bit computer and I am already executing commands with no troubles whatsoever. There may be some exceptions when it comes to the reverse shell not working on a machine, but those should be very uncommon. In fact I can't really think of any so to speak.

While this is good, it will create multiple instances of the program every 60 seconds if run as a registry command. I still want to keep it simple as well, so I think that modifying the vbscript 'decoder.vbs' is the best bet. What I essentially need to do is recode Darren's reverse shell and add in something which says "If Not Connected, rebroadcast the signal." Can someone please help with this? I need some help and soon!

OK. When you are downloading your .exe file from mediafire, you always have to click the big "DOWNLOAD NOW" Button. Right Click on that button, and click "Copy Link Address" (Chrome has this, not sure about other browsers, although they will have some alternative.) Copy and paste this URL into your downloader script and it should work. The reason that you have to do this is that the page where you upload the file is where you are supposed to go and actually view the nice glitzy looking webpage, not the acutal file which would be viewed in a text-based most likely apache webserver layout. By specifying the direct URL, you are actually giving the exact address of your file that you wish to download. Sorry if my explanation isn't that clear. Just give it a go and message me when you have tried it.

Try Artery Forcips. Sounds strange, but they have saved my nerdy neck on more than one occasion! Pick some up at your local pharmacy.

OK. Else you could try and transfer the file via NetCat or some other program. You could probably write your own application simply to get the program through a wget like download and execute. Use some simple scripting language like VBScript or Batch. It is really simple to use and I think you might be able to pick it up really quickly.

Please help guys! I am really stuck with this!!

I tried doing a wget for TeamViewer, which I know should work because I wrote the code and it worked just fine two days ago. I suggest using an ftp, or if you need to you can try and use a duckslurp modification which would allow you to transfer the file off a USB and execute it with the cmd. If cmd is blocked on your target computer, consider writing the following code into a text file, and save as a .bat: @echo off break off :loopcommand: echo. set cmd= set /p cmd=%cd%: %cmd% goto loopcommand Else you could execute the file with a vb script. It's all up to you, although I'd go the cmd way personally.

Haxineer1337, what sort of file are you downloading off dropbox. Chrome decects a virus, and I don't know if a program like Microsoft Security Essentials might be blocking the program from running.

Hmm. If you are using the unmodified code, then PowerShell may not be a part of your path. Try to specify everything through cmd, including the directory to powershell itself. Else you could use CTRL ESC to open the start menu and try the following: C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe Start-Process cmd.exe -Verb runAs NOTE: When you try and execute an application with a path that includes a space (e.g. C:\Hello Directory\Hello File.txt) you may need to put the path in double quotes: C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe Start-Process "C:\Windows\System32\cmd.exe" -Verb runAs See if that works. MB60893

Having used the duck to deploy the reverse shell which Darren originally posted on github, I am annoyed frequently that you are required to have a netcat listener up before the reverse shell is opened, and if you disconnect, you can't connect again without opening the reverse.exe file again and specifying the ip address etc. Shannon recently did her segment on a 20 second Mac hack, where she used code by Patrick Mosca. This code is designed so that even if netcat disconnects from the computer, you will still be able to reconnect again after 60 seconds. What I want to do is modify Darren's original code so that after 60 seconds or so, it checks if there is a connection or not, and if nothing is connected, it will rebroadcast to the host name or ip address waiting for netcat to catch the shell. I can't understand Darren's code (no offense Darren, I am new to the coding world :)) and I need to have this capability. Can someone please help me modify the code? Many Thanks, MB60893.

Hi Everyone, Recently I was using Hiren's Boot CD and I discovered the MiniXP feature which has now recently revived my laptop (thank god!) and the lightweight version of the OS got me thinking... Would it be possible to install mini xp on a pi? I have already read instances of people extracting mini xp from the boot cd and making a stand-alone boot version (http://reboot.pro/topic/12138-can-i-extract-mini-xp-from-hirens-bootcd/), but I still want to see if it is possible to get it to work on a pi. If the XP works, then maybe we could even come up with a way to use Windows 7/8 Embedded or equivalent! Let me know what you think!

You could unofficially copy across the software from a computer where the software is installed on, and use that on the computer. There may be some compatibility issues and .dll files may be missing. I recommend personally using a portable application creator like Cameyo. On a computer that you have never installed Spotify on, start cameyo up before you install the application. It will create an image of your PC and you will be able to install the application with cameyo capturing all of the registry files, .dll's and more from the pc. This will then give you the option to run it without a trace or installing applications. A sneaky way to get around those log files, and a great way for exploiting systems. Let me know how you go!

Forgot to mention above, I got all the answers correct, I am just the slowest typer in the world. Hence why the duck helped me out! :P Thx for the tips BTW, I am new to the duck!

I got bored today, so I decided to look around for a good browser based game to play. I stumbled across Nitrome and a game called Skywire VIP Extended. It is a pretty addictive game, and I eventually got bored of not being on the leaderboard (I am really competitive that way) so I wrote a script on the USB rubber ducky which types out all of the answers correctly and gives you a 100 point time bonus! You have to time plugging in the duck just before you click the play button, but once you do that, leave it for about 5-10 minutes and you will have a 100% correct high score! My score was HAK: The duckyscript is below in spoilers In fact I have an idea. Why don't all of us populate the skywire VIP Extended High Score Menu with Hak! ;)

Hmm. I noticed that you were trying to run the CMD terminal from the run dialog box. This won't work with a key combo. You would have to add some sort of powershell script to make it work correctly. For Windows Vista or 7 (not sure about 8) Try just pressing the windows key, then type "cmd.exe", then press ctrl + shift + enter. The UAC dialog will come up, then press alt y for yes. And hey presto, one cmd! If you are trying to do this for windows XP or newer, consider launching notepad and typing this into a file, then saving as a .bat script: Credits to Matt for the great script and explanations (http://stackoverflow.com/questions/7044985/how-can-i-auto-elevate-my-batch-file-so-that-it-requests-from-uac-admin-rights/12264592#12264592) ::::::::::::::::::::::::::::::::::::::::: :: Automatically check & get admin rights ::::::::::::::::::::::::::::::::::::::::: @echo off CLS ECHO. ECHO ============================= ECHO Running Admin shell ECHO ============================= :checkPrivileges NET FILE 1>NUL 2>NUL if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges ) :getPrivileges if '%1'=='ELEV' (shift & goto gotPrivileges) ECHO. ECHO ************************************** ECHO Invoking UAC for Privilege Escalation ECHO ************************************** setlocal DisableDelayedExpansion set "batchPath=%~0" setlocal EnableDelayedExpansion ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs" ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs" "%temp%\OEgetPrivileges.vbs" exit /B :gotPrivileges :::::::::::::::::::::::::::: :START :::::::::::::::::::::::::::: setlocal & pushd . REM Run shell as admin (example) - put here code as you like cmd /k Give that a go and let me know the outcome! Cheers,