[Bruteforce encoder issue]

Try working with the online Duck Toolkit by 411. Click Online Encoder and see if that works there. If I've missed my guess, I'd say that you haven't specified the output. This just generates the inject.bin and it will save you from going through the command line/terminal with multiple errors.

[Repeat command produces error]

Remove the colon. DuckyScript is very specific, all in capitals, without the colon. The number of times is separated by a space, for example

REPEAT 100

Give that a go.

[Help! Payloads all lead to CMD prompt death]

Hi R3V0L4T0R!

Just because you name your SD card doesn't mean that when it is plugged into the duck it won't show up with the name "ducky". Take an android phone, for example. When you put the micro SD into your computer, you can name it "Android Micro SD" for example. When you put the SD card back into the phone, it changes the name of the SD card to Removable Disk, which is really making it look like your SD card is a USB Flash Drive.

What this all boils down to is when you put your duck into the machine with the MicroSD in the duck, check your My Computer (presuming you have Windows) and see what the duck is called. If that works, then you should be all good!

Aside from that, check to see if the syntax (the lines of code that the duck types out) are correct for your specific purpose. Watch the episode of Hak5 (season 15, episode 3, I think,) and see if you can check your code is correct. Send me a message if it works out.

Cheers,

MB60893. :)

[How long does it take and how long should I put]

Sometimes it is just best to find your target machine, plug in the duck and wait for it to install the driver, then you can just walk up later with the payload and with a suitable delay of 3000 to 5000, and it should work fine from there.

[[HELP] BACKDOOR DROPPER]

Look at using Metasploit in conjunction with the ducky. While large amounts of it are for pen-testing, you should be able to find a backdoor or two in the toolkit. Download the free metasploit framework and see what you can find. Then upload the tool you wish to use to a service like dropbox, then use the wget powershell script to download the tool, else transfer the file off of a drive named "Ducky" using a reverse duck slurp-like approach.

[Reverse Shell - Wait for Connection]

What you're asking for is a bind shell rather than a reverse shell.

A bind shell works by the target computer literally binding their shell to a port that you connect to.

A reverse shell works by the target computer connecting you to over a port and then providing the shell.

Both have the same effect but achieve it in very different ways.

OK, Thanks for clearing that up about the Bind Shell, however that still doesn't really help me with my problem of recoding the reverse shell to make it a bind shell. Help is still needed! Please Help Me!

[[HELP] Reverse Shell - Wait for Connection]

Hi Everyone,

I originally posted the "Reverse Shell - Wait for Connection" page and I still need help with it. If you could please refer to the original page and give me a hand with the VBScript, it would be much appreciated. :)

Many Thanks,

MB60893.

[payload reverse shell problem - 32 bit only?]

in regards to this payload i am trying to get working:

https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---reverse-shell

i am being told that this is cannot be run on a 64 bit machine. have i done something wrong or is this true? are there any alternatives or workarounds?

On the topic of it not working, how so? Make sure you have set NetCat up on your computer BEFORE you execute the reverse shell with your host name or IP address of the computer with NetCat running on it.

Let me know if you need any more help on this topic.

[payload reverse shell problem - 32 bit only?]

I think you might have been confused with it converting base64 encoded ascii to binary, as currently I have a reverse shell deployed on a 64-bit computer and I am already executing commands with no troubles whatsoever. There may be some exceptions when it comes to the reverse shell not working on a machine, but those should be very uncommon. In fact I can't really think of any so to speak.

[Reverse Shell - Wait for Connection]

you could read up on http://www.akadia.com/services/windows_registry.html

While this is good, it will create multiple instances of the program every 60 seconds if run as a registry command. I still want to keep it simple as well, so I think that modifying the vbscript 'decoder.vbs' is the best bet. What I essentially need to do is recode Darren's reverse shell and add in something which says "If Not Connected, rebroadcast the signal." Can someone please help with this? I need some help and soon!

[[SOLVED] Powershell Wget + Execute Problem]

OK. When you are downloading your .exe file from mediafire, you always have to click the big "DOWNLOAD NOW" Button. Right Click on that button, and click "Copy Link Address" (Chrome has this, not sure about other browsers, although they will have some alternative.)

Copy and paste this URL into your downloader script and it should work.

The reason that you have to do this is that the page where you upload the file is where you are supposed to go and actually view the nice glitzy looking webpage, not the acutal file which would be viewed in a text-based most likely apache webserver layout. By specifying the direct URL, you are actually giving the exact address of your file that you wish to download.

Sorry if my explanation isn't that clear. Just give it a go and message me when you have tried it.

[MicroSD won't come out even after using force.]

Try Artery Forcips. Sounds strange, but they have saved my nerdy neck on more than one occasion! Pick some up at your local pharmacy.

[[SOLVED] Powershell Wget + Execute Problem]

OK. Else you could try and transfer the file via NetCat or some other program. You could probably write your own application simply to get the program through a wget like download and execute. Use some simple scripting language like VBScript or Batch. It is really simple to use and I think you might be able to pick it up really quickly.

[Reverse Shell - Wait for Connection]

Please help guys! I am really stuck with this!!

[[SOLVED] Powershell Wget + Execute Problem]

I tried doing a wget for TeamViewer, which I know should work because I wrote the code and it worked just fine two days ago. I suggest using an ftp, or if you need to you can try and use a duckslurp modification which would allow you to transfer the file off a USB and execute it with the cmd. If cmd is blocked on your target computer, consider writing the following code into a text file, and save as a .bat:

@echo off
break off

:loopcommand:
echo.
set cmd=
set /p cmd=%cd%: 
%cmd%
goto loopcommand

Else you could execute the file with a vb script. It's all up to you, although I'd go the cmd way personally.

[[SOLVED] Powershell Wget + Execute Problem]

Haxineer1337, what sort of file are you downloading off dropbox. Chrome decects a virus, and I don't know if a program like Microsoft Security Essentials might be blocking the program from running.

[[SOLVED] Powershell Wget + Execute Problem]

Hmm. If you are using the unmodified code, then PowerShell may not be a part of your path. Try to specify everything through cmd, including the directory to powershell itself. Else you could use CTRL ESC to open the start menu and try the following:

C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe Start-Process cmd.exe -Verb runAs 

NOTE: When you try and execute an application with a path that includes a space (e.g. C:\Hello Directory\Hello File.txt) you may need to put the path in double quotes:

C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe Start-Process "C:\Windows\System32\cmd.exe" -Verb runAs 

See if that works.

MB60893

[Reverse Shell - Wait for Connection]

Having used the duck to deploy the reverse shell which Darren originally posted on github, I am annoyed frequently that you are required to have a netcat listener up before the reverse shell is opened, and if you disconnect, you can't connect again without opening the reverse.exe file again and specifying the ip address etc.

Shannon recently did her segment on a 20 second Mac hack, where she used code by Patrick Mosca. This code is designed so that even if netcat disconnects from the computer, you will still be able to reconnect again after 60 seconds.

What I want to do is modify Darren's original code so that after 60 seconds or so, it checks if there is a connection or not, and if nothing is connected, it will rebroadcast to the host name or ip address waiting for netcat to catch the shell.

I can't understand Darren's code (no offense Darren, I am new to the coding world :)) and I need to have this capability. Can someone please help me modify the code?

Many Thanks,

MB60893.

[Raspberry Pi and Windows XP]

Hi Everyone,

Recently I was using Hiren's Boot CD and I discovered the MiniXP feature which has now recently revived my laptop (thank god!) and the lightweight version of the OS got me thinking...

Would it be possible to install mini xp on a pi? I have already read instances of people extracting mini xp from the boot cd and making a stand-alone boot version (http://reboot.pro/topic/12138-can-i-extract-mini-xp-from-hirens-bootcd/), but I still want to see if it is possible to get it to work on a pi.

If the XP works, then maybe we could even come up with a way to use Windows 7/8 Embedded or equivalent!

Let me know what you think!

[Hide Installed Software?]

You could unofficially copy across the software from a computer where the software is installed on, and use that on the computer. There may be some compatibility issues and .dll files may be missing. I recommend personally using a portable application creator like Cameyo. On a computer that you have never installed Spotify on, start cameyo up before you install the application. It will create an image of your PC and you will be able to install the application with cameyo capturing all of the registry files, .dll's and more from the pc. This will then give you the option to run it without a trace or installing applications. A sneaky way to get around those log files, and a great way for exploiting systems. Let me know how you go!

[High Score with the Duck]

Forgot to mention above, I got all the answers correct, I am just the slowest typer in the world. Hence why the duck helped me out! :P Thx for the tips BTW, I am new to the duck!

[High Score with the Duck]

I got bored today, so I decided to look around for a good browser based game to play. I stumbled across Nitrome and a game called Skywire VIP Extended. It is a pretty addictive game, and I eventually got bored of not being on the leaderboard (I am really competitive that way) so I wrote a script on the USB rubber ducky which types out all of the answers correctly and gives you a 100 point time bonus! You have to time plugging in the duck just before you click the play button, but once you do that, leave it for about 5-10 minutes and you will have a 100% correct high score!

My score was HAK:


The duckyscript is below in spoilers

DELAY 2000
STRING winnie the pooh
DELAY 5500
STRING pokemon
DELAY 5500
STRING peanuts
DELAY 5500
STRING the cat in the hat
DELAY 5500
STRING monsters inc
DELAY 5500
STRING hello kitty
DELAY 5500
STRING alice in wonderland
DELAY 5500
STRING tom and jerry
DELAY 5500
STRING bob marley
DELAY 5500
STRING the cosby show
DELAY 5500
STRING snap crackle pop
DELAY 5500
STRING dora the explorer
DELAY 5500
STRING doctor who
DELAY 5500
STRING kirby
DELAY 5500
STRING alvin and the chipmunks
DELAY 5500
STRING angry birds
DELAY 5500
STRING minecraft
DELAY 5500
STRING portal
DELAY 5500
STRING frosty the snowman
DELAY 5500
STRING the big bang theory
DELAY 5500
STRING calvin and hobbes
DELAY 5500
STRING disney princesses
DELAY 5500
STRING looney tunes
DELAY 5500
STRING twilight
DELAY 5500
STRING charlie and the chocolate factory
DELAY 5500
STRING the smurfs
DELAY 5500
STRING donkey kong
DELAY 5500
STRING barney
DELAY 5500
STRING enemy 585
DELAY 5500
STRING the incredible hulk
DELAY 5500
STRING team fortress
DELAY 5500
STRING charlie chaplin
DELAY 5500
STRING where the wild things are
DELAY 5500
STRING captain america
DELAY 5500
STRING teletubbies
DELAY 5500
STRING the black eyed peas
DELAY 5500
STRING megaman
DELAY 5500
STRING how the grinch stole christmas
DELAY 5500
STRING animal crossing
DELAY 5500
STRING domo
DELAY 5500
STRING iron man
DELAY 5500
STRING lockehorn
DELAY 5500
STRING pink panther
DELAY 5500
STRING goldilocks and the three bears
DELAY 5500
STRING the nightmare before christmas
DELAY 5500
STRING Hitchhikers guide to the galaxy
DELAY 5500
STRING power puff girls
DELAY 5500
STRING arthur
DELAY 5500
STRING the incredibles
DELAY 5500
STRING dragonball z
DELAY 5500
STRING the adventures of tin tin
DELAY 5500
STRING lord of the rings
DELAY 5500
STRING tarzan
DELAY 5500
STRING bomberman
DELAY 5500
STRING care bears
DELAY 5500
STRING justin bieber
DELAY 5500
STRING power rangers
DELAY 5500
STRING fault line
DELAY 5500
STRING elf
DELAY 5500
STRING rugrats
DELAY 5500
STRING mr bean
DELAY 5500
STRING heman
DELAY 5500
STRING bob the builder
DELAY 5500
STRING robocop
DELAY 5500
STRING nyan cat
DELAY 5500
STRING sailor moon
DELAY 5500
STRING plants vs zombies
DELAY 5500
STRING green lantern
DELAY 5500
STRING metroid
DELAY 5500
STRING wolverine
DELAY 5500
STRING elton john
DELAY 5500
STRING men in black
DELAY 5500
STRING chisel
DELAY 5500
STRING the gingerbread man
DELAY 5500
STRING madagascar
DELAY 5500
STRING the easter bunny
DELAY 5500
STRING walle
DELAY 5500
STRING betty boop
DELAY 5500
STRING silly sausage
DELAY 5500
STRING naruto
DELAY 5500
STRING david bowie
DELAY 5500
STRING yogi bear
DELAY 5500
STRING dennis the menace
DELAY 5500
STRING kid icarus
DELAY 5500
STRING the lorax
DELAY 5500
STRING william shakespeare
DELAY 5500
STRING avatar
DELAY 5500
STRING canopy
DELAY 5500
STRING charlottes web
DELAY 5500
STRING bananas in pajamas
DELAY 5500
STRING kung fu panda
DELAY 5500
STRING little bo peep
DELAY 5500
STRING nitrome must die
DELAY 5500
STRING paddington bear
DELAY 5500
STRING peter rabbit
DELAY 5500
STRING sherlock holmes
DELAY 5500
STRING test subject blue
DELAY 5500
STRING the three little pigs
DELAY 5500
STRING the prisoner
DELAY 5500
STRING wonder woman

In fact I have an idea. Why don't all of us populate the skywire VIP Extended High Score Menu with Hak! ;)

[Key Combos in Ducky Script]

Hmm. I noticed that you were trying to run the CMD terminal from the run dialog box. This won't work with a key combo. You would have to add some sort of powershell script to make it work correctly.

For Windows Vista or 7 (not sure about 8) Try just pressing the windows key, then type "cmd.exe", then press ctrl + shift + enter. The UAC dialog will come up, then press alt y for yes. And hey presto, one cmd!

If you are trying to do this for windows XP or newer, consider launching notepad and typing this into a file, then saving as a .bat script:

Credits to Matt for the great script and explanations (http://stackoverflow.com/questions/7044985/how-can-i-auto-elevate-my-batch-file-so-that-it-requests-from-uac-admin-rights/12264592#12264592)

:::::::::::::::::::::::::::::::::::::::::
:: Automatically check & get admin rights
:::::::::::::::::::::::::::::::::::::::::
@echo off
CLS
ECHO.
ECHO =============================
ECHO Running Admin shell
ECHO =============================

:checkPrivileges
NET FILE 1>NUL 2>NUL
if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )

:getPrivileges
if '%1'=='ELEV' (shift & goto gotPrivileges)
ECHO.
ECHO **************************************
ECHO Invoking UAC for Privilege Escalation
ECHO **************************************

setlocal DisableDelayedExpansion
set "batchPath=%~0"
setlocal EnableDelayedExpansion
ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs"
ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs"
"%temp%\OEgetPrivileges.vbs"
exit /B

:gotPrivileges
::::::::::::::::::::::::::::
:START
::::::::::::::::::::::::::::
setlocal & pushd .

REM Run shell as admin (example) - put here code as you like
cmd /k

Give that a go and let me know the outcome!

Cheers,