mrmattmc

Duck and stuff.

I plan on posting some pics of the adapter with ducky and some assorted usb drives. I have a couple of the nano micro usb sdmc card readers and definitely will be testing those as well. I may even look into a different shell for the ducky for size and aesthetics purposes.

Thanks for the help. I have made some progress on the printing front myself. As I learn more about using keystrokes to initiate processes I will definitely look into that as means to print. Currently I am having great success using the DOSPRN program. It looks like I can just copy the need files to the target computer without "installing" the program and run a simple print command. I have been playing with a batch file like this one for testing. This is after I have copied the working files to the target pc. I added the timout because without it i just kill the process before it sends the print job to the printer. I plan on running all this invisible with the vbs file so all you see is the printer kicking out a page @echo off start c:\DOSPRN\DOSprn.exe copy printerlist.txt c:\prnspl timeout 9 rem taskkill /F /IM dosprn.exe for 32bit os C:\Windows\Syswow64\TaskKill /F /IM dosprn.exe exit As far as languages go I definitely will be using batch files and visual basic for running invisible. If I understand correctly powershell is an addon? As my target pc's will range from XP to Win 7 I would prefer to stay within the native capabilities of these os's and may shun powershell for that reason. One of the first payloads I looked at was ducky slurp. One of the scripts that really attracted me was the wait script to detect drive insertion. Here https://forums.hak5.org/index.php?/topic/30179-payload-duck-slurp-v2-silent/?p=239703 I posted about flipping the logic to detect drive removal. I really like this option as I can initiate some failsafe/housekeeping routines so I dont have to have the user do A,B,C before leaving. They just unplug the drive and the exit routines take care of the rest. Its sunday, I ordered my ducky on saturday. I want to start counting the days till i get my ducky but the math eludes me at the moment.

So I just came across the Ducky the other day. Nice!! :D I expect to receive my Ducky some time next week. Anyway, was a little disappointed to discover the super slow data speeds when using the twin duck options. :( I like the idea of using a usb adapter to plug both drives in simultaneously but am not to enthused about a big cable adapter. So, I ordered this dual adapter from Amazon for $10. Not trying to plug this product just sharing my thoughts here. http://www.amazon.com/Cute-USB-2-Port-Splitter-White/dp/B00A81ISJ6/ref=pd_bxgy_pc_img_y I plan on using the Ducky as the instigator. Auto load the files then switch over to the fast usb device to load/finish up. Anyone else cobbled together something like this? I really want to keep the entire process as silent as possible with minimal user interaction. I even plan on having a drive removal script running to detect removal and perform silent housekeeping chores as the user is walking away. I will be starting this project in the coming weeks. So any advice would be appreciated. I will post progress reports as it develops. Goals: 1. Prompt user... Start Duck and Run or Access Data only. This allows the user to start the powerfull ducky process or simply access the data acquired on the fast usb drive without having to remove the data drive from the dual setup. Seems like this might require the dual payload options. One for simple data access and one for FULL ON DUCKY! 2. I intend to make temporary changes to the target pc. I would like to save these changes to a local temp directory and let the exit housekeeper restore all this as I am walking away. 3. Ducky drive and FastUSB drive will have fixed names but I expect to need to specify drive letters to avoid numerous calls to variables. So, might be assigning drive letters. Although, perhaps variables are better to avoid drive letter conflicts on the numerous target pc's. Any thoughts on this??? 4. Is anyone aware of a print payload? What I intend to do with the finished product is entirely above board. With that said I do need to print a single page after removing the drive(s) from the target pc. I know USB to default printer is a clunky process but just thought I would see if anyone has seen anything a little more reasonable for implementation in this context. I am still in the process of reading the entire Ducky forum to make sure my questions have not already been answered but any advice, direction or script help would be appreciated. As I said above, I will post updates along the way and intend to provide a complete fileset upon completion.

Sorry if I'm posting this in the wrong spot. But I have a question about the duckywait bat file. It does a good job of detecting drive insertion. I have been toying around with trying to reverse the logic to detect drive removal. This would be nice to have to have a few safety net files handy to run in case the process get interrupted and you have to jerk the drive out quick like. Copy some cleanup routines to temp, trigger them when the drive is removed.. as you race neo like through the building dodging mr smith. It acts as though diskpart is not updating the status of the attached drives. The routine will repeat, drive still attached. I have even ran the command to list volumes in diskpart while the bat file is running and it shows no DUCKY! Yet the script still fails to recognize drive removal. I have tried some variations to no avail so I'll post what seems like it should work. Here is what I have. EDIT Got it to work using SETLOCAL and ENDLOCAL see the RED highlights. @echo off setlocal :while1 for /f "tokens=3 delims= " %%A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%%A:) if [%DUCKYdrive%] EQU [] ( echo waiting on jump drive... timeout /t 3 goto :while1 ) else ( echo Jump Drive Found ! pause endlocal goto :impatient ) :impatient setlocal for /f "tokens=3 delims= " %%A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%%A:) if [%DUCKYdrive%] EQU [] ( echo Jump Drive Removed ! timeout /t 20 goto :end ) else ( echo Jump Drive Still in... timeout /t 3 endlocal goto :impatient ) :end echo goodbye exit