Jump to content

[Info] Duck Sauce V.01

Recommended Posts

Welcome to duck_sauce v.01 beta.

My goal is to build a Kautilya like functionality for the USB rubber ducky AND to build a Teensy -to- DUCKY translator so you can easilly convert from teensy to duck language. The first step to doing so is to get everything in one spot.

Before I go over what is in this release, I wanted to thank Darren and the rest of the HAK5 team for bringing us the duck and to all the payload authors (teensey or duck)that I borrowed from. There are a few payloads I wrote from scratch but I mostly just converted/translated them from the Kautilya pack - so I must give the folks there a big shout out as well.

Now the recipe for the secret sauce. The duck_sauce zip includes:

1. The Duck encoder - can't build a scripts without it

2. The Ducky quick start guide.

3. Most all of the windows payloads from github (in the usbrubberducky folder)

4. Payloads translated from Kautilya - Note before you "compile" them be sure to read them and edit the necessary fields (credentails, patebin info, etc). These are in the Kautilya_payloads folder

5. The newest Firmware (if you want to flash your duck) - firmware folder

6. The ducky decoder - perl file to decode the inject.bin back to text

7. The Notepad++ macro I used when copying from Kautilya (shortcuts.xml).

I tried to test these, but I make no garuntees that they work so please use at your own risk.

I was able to build this off what others have done so if you feel this is useful do the same - build off of it and make it better. I only ask that you share so the community will grow.


Edited by raytri3
Link to comment
Share on other sites

  • 7 months later...
  • 3 months later...


most of the kautila things using external services to store the hashes for example.

therefore, my way for now to handle it using the sd card on the rubberducky.

exact diagram follows, but for now it works like this:

first, running a payload to check user permissions and escalate it if it is not admin user

if that is done, disable common anti-virus-solutions like symantec/mcaffee/trendmicro/kaspersky

if that is done, mount the sd card with the toolset, for now, some pwdumper are in there (in a wrapper to hide from antiviruses)

dump the hashes to the sd card and name the files %hostname%_%date%_%time%.txt

then, the way backwards: unmount the sdcard, enable antivirus, stop admin-shell.

i havent make use of external services like tinypaste or something until now.

i have some issues with the language keyboard (works on us keyboard, but not on german). i will try to solve it and post the source if it is working .

of course, the rubber needs a LOT of time to complete.... for me it is ok, i dont need to hurry to do that.



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...