Jump to content

[Question] How long of a delay for first type runs?


DrDinosaur
 Share

Go to solution Solved by no42,

Recommended Posts

Hello. I was wondering what delay you should give the rubber ducky when you need to run it on a completely new machine. I'm doing a science fair project on this and I was wondering what a good delay at the start of a script would be to allow installation of the drivers. After the drivers are installed, the payload would continue it's normal course, just like a test machine. I want to know a good delay so it would be accurate to a real attack scenario where someone would plug this in to a new computer. IIRC, it took a quite some time to install compared to the Teensy. They are only one time events though, so I don't have good knowledge of them. Maybe I could uninstall the drivers to test it again? If that's possible, which drivers would I target? Sorry if this is confusing. Thanks!

Link to comment
Share on other sites

  • Solution

The first DELAY line, depends on your systems.

Myself and Darren have had success with DELAY 2000, I've found on VMware I need a DELAY 5000, Others have had to put a high DELAY 10000 (seems odd).

If your school has USB keyboards (not PS2) grab their VID and PID, and clone this onto the Ducky, as the drivers are already installed, you should be able to shorten the delay.

Or use the multi-playload (m_duck), and push the ducky's button (after only num_lock/caps_lock LED is lit).

Edited by midnitesnake
Link to comment
Share on other sites

The first DELAY line, depends on your systems.

Myself and Darren have had success with DELAY 2000, I've found on VMware I need a DELAY 5000, Others have had to put a high DELAY 10000 (seems odd).

If your school has USB keyboards (not PS2) grab their VID and PID, and clone this onto the Ducky, as the drivers are already installed, you should be able to shorten the delay.

Midnitesnake not sure if it is possible on the current ducky but on the teensy I made a function that read the status of the number lock key and then set and unset the numlock key in a while loop until the original read numlock was different from the last read value. After that I would delay for 500 milliseconds just in case. Worked on all the systems I tested on

Link to comment
Share on other sites

Thanks for the replies. If someone were to use this in say a work environment with no knowledge of their current keyboard setup (so cloning wouldn't be possible), what would be a reasonable delay that would pretty safely work across all the machines? I just a general standard. I'm not actually going to need to test this on those machines right now. I just need a simple benchmark that would work in a real world situation. Thanks!

Link to comment
Share on other sites

Upto you , I have success with DELAY 2000 on most systems.

Optionally use the m_duck payload, trigger a keyboard led then push the ducky's button, after you can see the OS has successfully registered the ducky. If your mailing Ducky's in as a social engineering gig, I would still go for duck.hex, and maybe a DELAY 3500 (middle value).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...