Jump to content

[Payload] Save MSDOS/CMD output to .txt on Ducky


Go to solution Solved by Bountyhunter50,

Recommended Posts

hey gang!

Ok so I'm trying to automate a script for my mother so I can get her work laptop MAC filtered into her home network. She so conveniently keeps forgetting it at work. Bring in the Duck!!

Here's my goal:

I want to create a payload to where it opens up cmd, does "ipconfig /all", saves what the terminal session spits out to a .txt in the c:\ drive, then copy that newly created .txt to the duck. Here's what I got, that doesn't work:

delay 800

gui x (I'm testing this on my windows 8 machine, she still runs XP SP3)

up

up

enter

string CMD

string ipconfig /all >c:\ipdata.txt ; copy /A ipdata.txt f:\ /A /V

delay 300

When I test this on my win8 box, it does open cmd, but after it does a bunch of other crazy things. However if I take the code down to just:

delay 800

gui x

up

up

enter

string cmd

I get the cmd window normally. any ideas?

Link to post
Share on other sites

I'm betting there are not enough delays added to the code. It usually takes around 500 ms or so to open the command prompt after running the command to open it. The ducky is probably starting typing before the window is open. There are some good examples of where to add delays on the ducky payloads page. Also, use the "&" character to concatenate commands. I think the ";" character only works on linux systems. Also, make sure that all the duck script commands are all capitalized. There needs to be an enter somewhere after the ipconfig command.

This line of code can be used to determine which drive the ducky is dynamically, provided it is labeled "ducky":

for /f %%d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set myd=%%d

which means that "F:\" can be replaced with: "%myd%\"

Edited by overwraith
Link to post
Share on other sites

I'm betting there are not enough delays added to the code. It usually takes around 500 ms or so to open the command prompt after running the command to open it. The ducky is probably starting typing before the window is open. There are some good examples of where to add delays on the ducky payloads page. Also, use the "&" character to concatenate commands. I think the ";" character only works on linux systems. Also, make sure that all the duck script commands are all capitalized. There needs to be an enter somewhere after the ipconfig command.

That makes sense. Yeah , trying to whack my brain from Linux to DOS. As you can tell it's going quite well. hahaa. Cool, thanks much, I'll give it a go and I'll report back!

Link to post
Share on other sites
  • Solution

Just on initial immediate (re)testing, here is my code updated:

REM this is an updated version
DELAY 2000
GUI r
ENTER
STRING cmd
DELAY 500
STRING ipconfig /all > c:\ipdata.txt
DELAY 1000
STRING copy /A ipdata.txt f:\ /A /V
DELAY 1000

But it just occured to me I made an error in my first post. Her work laptop is running Win7, and to do the copy, I need to run cmd with admin access. Any insite? I'm gonna look around too in the mean time.

Got it! We're good, asked too soon before a bit of looking around! :)

Edited by Bountyhunter50
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...