mahorelee Posted July 6, 2013 Author Share Posted July 6, 2013 (edited) Yes the first one worked, Thank You! I have been tampering with it and I do have a question. What is the difference between STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set myd=%d ENTER STRING %myd% ENTER STRING START Payload.exe and your code. Since you have to wait for the ducky to mount before you can run a payload anyways I don't see a difference. between running it straight from CMD rather than making a batch file. Also I don't see what invis.vbs does? I'd really love to learn! Edited July 6, 2013 by mahorelee Quote Link to comment Share on other sites More sharing options...
overwraith Posted July 6, 2013 Share Posted July 6, 2013 The "RunEXE from SD" payload is specifically designed to create a batch file that continually polls for the ducky drive. This payload works on Twin duck firmware, so it essentially brings back auto-run. Other payloads are designed for different firmware which uses the ducky's push button to launch the payload, which entails a little more work at exploitation time because you specifically have to wait for the drive to mount. Here is some pseudocode that is a basic outline of what the script does: While drive does not exist pause 30 seconds If drive does exist start the executable on my drive The difference between my two payloads that I posted is that on the second one, the code that polls for the drive can run on any current Windows OS, because the commands are simpler. The difference between my code and the code that you have posted is that for your code you would have to wait for the ducky drive to mount before telling the ducky to run. My code runs right away, and does the waiting it's self. "invis.vbs" is a VBS script file which allows you to run the batch file DuckyWait.bat silently. Modern Windows OS's make it almost impossible to run batch files silently, hence the slight subterfuge. invis.vbs makes it so that you do not have an open command prompt for quite as long as you would require to run the script otherwise. I just realized that the link I have in the code for the people I borrowed the invis.vbs script is wrong. I will have to change that. You can always find my script on the github page, and should re-download it every so often to have access to my changes. If you wish to learn more about invis.vbs you can probably just google it, and find the blog discussion I borrowed it from. Quote Link to comment Share on other sites More sharing options...
mahorelee Posted July 6, 2013 Author Share Posted July 6, 2013 Awesome, thank you so much that helped a lot!!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.