411Hall Posted July 30, 2013 Share Posted July 30, 2013 (edited) I am happy to announce that the DuckToolkit NG is now available! This is an entirely new version of the previous site which has been rewritten in Python/Django by myself and KevtheHermit. Current Features: Online Encoder 30+ Recon/Exploit/Reporting PowerShell scripts Online Decoder UK/US Language Support Standalone Python Encoder/Decoder We are working to add new languages and to implement Linux/OSX scripts in the coming weeks, however since this in an open source project please feel free to help us! If you want a certain language added then help us by writing it! You can access the online DuckToolkit NG here: https://www.ducktoolkit.com You can access the standalone DuckToolkit here: https://github.com/kevthehermit/DuckToolkit Any issues, comments or suggestions then either post on the Disqus thread on the website or respond in this thread, 411. Edited August 26, 2016 by 411 Toolkit Updated. Quote Link to comment Share on other sites More sharing options...
no42 Posted July 30, 2013 Share Posted July 30, 2013 Looks great! :D Hopefully, Darren will see this and get in touch. We'll probably need to check the source for any potenital loop-holes, incase any drive-by attackers try to exploit the application. Quote Link to comment Share on other sites More sharing options...
overwraith Posted July 30, 2013 Share Posted July 30, 2013 Would defiantly want these scripts made available. The more payloads the better. Quote Link to comment Share on other sites More sharing options...
mreidiv Posted July 31, 2013 Share Posted July 31, 2013 Looks good Im interested. \ @411 #Darren #Darren? lol Quote Link to comment Share on other sites More sharing options...
411Hall Posted July 31, 2013 Author Share Posted July 31, 2013 Thanks for the feedback guys, glad you like the looks of it! :D You will have to give me a couple of days to get the scripts sorted so they can run induvidually, they way the website is designed is to add a standard header to the beginning of each script which opens CMD etc. and then if a recon script has been added the html required to make the reports is also included. I have alot more scripts and features which i had intended to add but just never got the chance, so i will try to get working on a few of them over the next couple of weeks. Also added some new images showing the net scan and port scan. 411. Quote Link to comment Share on other sites More sharing options...
skysploit Posted August 1, 2013 Share Posted August 1, 2013 411, This looks great! Thanks for putting in the work... ~skysploit Quote Link to comment Share on other sites More sharing options...
Guest spazi Posted August 6, 2013 Share Posted August 6, 2013 Looks wicked! Should be easy to support other keyboard layouts right? Quote Link to comment Share on other sites More sharing options...
dustbyter Posted August 6, 2013 Share Posted August 6, 2013 Setting up a github to post this can be helpful to the community in general. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted August 6, 2013 Share Posted August 6, 2013 Wow this is fantastic! 411 - emailed you. Quote Link to comment Share on other sites More sharing options...
moxic Posted August 8, 2013 Share Posted August 8, 2013 Well done! It would be awesome to play with your suite, and a great set of scripts to learn from. Quote Link to comment Share on other sites More sharing options...
411Hall Posted August 9, 2013 Author Share Posted August 9, 2013 (edited) The first version of the site is now online! :D http://ducktoolkit-411.rhcloud.com/Home.jsp I had to remove a few features from the orginial specification but i plan to reintroduce these in the future. What i need is people to test the site/scripts and let me know if everything is working properly. If you have any issues with either the scripts or the site please let me know in this thread so i can fix asap. 411. Edited August 9, 2013 by 411 Quote Link to comment Share on other sites More sharing options...
411Hall Posted August 19, 2013 Author Share Posted August 19, 2013 I have updated the Duck Toolkit. New Features 1 x Reconnaissance Script (Copy FireFox Profile) 3 x Exploitation Scripts (Enable Reverse Desktop, Create a Reverse Shell, DNS Poisoning) 1 x Reporting Script (Email Reporting via Gmail) You are now able to download both .bin file and the .txt file. This will allow you create the scripts and encode them later offline. Existing recon scripts have been modified to include more data. An MD5 hash value is now generated for each payload A sample reconnaissance report has been added I am planning on adding some scripts from the simple-ducky over the next few weeks and I am also trying to find a way to implement twin duck support. 411. Quote Link to comment Share on other sites More sharing options...
levisiccard Posted September 28, 2013 Share Posted September 28, 2013 This topic actually helped me a lot! Great great Great is all I can say. Made my first bin file and now I'm over to the hak5 shop to buy my first ducky duck. I'm planning to use it also for a school project. In my last project by the way about wireless security I've been using the Pineapple so hak5 is really helping me to get graduated on a pleasant way:-) Thumbs up !! Quote Link to comment Share on other sites More sharing options...
411Hall Posted November 11, 2013 Author Share Posted November 11, 2013 Just a heads up that i have added 2 new scripts to the Toolkit and have also fixed some bugs that were reported with the Online Encoder. New Scripts Copy SAM File (Creates a shadow copy of the SAM file so it can be accessed) Remove Windows Update (Allows the user to specify a Windows Update to be removed from the target system) Other New Features Line numbers have been added to the online encoder. The error handling on the online encoder has been improved Support for French Mac keyboards has been added Swedish keyboard mapping has been updated to allow support for ^ I am still working on Twin Duck reporting and exploitation functionality but its proving hard. 411. Quote Link to comment Share on other sites More sharing options...
CodeA2 Posted December 15, 2013 Share Posted December 15, 2013 Well done! Quote Link to comment Share on other sites More sharing options...
Steevo Posted December 21, 2013 Share Posted December 21, 2013 I am having a little trouble understanding this duck toolkit. I understand the duck when inserted types commands to steal username and pw from memory, saves that to flash and when you pull it out that data is with you. You now can go back to that system and login. It seems the duck toolkit doesn't include any of that. So that happens anyway and this generator adds to that function, which is always there. Is that about right? Or am I confused? Quote Link to comment Share on other sites More sharing options...
Steevo Posted December 23, 2013 Share Posted December 23, 2013 Dead silence on this one. Hmm. Quote Link to comment Share on other sites More sharing options...
y0gg Posted December 29, 2013 Share Posted December 29, 2013 Hello, I enjoy using this toolkit very much. However I seem to have a problem with the "ComputerInfo.html" file. My example situation is the following: Select "Computer Information" and "User Information" recon check boxes from your toolkit site and build a payload to gmail to myself from the target computer. Everything works fine. Now, when I build and test another payload on the same machine, this time I select (for example) "User Document List" or anything else from those checkboxes in the "Reconnaissance" section that would report back into ComputerInfo.html. Then I encode the ducky as normal and insert into the same machine. I get a popup when its almost done telling me that there is another ComputerInfo.html file already there and if I want to copy and replace. This is where the hiccup is because the script is not programmed to make a decision at this window. But It then creates the zip file anyway with the original ComputerInfo.html fIle, not the new one (which would be the "User Document List") and sends it out through email. Apparently, that previous ComputerInfo.html file was not erased properly or something after the first payload finished even though the temporary folder "C:\Users\MY-PC\Duck" is deleted once it exports the zip file. If that folder is deleted after a payload finishes, then why do I get a "do you want to copy and replace" window during a new different recon payload? I want to be able to use the same machine multiple times with different combinations of payloads and it report the intended "ComputerInfo.html" file to me. How can I prevent this? Is there a way to tell that I won't run into this problem before I insert the ducky? -Thank you in advance Quote Link to comment Share on other sites More sharing options...
psydT0ne Posted January 2, 2014 Share Posted January 2, 2014 Hope someone can answer my question. The web based script generators such as this one are very awesome, don't get me wrong. But i'm wondering what happens when the sites themselves are no longer available, ie. domains expire, site owner/creator moves on with life, etc. Is there a way we can get a zip file of these sites from the creator to mirror locally so that we always have a copy no matter what shappens? I understand that there are noobs who would love to put there own name to someone elses creation for their own gain...but.. Hope people can see where I'm coming from. Quote Link to comment Share on other sites More sharing options...
411Hall Posted January 2, 2014 Author Share Posted January 2, 2014 Hello, I enjoy using this toolkit very much. However I seem to have a problem with the "ComputerInfo.html" file. My example situation is the following: Select "Computer Information" and "User Information" recon check boxes from your toolkit site and build a payload to gmail to myself from the target computer. Everything works fine. Now, when I build and test another payload on the same machine, this time I select (for example) "User Document List" or anything else from those checkboxes in the "Reconnaissance" section that would report back into ComputerInfo.html. Then I encode the ducky as normal and insert into the same machine. I get a popup when its almost done telling me that there is another ComputerInfo.html file already there and if I want to copy and replace. This is where the hiccup is because the script is not programmed to make a decision at this window. But It then creates the zip file anyway with the original ComputerInfo.html fIle, not the new one (which would be the "User Document List") and sends it out through email. Apparently, that previous ComputerInfo.html file was not erased properly or something after the first payload finished even though the temporary folder "C:\Users\MY-PC\Duck" is deleted once it exports the zip file. If that folder is deleted after a payload finishes, then why do I get a "do you want to copy and replace" window during a new different recon payload? I want to be able to use the same machine multiple times with different combinations of payloads and it report the intended "ComputerInfo.html" file to me. How can I prevent this? Is there a way to tell that I won't run into this problem before I insert the ducky? -Thank you in advance So sorry about the delay in my reply. I have started a new job recently so things have been manic. Yeah that script is poorly written, i will make a modification this weekend that adds a number and increments by one each time or possibly a timestamp. Anyway should be fixed by Sunday, thanks for bringing that to my attention :) Hope someone can answer my question. The web based script generators such as this one are very awesome, don't get me wrong. But i'm wondering what happens when the sites themselves are no longer available, ie. domains expire, site owner/creator moves on with life, etc. Is there a way we can get a zip file of these sites from the creator to mirror locally so that we always have a copy no matter what shappens? I understand that there are noobs who would love to put there own name to someone elses creation for their own gain...but.. Hope people can see where I'm coming from. Definately see where your coming from, its very similar to when i-ducke disappeared and seems to be lost forever. The Duck Toolkit is hosted on a free hosting site with no 'time limit' so there is no reason that it should disappear overnight. That being said i have been planning to get it on github for several months but work commitments have just taken all my time. I will get this moving over the coming weeks, there are still changes that need to be made to the code as there are a few issues that will prevent in running elsewhere. Its also such a big project i will need to comment the code as i doubt my code will make much sense. I will let you know when this is all done. Dead silence on this one. Hmm. I think you may be a little confused. The Duck is capable of stealing usernames and passwords from a target computer this is however one of its MANY uses. The aim of this project was to introduce a tool which would allow users to select from multiple pre compiled scripts (25+) in order to build a payload which suited their needs. Some of these scripts already existed however I created many of the scripts myself for my own uses. The secondary aim of the project was to introduce a reporting functionality to the Ducky which would allow users to extract reconnaissance information from a target machine, an example of this can be seen here: http://www.ducktoolkit.com/SampleReport.html You rightly point out that the Duck Toolkit doesn’t include twin duck functionality at this time which would allow you to insert a USB & Ducky and steal the password file but it is still in its early stages. I have a lot of the code in place which would allow the twin duck approach to work but it isn’t easy to merge this with my current approach, major code revisions are needed. The Toolkit does contain the username/password stealing functionality btw, but you have to email, ftp or save to the local machine. Anyway, hope that answer your question. 411. Quote Link to comment Share on other sites More sharing options...
Steevo Posted January 2, 2014 Share Posted January 2, 2014 (edited) So sorry about the delay in my reply. I have started a new job recently so things have been manic. Yeah that script is poorly written, i will make a modification this weekend that adds a number and increments by one each time or possibly a timestamp. Anyway should be fixed by Sunday, thanks for bringing that to my attention :) Definately see where your coming from, its very similar to when i-ducke disappeared and seems to be lost forever. The Duck Toolkit is hosted on a free hosting site with no 'time limit' so there is no reason that it should disappear overnight. That being said i have been planning to get it on github for several months but work commitments have just taken all my time. I will get this moving over the coming weeks, there are still changes that need to be made to the code as there are a few issues that will prevent in running elsewhere. Its also such a big project i will need to comment the code as i doubt my code will make much sense. I will let you know when this is all done. I think you may be a little confused. The Duck is capable of stealing usernames and passwords from a target computer this is however one of its MANY uses. The aim of this project was to introduce a tool which would allow users to select from multiple pre compiled scripts (25+) in order to build a payload which suited their needs. Some of these scripts already existed however I created many of the scripts myself for my own uses. The secondary aim of the project was to introduce a reporting functionality to the Ducky which would allow users to extract reconnaissance information from a target machine, an example of this can be seen here: http://www.ducktoolkit.com/SampleReport.html You rightly point out that the Duck Toolkit doesn’t include twin duck functionality at this time which would allow you to insert a USB & Ducky and steal the password file but it is still in its early stages. I have a lot of the code in place which would allow the twin duck approach to work but it isn’t easy to merge this with my current approach, major code revisions are needed. The Toolkit does contain the username/password stealing functionality btw, but you have to email, ftp or save to the local machine. Anyway, hope that answer your question. 411. Well, there's no doubt I am confused. Ha. Completely! I saw where it could email or ftp or save, but not to the duck, to the machine (or so it seems). Or can it save to the filesystem on the duck? I watched the video of Darrin at the bar, showing how his USB rubber duck could retrieve his PW, "lamepassword", which he admonished us to not use. Maybe he was using minikatz on that show? I kind of thought that was a primary use of the rubber duck. Stick it in, it gets the pw, here it is, and you may now login. I was trying to figure out how I can put that on an innocuous looking usb drive I have so many of on hand, could come in handy in my bag of tricks. Ya know, you use stuff like that, and people think you're a genius! Solve their problems like it was nothing. Har. Edited January 2, 2014 by Steevo Quote Link to comment Share on other sites More sharing options...
411Hall Posted January 5, 2014 Author Share Posted January 5, 2014 Just a heads up. I have made a few minor adjustments to the toolkit based on feedback i got from users. - The payloads will no longer fail if a Ducky folder already exists in the user home directory - The network scan will no longer fail if the user is using a VPN - The encoders error messages have been tweaked so they display the correct line (sometimes the messages were +10 lines off) Most importantly i have switched to using the Duck Encoder v2.6.2. Which means now thanks to midnitesnake i can include keyboard language selections for Spanish, Canadian and Swiss keyboards. 411. Quote Link to comment Share on other sites More sharing options...
Orbit Posted January 6, 2014 Share Posted January 6, 2014 Very very nice, waiting for my duck's to arrive but I've looked at some of the payloads and they are very nice indeed, you really should make an option to save to ducky though. Quote Link to comment Share on other sites More sharing options...
shutin Posted January 13, 2014 Share Posted January 13, 2014 honestly man, who wouldn't just check every box that wasnt obtrusive. It's not like I DONT want the computer name. This didnt work for me, but then, i packed the list. IMHO, ducky tech has evolved to where it's now about getting the report file back on the twin duck or loading exes from it. everything else has been done. Glad to see a web site for it though. even if it didnt work for me ;) Quote Link to comment Share on other sites More sharing options...
Hak6 Posted January 23, 2014 Share Posted January 23, 2014 I have a problem and it's most likely something I'm doing wrong, but when I do any of the reconnaissance scripts it does everything it is suppose to do except save the Report.zip in the directory I choose? Looking through the plain text I can see it's not being told to save to the directory I choose? What could I be doing wrong? Also is there a way to save this tool for offline use? Thanks in advance for any answers and thanks to the amazing creator of this sweet tool! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.