Jump to content
Hak5 Forums

Recommended Posts

411Hall   

honestly man, who wouldn't just check every box that wasnt obtrusive. It's not like I DONT want the computer name. This didnt work for me, but then, i packed the list.

IMHO, ducky tech has evolved to where it's now about getting the report file back on the twin duck or loading exes from it. everything else has been done. Glad to see a web site for it though. even if it didnt work for me ;)

Sorry for the delay in my reply. I promise it will get there! Did it error for you out of curiosity or just out right fail?

I have a problem and it's most likely something I'm doing wrong, but when I do any of the reconnaissance scripts it does everything it is suppose to do except save the Report.zip in the directory I choose? Looking through the plain text I can see it's not being told to save to the directory I choose? What could I be doing wrong?

Also is there a way to save this tool for offline use?

Thanks in advance for any answers and thanks to the amazing creator of this sweet tool!

Ah sorry about that its probably a coding error on my end. Would you mind messaging me a few more details on here or emailing me at ducktoolkit@outlook.com

Specifically I want to know where your asking the file to save and what the text file is displaying instead.

411.

Share this post


Link to post
Share on other sites
Hak6   

Ah sorry about that its probably a coding error on my end. Would you mind messaging me a few more details on here or emailing me at ducktoolkit@outlook.com

Specifically I want to know where your asking the file to save and what the text file is displaying instead.

411.

Either C:\Users\Public\Documents or back to the duck J:\ (on my system). No matter where I ask in the plain text file it always says and I'm not sure how much of the code you will need to see but this is what I'm seeing.

($fileSaveDir){

ENTER
STRING $srcdir = $fileSaveDir
ENTER
STRING $zipFile = 'C:\Windows\Report.zip'
ENTER
STRING if(-not (test-path($zipFile))) {
ENTER
STRING set-content $zipFile
Let me know if you need any more info, thanks again

Share this post


Link to post
Share on other sites
411Hall   

Either C:\Users\Public\Documents or back to the duck J:\ (on my system). No matter where I ask in the plain text file it always says and I'm not sure how much of the code you will need to see but this is what I'm seeing.

($fileSaveDir){

ENTER
STRING $srcdir = $fileSaveDir
ENTER
STRING $zipFile = 'C:\Windows\Report.zip'
ENTER
STRING if(-not (test-path($zipFile))) {
ENTER
STRING set-content $zipFile
Let me know if you need any more info, thanks again

All fixed mate. Was a stupid mistake on my end.

Sorry about that,

411.

  • Upvote 1

Share this post


Link to post
Share on other sites
Hak6   

All fixed mate. Was a stupid mistake on my end.

Sorry about that,

411.

Awesome, I'll test it out after work. Again, awesome tool thank so much!

Share this post


Link to post
Share on other sites
Hak6   

Is it possible to add the SYSTEM file to the extract SAM file payload?

Also I notice "ALT y" in the beginning of a lot of the code, What purpose dose it serve? Just curious.

DELAY 3000
GUI r
DELAY 750
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 1500
ALT y
DELAY 500

ENTER

Thanks in advance!

Edited by Hak6

Share this post


Link to post
Share on other sites
411Hall   

Is it possible to add the SYSTEM file to the extract SAM file payload?

Also I notice "ALT y" in the beginning of a lot of the code, What purpose dose it serve? Just curious.

DELAY 3000
GUI r
DELAY 750
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 1500
ALT y
DELAY 500

ENTER

Thanks in advance!

Yeah adding System file shouldn't be an issue. I will try a few things later on and roll it out with the next update if it works.

The 'ALT y' is used as a way to answer yes on the User Account Control dialogue which appears when you try to run programs with admin privileges. I found it more reliable than the 'LEFT ENTER' method i was using before. The start of my scripts is taken directly from Darren's UAC bypass script posted here:

https://forums.hak5.org/index.php?/topic/30100-payload-faster-uac-bypass/

411.

Share this post


Link to post
Share on other sites
411Hall   

Am I to understand that this can be used for any os?

No sorry, only Windows systems with admin priveledges that have PowerShell installed. What OS are you interested in running it against?

411.

Edited by 411

Share this post


Link to post
Share on other sites
brazen   

No sorry, only Windows systems with admin priveledges that have PowerShell installed. What OS are you interested in running it against?

411.

os x

Share this post


Link to post
Share on other sites

I'm having trouble with this toolkit's email function. I always try to send all the reconnaissance info to an email address, but it never sends the email to the one i specified.

This is how the menu is setup for email recon (I'm certain you know how it looks anyway)

Reporting Scripts

Email Report via GMAIL

Email address to send report to: (name@gmail.com)

Email Username: (name)

Email Password: (Password123)

For example, the first box I fill in with: cgdcrew@gmail.com

The second box I fill out with: cgdcrew@gmail.com

And then the password for my gmail account.

I download the binary, but the inject.bin into the root of the Ducky, put it onto a test machine that I have, it writes and executes all code, but no email is sent to the specified address.

Is this a bug or am I doing something wrong? Thanks.

Edited by Dolphineer

Share this post


Link to post
Share on other sites
411Hall   

I'm having trouble with this toolkit's email function. I always try to send all the reconnaissance info to an email address, but it never sends the email to the one i specified.

This is how the menu is setup for email recon (I'm certain you know how it looks anyway)

Reporting Scripts

Email Report via GMAIL

Email address to send report to: (name@gmail.com)

Email Username: (name)

Email Password: (Password123)

For example, the first box I fill in with: cgdcrew@gmail.com

The second box I fill out with: cgdcrew@gmail.com

And then the password for my gmail account.

I download the binary, but the inject.bin into the root of the Ducky, put it onto a test machine that I have, it writes and executes all code, but no email is sent to the specified address.

Is this a bug or am I doing something wrong? Thanks.

Hey mate,

Sorry about that. I have just tested the script and it worked for me, I am assuming you have checked Junk folders etc? (I have to ask)

I think you may be having one of two possible issues:

1. Its possible that either the 'Report.zip' isn't ever being created so it can be uploaded and sent via email, that would cause the script to crash.

2 . SMTP (port 25) may be blocked on your firewall which is preventing the script from being sent. However I have never had this issue and I have tried on several computers with different firewalls etc.

First thing i would try is disabling any firewalls etc and doing a test run, if the email arrives then problem sorted. Although i will need to fix that issue.

If that doesn't work then its probably a 'Report.zip' issue. Could you try making a recon script and select the 'Save Report to Target Machine' option, enter a folder directory for the file to save too and run the script. That will let me know if the zip creation functionality is working on your computer.

Sorry for the issues,

411.

Share this post


Link to post
Share on other sites
411Hall   

Version 2 of the Duck Toolkit is now online!

v.2 Changes:

  1. New UI
  2. USB Reporting Payload
  3. Duck Slurp Payload
  4. Fixed Encoder Issues
  5. USB Recon Script Updated
  6. Fixed Other Backend Issues

Check it out at http://www.ducktoolkit.com

Feedback is always appreciated. Also I really want to get some fresh scripts on the site in the coming weeks so if anyone has any requests just message me.

Enjoy,

411.

Share this post


Link to post
Share on other sites
lilfear1   

I am having the same problem, and if I try to physically click no or yes the ducky doesn't finish the attack.

this wont let me paste the post this was referring to and I hit quote.....

Anyway the post I am referring to says that when I insert the ducky into my target computer then remove. add another payload on ducky re-insert into same target computer comes up with error saying file already exists (cant think of the file atm sorry) but it goes on to ask if you want to replace it or not. I thought that file would be deleted showing no evidence of even being there. If I hit yes to override it the ducky doesn't finish the attack.

Also on another subject my SD that came with my ducky is also bad I have a 4Gb that seems to work though.

Edited by lilfear1

Share this post


Link to post
Share on other sites

Anyway the post I am referring to says that when I insert the ducky into my target computer then remove. add another payload on ducky re-insert into same target computer comes up with error saying file already exists (cant think of the file atm sorry) but it goes on to ask if you want to replace it or not. I thought that file would be deleted showing no evidence of even being there. If I hit yes to override it the ducky doesn't finish the attack.

I've just started working with the Rubby Ducky and the scripts generated on the Duck Toolkit site, so hopefully I'm not giving you bad information.

I believe you are referring to the file listed below.

CTRL S
DELAY 1500
STRING C:\Windows\config.ps1

The above is only a portion of the script generated on the Duck Toolkit site. The CTRL S line opens the option in Notepad to save a file. "STRING C:\Windows\config.ps1" enters the name and location in which to save the file. If the file already exist in C:\Windows\, a message will prompt for replacement.

The final portion of the script is to execute the config.ps1 file via Powershell in a hidden window.

STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1
ENTER

Currently I do not see anything which automatically removes the C:\Windows\config.ps1 file. This means prior to deploying the Ducky payload, you will need to manually remove the file or add a line to the script which removes the file automatically to avoid the error message letting you know the file already exist.

Hope that helps a bit.

  • Upvote 1

Share this post


Link to post
Share on other sites
411Hall   

I am having the same problem, and if I try to physically click no or yes the ducky doesn't finish the attack.

this wont let me paste the post this was referring to and I hit quote.....

Anyway the post I am referring to says that when I insert the ducky into my target computer then remove. add another payload on ducky re-insert into same target computer comes up with error saying file already exists (cant think of the file atm sorry) but it goes on to ask if you want to replace it or not. I thought that file would be deleted showing no evidence of even being there. If I hit yes to override it the ducky doesn't finish the attack.

Also on another subject my SD that came with my ducky is also bad I have a 4Gb that seems to work though.

Sorry about that mate. Its exactly what Merlintime said, nice one btw! The PowerShell file which is created when the script is deployed is called config.ps1, this is saved in the C:\Windows folder. The file will erase itself after completion.

So that fact that its still there means the script you run before has either errored or hasn't completed. Have you by chance run the Twin Duck script? I seem to remember that doesn't finish for a very very long time even after alot of the files have been copied to the USB.

Anyway its a simple enough fix. I will make sure that future scripts overwrite the config.ps1 file if its present. Should be able to push the changes out by the weekend.

Issue is now fixed.

Thanks for using the Toolkit and sorry about the issues.

411.

Edited by 411

Share this post


Link to post
Share on other sites
lilfear1   

I've just started working with the Rubby Ducky and the scripts generated on the Duck Toolkit site, so hopefully I'm not giving you bad information.

I believe you are referring to the file listed below.

CTRL S
DELAY 1500
STRING C:\Windows\config.ps1

The above is only a portion of the script generated on the Duck Toolkit site. The CTRL S line opens the option in Notepad to save a file. "STRING C:\Windows\config.ps1" enters the name and location in which to save the file. If the file already exist in C:\Windows\, a message will prompt for replacement.

The final portion of the script is to execute the config.ps1 file via Powershell in a hidden window.

STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1
ENTER

Currently I do not see anything which automatically removes the C:\Windows\config.ps1 file. This means prior to deploying the Ducky payload, you will need to manually remove the file or add a line to the script which removes the file automatically to avoid the error message letting you know the file already exist.

Hope that helps a bit.

Ok thank you for your help. I wil just add in a line and hopefully I dont do it wrong lol thanks a bunch

Share this post


Link to post
Share on other sites
Qtec   

Hi
I am new to hak5 forum, and i love the show.
I always do a lot of googling before using forums as last resort.
I came by this rubber ducky tool and the site is realy nice.
I was wondering if it is possible to run payload script generated on a normal usb flash drive?
Any help or link to reading about this will be much appreciated.

Share this post


Link to post
Share on other sites

Afraid not, the ducky is NOT a flash drive. You could write scripts for one of the Teensy boards that would achieve the same effect, but the ducky is superior.

Share this post


Link to post
Share on other sites
411Hall   

I have added a new delay feature to the Toolkit.

Now you can specify exactly how much delay you want on each script, this should prevent any run time errors with the scripts trying to execute faster than the target computer can handle.

post-44660-0-89893900-1399487308_thumb.p

411.

Share this post


Link to post
Share on other sites
xyntax   

Why if I choose italian layout keyboard the shortcut are still USA? example: alt y. In italian its alt s. Also when generating the script i see lot of downarrow that are useless at my point of view.

P.s. I choosed, computer information + find and upload a file FTP + save report to target machine but I had to modify all the shortcut because they were wrong. What can I do now??

Share this post


Link to post
Share on other sites
411Hall   

Hi xyntax sorry for the delay in my reply. I believe there is an issue with the italian keyboard layout in the latest encoder as you are not the only person to report this to me.

The down arrows are there to pull the notepad off screen. The amount of down arrows required to get the notepad off screen vary depending on screen resolution. Since i dont know the users screen resolution i have included more that should be would probably be necessary to ensure the notepad is always hidden.

411.

Share this post


Link to post
Share on other sites
nazgul   

I am having an issue creating a working payload ... I am new to the gear so please bear with me :)

I am trying to generate a very simple payload ... Just selecting Comper Info from RECON and Save to target for REPORT ... The Script seems to run fine on the target ... However after the command prompt closes I just have a PowerShell file on my desktop and NO c:\report.zip file .... What am I missing???

Share this post


Link to post
Share on other sites
411Hall   

I am having an issue creating a working payload ... I am new to the gear so please bear with me :)

I am trying to generate a very simple payload ... Just selecting Comper Info from RECON and Save to target for REPORT ... The Script seems to run fine on the target ... However after the command prompt closes I just have a PowerShell file on my desktop and NO c:\report.zip file .... What am I missing???

Hi nazgul, sorry you are having issues!

Would you mind sending the .txt and .bin payloads to ducktoolkit@outlook.com so i can have a look? There is definitely something wrong as the PowerShell file should be hidden in C:\Windows.

411.

Share this post


Link to post
Share on other sites
411Hall   

Just a heads up.

I have updated the encoder on the Toolkit to 2.6.3. Hoping this will fix the issues users have been having with the Encoder.

Any issues let me know.

411.

  • Upvote 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×