Jump to content

Twin Duck issues


Aklys

Recommended Posts

I've applied both "c_duck_v2.1" and "cm_duck" and I have issues with each unique to them selves.

I have applied the firmware on a windows 7 box and tested on the same box.

The problems I have experienced so far are the following:

* Twin Duck firmware sometimes runs the payload and detects the SD card as mass storage for about 1 second. The drive appears in explorer for about 1 second and then disappears, it is not visible in the drive manager either. The lights on the naked ducky alternate between what seems to be green and orange.

* Twin + Detour Duck firmware seems to work fine until if freezes the workstation (tested this on two windows 7 computers). Time seems to be random and services don't return to normal within 20 minutes. Even after removal the computer requires a restart.

EDIT: the Twin + Detour Duck can run payload and is detected as a drive before it freezes the workstation if I wasn't clear about that.

Has anyone else experienced these issues or found solutions to them if they have experienced them?

Thanks in advance to anyone that can inform me of my poor ways of getting this tool to function :)

Edited by Aklys
Link to comment
Share on other sites

  • 2 weeks later...

I am also having issues with Twin Duck original firmware. It has been functional through my testing today but just about a half hour ago the DUCKY storage drive no longer mounts and the inject.bin does not run either. Tried on 2 PCs. I get an alternating fast and slow red LED flashing on one PC and I get no lights at all on the other. The storage will mount if I put the SD card in another reader.

Link to comment
Share on other sites

After further testing it appears as though the SD cards have been somehow corrupted or damaged by the twin ducky. I reflashed the firmware and got not change. I checked the SD cards on 2 other PCs (one linux one windows) and on the windows PC I got "I/O" errors in the pop up dialog box. I am always "safely removing" the mounted storage before I take it out of the PC I am working on. Has anyone else had SD corruption issues with the twin duck? Thanks to all who reply! :)

Link to comment
Share on other sites

I am not getting expected results from the twin duck firmware. I am testing on a Win7 VM (32-bit). I am trying to test out the mimikatz payload. With Firmware c_duck_v2.1, the SD card is not recognized, yet the payload executes. With cm_duck, the SD card is recognized but the payload is not executed.

I don't get any errors at all. Just half works with one and the other half works with the other.

Link to comment
Share on other sites

After further testing it appears as though the SD cards have been somehow corrupted or damaged by the twin ducky. I reflashed the firmware and got not change. I checked the SD cards on 2 other PCs (one linux one windows) and on the windows PC I got "I/O" errors in the pop up dialog box. I am always "safely removing" the mounted storage before I take it out of the PC I am working on. Has anyone else had SD corruption issues with the twin duck? Thanks to all who reply! :)

Ok, after further testing this seems to be begin caused by read write errors likely associated with the ducky drive not unmounting correctly. No matter if I dismount from windows explorer or the system tray, it still stays visible and navigable in the windows explorer window. I have told it to dismount from the explorer window and the system tray many times and it always throws up the "safe to remove" balloon; but alas, once I do remove it I get alternating fast and slow red clinking and not drive mount or code execution on the twin duck whenever it is inserted into any client. I have reflashed the firmware to no avail. Is any one else having these SD card corruption/dismount errors?

EDIT: putting the "inject.bin" file on the root with 2 other file folders causes this thing to fail. If I remove the inject.bin I am able to mount ducky storage. So with any payload on it the thing totally fails. With no payload the storage will mount. If I have the payload there but named incorrectly then I still have access to the storage. I am only seeing this failure now with the payload on the root of the SD named properly (inject.bin).

Edited by TeCHemically
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...