Jump to content

If query from the duck


Recommended Posts


I'm a quite long owner of multible teensys but sadly I haven't done much with them until I bought them. After watching the Show where Darren exfiltates Passwords with the Duck, I ordered one.

A couple days later, the duck swam through my door ;)

So I started writing my own little script wich calles another batch on the sd card, but I'm running in some issues.

First and foremost, if I run the powershell command to gain administrative powers, time varies to display the UAC dialogue from pc to pc.

Also, a program, like written in AutoHotkey or AutoIT could be stealthier than a batch file.

This could be even more interesting since you are able to trigger Keystrokes with either Scriptlanguage.

To interact with the duck, is there a possibility to write If-commands in the duck payload, so it waits to execute some code?

If not, it would be a really nice addition to the duck.

But if it isn't possible, may someone can explain me why?



Link to comment
Share on other sites

The ducky pretends to be a HID keyboard.

The main direction of communication is from the ducky to the computer.

The only feedback (communication) from the computer to the ducky are interrupts. These interrupts are limited, and mainly control the status of the keyboard LEDs.

The only "if's" programmable are if CAPS_LOCK/NUM_LOCK/SCROLL_LOCK enabled. Which are in the Ducky Detour Firmware.


Exception: If you were to create a custom ducky firmware and a special client-side program that is capable of creating USB HID interrupts, you could insert any data you like / could conceive into a series of "HID Reports" that the ducky could potentially read and react to!

Hint: http://ob-security.info/?p=590

However, the researcher is not releasing and source-code only binaries.

Wish I had the time, but work beckons and my time is now limited. Volunteers welcome!

Link to comment
Share on other sites

Well, if the LOCK-Keys are If-Programmable (which they should, AFAIR I read that these keys are sent from the OS to all HIDs) then that would be enough.

eg.: I'm writing a Script in AutoHotkey (AHK). I can add a If-statement in the script which checks if the compiled script is running with administrative privileges or not. If it doesn't, I can enable CapsLock with the script which would also be sent to the ducky, which knows then, when the script is executed.

With this method, there could be a failsave implemented so that you've neither a too early Enter Keystroke from the duck OR a suspicious UAC window 5-15 secs on the screen while you are waiting for the duck.

Any other If loops would be unnecessary. At least for Data exfiltration...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...