Obi-Wahn Posted September 30, 2013 Share Posted September 30, 2013 Hi! I'm a quite long owner of multible teensys but sadly I haven't done much with them until I bought them. After watching the Show where Darren exfiltates Passwords with the Duck, I ordered one. A couple days later, the duck swam through my door ;) So I started writing my own little script wich calles another batch on the sd card, but I'm running in some issues. First and foremost, if I run the powershell command to gain administrative powers, time varies to display the UAC dialogue from pc to pc. Also, a program, like written in AutoHotkey or AutoIT could be stealthier than a batch file. This could be even more interesting since you are able to trigger Keystrokes with either Scriptlanguage. To interact with the duck, is there a possibility to write If-commands in the duck payload, so it waits to execute some code? If not, it would be a really nice addition to the duck. But if it isn't possible, may someone can explain me why? THXIA Obi-Wahn Quote Link to comment Share on other sites More sharing options...
no42 Posted September 30, 2013 Share Posted September 30, 2013 The ducky pretends to be a HID keyboard. The main direction of communication is from the ducky to the computer. The only feedback (communication) from the computer to the ducky are interrupts. These interrupts are limited, and mainly control the status of the keyboard LEDs. The only "if's" programmable are if CAPS_LOCK/NUM_LOCK/SCROLL_LOCK enabled. Which are in the Ducky Detour Firmware. However....... Exception: If you were to create a custom ducky firmware and a special client-side program that is capable of creating USB HID interrupts, you could insert any data you like / could conceive into a series of "HID Reports" that the ducky could potentially read and react to! Hint: http://ob-security.info/?p=590 However, the researcher is not releasing and source-code only binaries. Wish I had the time, but work beckons and my time is now limited. Volunteers welcome! Quote Link to comment Share on other sites More sharing options...
Obi-Wahn Posted October 1, 2013 Author Share Posted October 1, 2013 Well, if the LOCK-Keys are If-Programmable (which they should, AFAIR I read that these keys are sent from the OS to all HIDs) then that would be enough. eg.: I'm writing a Script in AutoHotkey (AHK). I can add a If-statement in the script which checks if the compiled script is running with administrative privileges or not. If it doesn't, I can enable CapsLock with the script which would also be sent to the ducky, which knows then, when the script is executed. With this method, there could be a failsave implemented so that you've neither a too early Enter Keystroke from the duck OR a suspicious UAC window 5-15 secs on the screen while you are waiting for the duck. Any other If loops would be unnecessary. At least for Data exfiltration... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.