factgasm Posted December 3, 2013 Posted December 3, 2013 In this thread Crackruckles pointed out that the command line editor can be run as administrator with the following: Press the Win keyboard key or click on Vista Start button. Type cmd into the Start Search textbox. Press Ctrl+Shift+Enter keyboard shortcut. Ctrl-Shift-Enter is the general keyboard shortcut that triggers elevation to “Run as Administrator”. Press Alt+C or press Continue to confirm the UAC elevation warning prompt. The question is : Can Ducky Script handle three-key combos? Sorry to start a whole new thread on this but I felt this was important enough to merit it (mods feel free to merge). Quote
overwraith Posted December 3, 2013 Posted December 3, 2013 Yes, I have done it before. STRING cmd CTRL-SHIFT ENTER Quote
factgasm Posted December 3, 2013 Author Posted December 3, 2013 (edited) Overwraith, you're a gentleman and a scholar. :) Update: Sadly, having tried it, It doesn't run as hoped on either. Here's a sample script I'm working with in Windows7/8. DELAY 3000DEFAULT_DELAY 500GUI rSTRING cmdCONTROL-SHIFT ENTERALT YEXIT Can anyone see why the CONTROL-SHIFT ENTER combo wouldn't work? Personally I suspect that DuckyScript hasn't been set up to handle key-triples yet, though I would be happy to be proven wrong. Edited December 4, 2013 by factgasm Quote
3mrgnc3 Posted December 3, 2013 Posted December 3, 2013 (edited) Have you tried CTRL-SHIFT ENTER instead of CONTROL-SHIFT ENTER? Also what keyboard are you encoding for? Have you had any error output whilst compiling the binary? ;) Edited December 3, 2013 by 3mrgnc3 Quote
factgasm Posted December 4, 2013 Author Posted December 4, 2013 (edited) I have tried both CTRL and CONTROL in the script. Neither produces compile error messages and both produce the same result at run time: The scripts run, the command line window pops-up (not as Administrator :() and the duck types the characters 'y' and 'e' at the prompt. I'm using a UK keyboard but I have not set any parameters in my 'java -jar' line as presumably CTRL, SHIFT and ENTER are common on Western keyboards. Edited December 4, 2013 by factgasm Quote
3mrgnc3 Posted December 4, 2013 Posted December 4, 2013 Personally I suspect that DuckyScript hasn't been set up to handle key-triples yet, though I would be happy to be proven wrong. Sadly I suspect that you may be correct there mate. :( Quote
factgasm Posted December 4, 2013 Author Posted December 4, 2013 Looks like a new firmware release might be needed. DARREN!! Quote
no42 Posted December 4, 2013 Posted December 4, 2013 Nothing to do with firmware. Should be the encoder, which one are you using? Quote
factgasm Posted December 4, 2013 Author Posted December 4, 2013 (edited) Good question. There are several sources for the encoder. Unfortunately I can't remember which website I got the one I'm using from (possibly Github) and there's no identifying feature other than to tell you is a file called encoder.jar 52.6kb in size. You'll have to forgive me here, I'm new to this and fumbling my way through. The good news is that I have sidestepped the problems I mentioned earlier by using powershell, but the three-key-combo problem still remains. Edited December 10, 2013 by factgasm Quote
no42 Posted December 4, 2013 Posted December 4, 2013 Can you try again with this one? DuckEncoder_2.6.2.zip Quote
factgasm Posted December 10, 2013 Author Posted December 10, 2013 (edited) Gave it a try and er . . .. nope, that didn't work either. Edited December 10, 2013 by factgasm Quote
smokintbird Posted December 15, 2013 Posted December 15, 2013 @factgasm you mentioned you are working on a script to work on windows 7 and 8...have you tried using the key combination on the target machine without the ducky? The CTRL-SHIFT ENTER combination works great on WinXP, but I cannot make that key combination produce an admin level prompt on Vista, 7, or 8. maybe I'm missing something...but for Vista, 7, and 8 I have to use something like https://forums.hak5.org/index.php?/topic/30100-payload-faster-uac-bypass/ I am using the command "net session >nul 2>&1" and then "echo %errorlevel%" to check for admin privileges...if the errorlevel is "0" it is admin and anything else is not. Someone correct me if I'm missing something. Smokintbird Quote
MB60893 Posted December 17, 2013 Posted December 17, 2013 (edited) Hmm. I noticed that you were trying to run the CMD terminal from the run dialog box. This won't work with a key combo. You would have to add some sort of powershell script to make it work correctly. For Windows Vista or 7 (not sure about 8) Try just pressing the windows key, then type "cmd.exe", then press ctrl + shift + enter. The UAC dialog will come up, then press alt y for yes. And hey presto, one cmd! If you are trying to do this for windows XP or newer, consider launching notepad and typing this into a file, then saving as a .bat script: Credits to Matt for the great script and explanations (http://stackoverflow.com/questions/7044985/how-can-i-auto-elevate-my-batch-file-so-that-it-requests-from-uac-admin-rights/12264592#12264592) ::::::::::::::::::::::::::::::::::::::::: :: Automatically check & get admin rights ::::::::::::::::::::::::::::::::::::::::: @echo off CLS ECHO. ECHO ============================= ECHO Running Admin shell ECHO ============================= :checkPrivileges NET FILE 1>NUL 2>NUL if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges ) :getPrivileges if '%1'=='ELEV' (shift & goto gotPrivileges) ECHO. ECHO ************************************** ECHO Invoking UAC for Privilege Escalation ECHO ************************************** setlocal DisableDelayedExpansion set "batchPath=%~0" setlocal EnableDelayedExpansion ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs" ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs" "%temp%\OEgetPrivileges.vbs" exit /B :gotPrivileges :::::::::::::::::::::::::::: :START :::::::::::::::::::::::::::: setlocal & pushd . REM Run shell as admin (example) - put here code as you like cmd /k Give that a go and let me know the outcome! Cheers, Edited December 17, 2013 by MB60893 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.