russeld Posted December 25, 2013 Posted December 25, 2013 hi , im sorry for noob question. im new to rubber duck. but is it possible i have a .exe payload to convert it as payload to rubber duck Quote
overwraith Posted December 25, 2013 Posted December 25, 2013 (edited) I tried this out before. Takes a while to inject the executable, and compressing the executable is a necessity. Here is the program that I tried out. Will keep an eye out for the resources that I used to figure this out. Somebody actually did this before me which is how I got started with it. https://forums.hak5.org/index.php?/topic/28968-questionpayload-problems-with-hello-world-base-64-to-exe/?hl=%2Bcopy+%2Bcon+%2Bexe You also have to use the right firmware, because some of the firmware has a built in cap. The HID only firmware should work. Here is a couple of VBS files used in the process 'Base64encode.vbs': Option Explicit ' common consts Const TypeBinary = 1 Const ForReading = 1, ForWriting = 2, ForAppending = 8 ' getting file from args (no checks!) Dim arguments, inFile, outFile Set arguments = WScript.Arguments inFile = arguments(0) outFile = arguments(1) Dim inByteArray, base64Encoded, base64Decoded, outByteArray inByteArray = readBytes(inFile) base64Encoded = encodeBase64(inByteArray) Dim myFSO, WriteStuff Set myFSO = CreateObject("Scripting.FileSystemObject") Set WriteStuff = myFSO.OpenTextFile(outFile, ForAppending, True) WriteStuff.WriteLine(base64Encoded) WriteStuff.Close private function readBytes(file) dim inStream ' ADODB stream object used set inStream = WScript.CreateObject("ADODB.Stream") ' open with no arguments makes the stream an empty container inStream.Open inStream.type= TypeBinary inStream.LoadFromFile(file) readBytes = inStream.Read() end function private function encodeBase64(bytes) dim DM, EL Set DM = CreateObject("Microsoft.XMLDOM") ' Create temporary node with Base64 data type Set EL = DM.createElement("tmp") EL.DataType = "bin.base64" ' Set bytes, get encoded String EL.NodeTypedValue = bytes encodeBase64 = EL.Text end function And 'decodebase64.vbs': Option Explicit ' common consts Const TypeBinary = 1 Const ForReading = 1, ForWriting = 2, ForAppending = 8 ' getting file from args (no checks!) Dim arguments, inFile, outFile Set arguments = WScript.Arguments inFile = arguments(0) outFile = arguments(1) Dim base64Encoded, base64Decoded, outByteArray dim objFS dim objTS set objFS = CreateObject("Scripting.FileSystemObject") set objTS = objFS.OpenTextFile(inFile, ForReading) base64Encoded = objTS.ReadAll base64Decoded = decodeBase64(base64Encoded) writeBytes outFile, base64Decoded private function decodeBase64(base64) dim DM, EL Set DM = CreateObject("Microsoft.XMLDOM") ' Create temporary node with Base64 data type Set EL = DM.createElement("tmp") EL.DataType = "bin.base64" ' Set encoded String, get bytes EL.Text = base64 decodeBase64 = EL.NodeTypedValue end function private Sub writeBytes(file, bytes) Dim binaryStream Set binaryStream = CreateObject("ADODB.Stream") binaryStream.Type = TypeBinary 'Open the stream and write binary data binaryStream.Open binaryStream.Write bytes 'Save binary data to disk binaryStream.SaveToFile file, ForWriting End Sub If I remember correctly you have to convert to base64, and then decode on the target system. There was a really old ducky thread that showed how to do this, and I can't find it anymore. Both of these VBS programs accept command line flags. Edited December 25, 2013 by overwraith Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.