Jump to content

Help! Payloads all lead to CMD prompt death


Recommended Posts

Hello all

Complete n00b here,

Got my ducky today and started fiddling and quickly had the red LED of death issue. I flashed the firmware until i settled on The twin duck c_duck.hex which would be how id like to use the duck.

Now, however, whenever I load an inject.bin and activate it with the button my payload gets held up at a cmd prompt where the payload slowly starts filling in things and eventually gives up. I can duplicate it and post what it says if need be but i thought maybe someone might have had the same problem be able to laugh and point at me and then offer a fix. Im running win7 and my driver for the duck is up to date.

So my thoughts are torn between believing i got a faulty duck, because if i flash to the standard firmware or any of its flavors the device gets red-led-locked, and believing that i am an idiot and did something wrong.. Any help would be very appreciated.

<a href="http://tinypic.com?ref=28ixmpy" target="_blank"><img src="http://i39.tinypic.com/28ixmpy.jpg" border="0" alt="Image and video hosting by TinyPic"></a>

Edited by R3V0L4T0R
Link to comment
Share on other sites

Please only post you question in the proper forum and only once. First we need more info plus the scrip that you converted to the inject.bin so that we can look at it. Second what firmware did you flash and last your pics are not showing properly. We are glad to help you with your new duck but need more info.

Edited by mreidiv
Link to comment
Share on other sites

Im not sure where the correct place to post this question is sorry. I wasn't sure if it was a bug or user error.

It doesnt matter what script I use but for sake of argument let say i used the standard "hello world", open a gui after a delay and whatnot, because I have used several scripts, including that one, from simple to hard, all compiled to inject.bin files online with the ducky toolkit site. Is this my problem? Something with that compiler? Always with the same result.

In the beginning I was having major general red led issues and did my research, got the driver issue resolved and began looking for a firmware update. Any of the standard "inject and execute" firmwares go solid red led, and yes, ive tried different cards throughout the firmware trials as well (the included card, a 2gig Samsung and an 8gig Kingston). This led me to believe maybe i got a bad duck, but..

When i flashed to the c_duck.hex i got some pretty lights again, my device was recognized in win7 as a storage drive and when i push the button things seem to happen...

But its always the same thing and not what the scripts are saying as Ive gone through and executed them myself just to learn cause i like to know stuff..

so what am i doing wrong> other than posting this in the wrong section? Please move it to the appropriate area if need be and Ill ask forgiveness and that you dont crash my stupid box. Im not smart enough to post a picture of the output in the cmd prompt apparently. :/

Link to comment
Share on other sites

Im sorry man Im not trying to be rude at all and i genuinely thought I answered your questions.

You asked me what firmware I flashed and I answered the c_duck.hex i got from the google code site, which i think is the twin duck.

You asked what script I used and I mentioned that I had tried several but here is one ive tried :

DELAY 3000
STRING notepad
STRING Hello World!!!


I enter this into the website Ducky Toolkit encoder found here ----->http://ducktoolkit-411.rhcloud.com/Home.jsp

download the inject bin file

put it on the root of my sc card

put said sc card into the ducky

and insert the ducky into my usb port....where....

it is recognized as a drive (I assume because of the twin duck firmware)...

then when I press the button (again no matter what the script was)

I get this http://i39.tinypic.com/28ixmpy.jpg

it opens a cmd which the script isnt asking for and imputs a bunch of weird stuff..

again im not trying to be rude and I really would like to solve this problem but I dont know how to answer any more than I have. I gave the extra background stuff cause I thought it might be relevant..

Link to comment
Share on other sites

Im assuming you have a binary payload called duck.exe stored on the sdcard labelled "Ducky".

This is what the duck is trying to executed.

Just as a follow up,

I confirmed that the sd card is named "Ducky"

I have placed several different .bin files onto the root of the card and renamed them "duck.exe"

I am still getting the same results..\

Perhaps Im doing something else wrong?

Im still confused about why my duck wont operate in any of the firmwares other than twin duck also.

I hate being new.

Link to comment
Share on other sites

Hi R3V0L4T0R!

Just because you name your SD card doesn't mean that when it is plugged into the duck it won't show up with the name "ducky". Take an android phone, for example. When you put the micro SD into your computer, you can name it "Android Micro SD" for example. When you put the SD card back into the phone, it changes the name of the SD card to Removable Disk, which is really making it look like your SD card is a USB Flash Drive.

What this all boils down to is when you put your duck into the machine with the MicroSD in the duck, check your My Computer (presuming you have Windows) and see what the duck is called. If that works, then you should be all good!

Aside from that, check to see if the syntax (the lines of code that the duck types out) are correct for your specific purpose. Watch the episode of Hak5 (season 15, episode 3, I think,) and see if you can check your code is correct. Send me a message if it works out.


MB60893. :)

Link to comment
Share on other sites

Thanks for the response, Your answer to me is verifying once again that my duck is faulty. I can place it into my win box with the twin duck firmware and the computer recognizes the duck as mass storage and its called DUCKY..

The syntax of the bin files are nothing like what is executing..

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...