Jump to content

Is there a way to store multiple payloads?

Sabri

By Sabri
in Classic USB Rubber Ducky

 Share

Recommended Posts

no42 Newbie

no42

Posted
Posted (edited)

Firmware: Detour/Multi-Duck

m_duck.hex (Detour Duck(formerly Naked Duck))

Based off a request in the forum (Sorry cant remember who asked first?)

I spent many a month trying to work out if payloads could be delivered based on keyboard LEDs, or on push of a Keyboard button that triggers an LED (eg. CAPS_Lock).

This firmware supports multiple-payloads:

  • inject.bin - default payload (will always run first)
  • inject2.bin - NUM_LOCK
  • inject3.bin - CAPS_LOCK
  • inject4.bin - SCROLL_LOCK

Basically, inject.bin will always be triggered on Ducky insertion.

inject2/3/4.bin is triggered by ensuring only Num_Lock/Caps_Lock/Scroll_Lock Keyboard LED is lit, followed by pushing the button on the Ducky.

This projects Firmware was originally nicknamed The Naked Duck / Naked Ducky Edition as the Ducky has to be naked for you to push the button and trigger the 2nd/3rd payload. Version 2 developments, mean the Ducky can now trigger on solely lit LEDs (if multiple LEDs are lit the last LED will take priority)

Intended Purpose

One Ducky; Supporting 2x Operating Systems, Or staged Payloads:

  • inject.bin - default file (simple 1-liner "DELAY 5000")
  • inject2.bin - Windows XP Script/ Payload 2
  • inject3.bin - OSX Script / Payload 3
  • inject4.bin - Windows 7 Script / Payload 4

Multi OS Support

So on Windows Host, ensure Num_Lock is Lit, push the Ducky's button to deliver a Windows-based Payload.

On OSX, ensure Caps_Lock is Lit, push the Ducky's button to deliver an OSX-based Payload.

Multi Payload Support

By default inject.bin triggers on insertion of the Ducky.

You may depending on installed software (e.g. powershell) want to trigger one of two different payloads.

  • Windows 7+ - Use Num_Lock for inject2.bin to utilise powershell
  • Windows XP - Use Caps_Lock for inject3.bin to utilise other windows binaries (eg tftp to download payloads)

Reference: https://code.google.com/p/ducky-decode/wiki/Which_Firmware

Edited by midnitesnake
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...